Rackspace is in the process of rebooting a substantial portion of its cloud servers before Oct. 1, most likely to patch a security vulnerability in the Xen open source hypervisor.
Although neither company has released many details as to the reason for the reboots, Amazon too is believed to be patching a Xen security vulnerability.
The reboot process will be done by the vendors, so customers don't have to do anything. But, users should be prepared for their VMs to be shut down, then turned back on.
Rackspace said the reboot is required because of an issue that has the potential to impact its public cloud environment. "While we believe in transparent communication, there are times when we must withhold certain details in order to protect you, our customers. " AWS was equally vague last week, noting that a "timely security and operational update" was the reason for the mass reboot.
It's believed there are security vulnerabilities in the open source code for Xen, which is the hypervisor that both AWS and Rackspace use to create virtual machines. On Oct. 1, Xen project leaders will be releasing details of the security vulnerability, which is why vendors are in a rush to update their servers.
Rackspace says that all of its Standard, Performance 1 and Performance 2 Cloud Servers will be rebooted. The reboots began on Sunday, Sept. 30 and will run through Wednesday Oct. 1. No two regions will be rebooted at the same time.
Neovise cloud analyst Paul Burns says there has been a spectrum of reactions to the news that two of the industry's leading cloud providers are rebooting at least a portion of their servers. On the one hand some users and pundits are surprised by the move and bemoaning that these vendors have to do it. Others have praised the IaaS vendors for addressing a security vulnerability before it is exploited in a major way. With the cloud being a computing environment that is shared by many users all at the same time, vendors have to think about what is in the best interest of the greatest number of customers, Burns says. It's basically a fact of life when using the cloud or other hosted services that the service may go down at some point; users should be prepared for that.
"AWS and Rackspace seem to be doing the right thing," he says. "It doesn't appear they have much of an alternative."
Burns says it's important to keep in mind that this isn't an issue specific to cloud providers. Because the vulnerability is believed to be in the open source Xen code, end users who host their own virtualized infrastructure using Xen may be scrambling as well. Burns says it's difficult to blame AWS, Rackspace and other vendors for vulnerabilities found in open source code. It points to the need for users to protect their services and prepare for downtime and outages when using IaaS clouds.