The PostgreSQL community announced last week that an important security update will be released on April 4, 2013. This release will include a fix for a high-exposure security vulnerability and all users are strongly urged to apply the update as soon as it is available. Knowing how disruptive urgent security updates can be to IT and developers, the PostgreSQL community issued advanced warning in the hopes that it would ease the impact to day-to-day operations while helping as many companies as possible to adopt the update quickly.
As such, we would like to take the time to remind us all how important these security updates are to your business, and how to apply them most efficiently for vFabric Postgres.
The Cost of Missing Security Updates
Maintenance and security software updates are essential in extending application longevity as well as in keeping the confidence of customers who use services based on the application.
When big data disasters hit, the impacts quickly move beyond financial and affect reputation and trust. Databases are a particular area of concern. A recent article titled, “Making Database Security Your No. 1 2013 Resolution,” cited a Verizon study that showed only 10 percent of total security spend goes into database protection, while 92 percent of stolen data comes out of databases.
According to the seventh annual U.S. Cost of a Data Breach report from Ponemon Institute, the cost of an average data breach was $5.5M in 2011 or $194 per record. While $5.5M may not sound like a lot to some companies, losing one million records at a cost of $194 per record adds up.
It is important to keep in mind that an urgent security releases might happen suddenly. When this happens and organizations are not prepared, the deployment cost can be significantly increased. You need to retask resources for maintenance work as fast as possible, interrupting other business. You need to take time to test and deploy the patches—being sure the update has taken effect, even at the OS level. These costs can be reduced with the automatic deployment of maintenance releases, but regardless, when they are unexpected, they still take time, and time is money.
Updating vFabric Postgres for Security
The vFabric Postgres team works closely with PostgreSQL community to ensure that the latest security fixes are quickly and safely deployed to the virtual machines and RPMs used by servers and related tools of vFabric Postgres. The appliance of vFabric Postgres also contains a web interface managing the way updates are made. It is possible to connect to this web interface at the URL below using a simple web browser.
$IP_ADDRESS is the IP of the virtual machine of vFabric Postgres appliance. You can connect to this interface using the appropriate user (default being the user "root" with the password set at installation of the virtual machine).
After you connect, go directly to the tab "Update". There are multiple ways to update the virtual machine appliance. First, you can manually check updates and apply them like in the case below.
This method is good with a limited number of virtual machines. It brings visibility to the operations done and does not need any knowledge about packaging and installation, but this can be particularly painful with a set of ESX servers using dozens of vFabric Postgres machines. So, it is highly recommended to use the automatic update system in a way similar to what is done in the next image.
This approach allows automated deployment of the latest fixes and reduces the cost and time spent performing maintenance activities.
In addition, it is possible to specify the source repository of the updates so all the VMs are synchronized with the same source. But, in order to get all the latest updates at the time of availability, we recommend you use the updates being controlled by the central repository of VMware. This is particularly useful in the case of security updates like the upcoming version 9.2.4 of vFabric Postgres.
Stay tuned for the update announcement, we will be announcing its availability here later this week.
For more information on vFabric Postgres:
- Learn how to scale vPostgres with master-slave clusters
- See how vPostgres fits within the New vFabric Reference Architecture
- Read about the dynamic memory management capabilities of vPostgres on VMs
- Download vPostgres or get more resources and information
|About the Author: Michael Paquier is a member of PostgreSQL technical staff at VMware. He is involved for many years with community development of PostgreSQL and Postgres-XC, and has worked on multi-master database technologies. He has also interest in parallel query processing and concurrent SQL processing.|