Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 29 • 9:00am - 9:40am
XenSecurity Advisories are Full of VENOM - How to Reboot 'The Cloud'

Sign up or log in to save this to your schedule and see who's attending!

Over the past 18 months there have been several security vulnerabilities discovered in the Xen kernel, which powers some of the largest public cloud OpenStack implementations. How do you address a security vulnerability in a timely manner for your customers whilest minimizing the impact as much as possible? What do you do when this happens again 6 months later? On the Rackspace public cloud team we had to tackle this problem. This talk will aim to address how we addressed the first (XSA-108), and what we learned to make subsequent issues (XSA-123, VENOM, etc.) easer to handle. As well as what we are currently working on to make the process even more graceful moving forward.

We used a combination of tools, driven by Ansible, to apply the fixes in a timely manner for our customers. Ultimately this is a simple patch and reboot procedure, however operating at this scale provides unique challenges that have to be accounted for.

Speakers
BB

Benjamin Burdick

Systems Engineer, Rackspace
avatar for Michael  Porras

Michael Porras

Rackspace - Software Developer
Building tools that make running the cloud a little bit easier. 
avatar for Joel Preas

Joel Preas

Public Cloud Systems Engineer
A cog in the machine at the Rackspace public cloud.


Thursday October 29, 2015 9:00am - 9:40am
Aoba

Attendees (34)