A Cloud That Patches Your Servers, For Free!

If you aren't already aware, Oracle Cloud can show you how to save money, leveraging the Cloud Advisor tool. This is a great way to reduce your monthly spend, but there is a lot more that the Oracle Cloud can do to help your organization run better. Additionally, it's FedRAMP Approved Technology, so our Government customers can utilize Oracle Cloud, enhanced with the required security features.

To build on the advisor tool and security features, we're excited to introduce OS Management Service (OSMS), a free tool from Oracle that automates OS patching, along a few other tasks. OSMS allows you to centrally manage what packages are available to your systems, as well as apply patches to individual servers, or groups of servers. You can even create your own custom schedule to automatically apply patches on your schedule. OSMS will also report on your systems, identifying what vulnerabilities are there, and what patches are required to resolve them. OSMS can support MS Windows as well as Oracle Linux.

OSMS allows you to group servers, into Managed Instance Groups. A group can be used to patch servers, control what software repositories are available to the systems, or schedule reoccurring jobs.  This allows you to separately manage individual applications, as we as environments like test and production. In the following example, the Managed Instance Group is being used to install all the available updates.

With OSMS, you can drill down to a single host, and show all the software updates that are available. This is all visible in the OS Management option, which is in the Instance details in the resources section. In the following example you can see that the host has 35 security vulnerabilities that have patches available, along with 2 scheduled jobs. A scheduled job can be a one-off patch installation, or a reoccurring job to patch the server. There are also 56 patches that address bugs, and 2 that add additional enhancements.

You can drill down and show all the packages that are available to the OS. This view will also identify known CVEs. CVE stands for Common Vulnerabilities and Exposures, and is the common method used to publicly share and track information on cybersecurity.

The Notice links to the details for the update, with the name reflecting if it is a Security (ELSA), a Bug (ELBA) or Enhancement (ELEA) . You can click on the notice to get more information. This will show all the packages that will be updates replated to the patch set, as well and the ability to see all instances that are affected by the notice.

There is also some reporting available, that allows you to track the counts of systems, systems with security vulnerabilities, systems with available updates and systems that are inactive. This is helpful to identify security trends in your environment.

Finally, using the same cloud agent that enables OSMS, is the ability to see the security scans. OCI Vulnerability Scanning Service (VSS) produces these scans. VSS scans all the systems, and reports on systems by their risk level. You can show all system in a compartment, quickly identifying systems by risk level.

You can drill down into a system with a dashboard that shows a summary of the vulnerabilities and scores them by Critical, High and Medium.  

From the summary, you can drill down to see the specific packages available to that host.

Of course, with the host, can use OSMS to patch the system quickly, securing the system. Don't forget you can also schedule patches to be automatically applied.

Hopefully you have a better understanding of one of the free tools included with an Oracle Cloud subscription. If you haven't made the leap to cloud and are still weighing the pros and cons, let us help you out with a free cloud migration assessment. Contact one of our sales reps to get started today!