Hi Alexander,
As you point out the attack surface of the VRs have been minimised and the
system VMs overall hardened.
You have two issues with updating the software on the VRs – an update has the
potential to break VR services (or agent services on SSVM/CPVM) as you already
mentioned, in addition any updates will obviously be lost the next time you
restart a network with cleanup. You would also need to somehow automate the
updates on new VRs.
In general I would think most CloudStack users will wait for new system VM
templates to be released – but interested in hearing other thoughts on this.
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 04/10/2017, 15:35, "Stock, Alexander" <alexander.st...@bitgroup.de> wrote:
Hi all,
at the moment we try to improve our monitoring of the virtual routers in
our environment.
For this we also monitor the update status of the machines and could see
that there are some updates pending (OS Updates not Template Updates) .
So what would like to know is if you have some experience in pathing the
virtual routers and if you have an update strategy for this (redundant
router,etc..).
I am in worry that some updates could crash the services which are
responsible for communication with the cloudstack controller.
I am also not sure if the attack surface is too small to don't worry about
patching.
Any ideas or comments are welcome.
Thank you.
Alexander
dag.sonst...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
