Posts Tagged 'Notification'

December 17, 2015

Xen Hypervisor Maintenance - December 2015

Security of your assets on our cloud platform is very important to the SoftLayer team. Last week, our Security Operations Center – which provides real time monitoring of suspicious activity (including being part of multiple security pre-disclosure lists) – alerted our engineering team to a potential vulnerability (advisory CVE-2015-8555 / XSA-165) in the Xen Hypervisor that if left un-remediated could allow a malicious user to access data from another VSI guest sharing the same hardware node and hypervisor instance.

Upon learning of this vulnerability, SoftLayer issued a notification including a per-data center schedule for applying critical maintenance to remediate the vulnerability. Our schedule was performed over multiple days and on a POD-by-POD basis with individual VM instances being offline for minutes while they rebooted. The updates were completed successfully in all data centers in advance of the public announcement of this vulnerability.

While deployment techniques such as clustering and failover across data centers and PODs allows continuous operations during a planned or unplanned event, you should be aware that SoftLayer is committed to working aggressively to further reduce the impact of events on your deployment and operations teams.

We value your business and will continue to take actions that insure your environment is secure and efficient to operate. If you have any questions or concerns, don't hesitate to reach out to SoftLayer support or your direct SoftLayer contacts.

-Sonny

October 1, 2014

Virtual Server Update

Good morning, afternoon, evening, or night, SoftLayer nation.

We want to give you an update and some more information on maintenance taking place right now with SoftLayer public and private node virtual servers.

As the world is becoming aware today, over the past week a security risk associated with Xen was identified by the Xen community and published as Xen Security Advisory 108 (XSA-108).

And as many are aware, Xen plays a role in our delivery of SoftLayer virtual servers.

Eliminating the vulnerability requires updating software on host nodes, and that requires downtime for the virtual servers running on those nodes.

Yeah, that’s not something anyone likes to hear. But customer security is of the utmost importance to us, so not doing it was not an option.

As soon as the risk was identified, our systems engineers and technology partners have been working nonstop to prepare the update.

On Sunday we notified every customer account that would be affected that we would have emergency maintenance in the middle of this week, and updated that notice each day.

And then yesterday we published that the maintenance would begin today at 3pm UTC, with a preliminary order of how the maintenance would roll out across all of our data centers.

We are updating host nodes data center by data center to complete the emergency maintenance as quickly as possible. This approach will minimize disruption for customers with failover infrastructure in multiple data centers.

The maintenance is under way and SoftLayer customers can follow it, live, on our forum at http://sftlyr.com/xs101.

-@SoftLayer

Subscribe to notification