We are starting to roll out Kernel updates in order to mitigate the "Meltdown" vulnerability (https://meltdownattack.com
) across the instances hosting Enclave.
In order to optimize for both the security and availability of your resources deployed on Enclave, we will use the following approach:
- We will start by updating Kernels across shared-tenancy (i.e. non-production) stacks. By nature, these stacks are the most vulnerable, so we will proceed with these updates starting now. This will require a short downtime window (on the order of 30 to 45 seconds) for Databases deployed in shared-tenancy stacks, and will happen today. For apps deployed on shared-tenancy stacks, we will perform zero-downtime restarts. There will also be a brief interruption of service for `aptible ssh` sessions.
- We will then update Kernels across the most vulnerable instances on dedicated-tenancy (production) stacks. We'll be restarting apps (here again, with zero downtime) and SFTP databases (here again, with short downtime) across dedicated-tenancy stacks. We'll also need to restart various utility instances in these dedicated stacks (e.g. instances that perform Docker builds, etc.). These instances usually serve multiple purposes, including NAT. This will cause a short window of downtime for outbound network connectivity (however, inbound connections through Endpoints will continue to work).
- Finally, we will schedule restarts across database instances on dedicated-tenancy (production) stacks. These instances are less at-risk than app instances, and replacing them will cause downtime. In order to make it easier for our customers to plan around downtime, we will be reaching out this week via email to inform you of scheduled downtime windows for your production databases. We will do our best to accommodate requests to move downtime windows, when feasible.
Please feel free to reach out to Aptible Support if you have any questions.