AWS readies for major reboot
- 26 September, 2014 01:57
Amazon Web Services will be updating a substantial number of its Cloud servers, and has asked customers to re-launch their instances in the coming days, according to AWS consultants.
Amazon has not said why the reboot is happening, but AWS watchers believe it is to patch a security issue. The company will be updating many of its servers between Thursday, September 25, at 10pm US ET and Tuesday, September 30, at 7:59pm US ET, according to Amazon partner and Cloud consultancy, RightScale.
+ Also on NetworkWorld:Mapping the cloud: Where does the public cloud really live? +
On Wednesday evening AWS sent out a notice to at least a portion of its customers notifying them of "required host maintenance," according to an email an AWS user sent to Network World. The notice to customers does not explain why the reboot is necessary, but RightScale officials believe it is to patch a security bug in the Xen hypervisor.
Customers should be notified via email if action is required, or their AWS Console will notify them of virtual machine instances that should be updated, RigthtScale officials say. According to a blog post alerting customers of the reboot, RigthScale says the patches will impact all of Amazon's regions and Availability Zones, and will affect many of the company's virtual machine instances types. Instance types not impacted are the T1, T2, M2, R3 and HS1 instances, which would leave the C3, M3, G2 and I2 subject to patching. Amazon has not said that all instances of those affected instance types will be impacted though.
RightScale says that AWS will be updating their instances during the coming days. Once a customer's zone and region has been updated, then users should re-launch their services to run on newly updated machines.
Reboots and updates of cloud services are not unprecedented, but one of this scale is unusual. AWS issues many behind-the-scenes updates and patches to its cloud regularly. Every so often the company requires an instance reboot or a system-wide reboot, as AWS mentions here. This appears to be one of the larger reboots of its service that requires customer action since 2011.
RightScale says that the best resource for customers is the AWS Console, which is the main landing page for users to monitor their AWS usage. RightScale says that AWS will be rolling out the patch across various regions and availability zones (AZs) individually. Once the AZ has been updated, customers are advised to re-launch their virtual machines on to a patched instance. In the "events" page of the Console, customers can view their impacted instances.
The Console will alert users as to when new updated patches are available for the zones where their instances live. RightScale encourages users to update their VMs as soon as possible once the patches are complete for their AZ. RightScale warns customers that if they update their VMs before the patch is completed by AWS for that zone then there is no guarantee they will be on an updated and patched machine.
RightScale founder and CTO, Thorsten Von Eicken, says it seems clear AWS is patching a critical security update. "As usual, AWS is totally tight-lipped about the underlying cause. It seems obvious that the company is patching a security vulnerability, but it will not disclose which one until October 1 -- that is, after they have patched all hosts."
An AWS official responded to a commenter in the company's Forum page apologizing for the impact and short notice, but saying that its actions involve "very timely security and operational patches."
AWS has instructions here on how to reboot instances. In the EC2 console there is a tab named "Instances" -- from there, navigate to "actions" and click "reboot." AWS says when an instance is rebooted, it remains on the same physical host and keeps its public DNS name, private IP address, and any data on its instance store volumes. It does not start a new billing cycle.
AWS has not yet formally issued a broader public statement than sending notifications to its customers. AWS officials did not immediately respond to questions about the issue.