December 02, 2010, 6:00 PM — IBM's research division is working on several virtualization projects that could boost security of cloud computing networks, reduce data center power costs, and improve the ability to run multiple hypervisors and operating systems, including Linux and Windows.
IBM and North Carolina State University this week announced a new "cloud computing patch tool" that updates virtual machines even when they are offline, boosting the efficiency of applying security updates to cloud networks. The tool is four times faster than current patch application systems, the organizations said.
"Current patching systems are designed for computers that are online and they don't work for dormant computers or virtual machines," Peng Ning, professor of computer science at N.C. State, said in a press release. "The tool we developed automatically analyzes the 'script' that dictates how a security patch is installed, and then automatically re-writes the script to make it compatible with an offline system."
Ning and colleagues from N.C. State and IBM describe the research in a report that is titled "Always Up-to-date - Scalable Offline Patching of VM Images in a Compute Cloud," and which will be presented at next week's Annual Computer Security Applications Conference in Austin, Texas.
The paper was first published in March, and IBM and N.C. State have tested the system on IBM's Research Compute Cloud, which provides services to IBM researchers.
Because many of the virtual machines in cloud networks are used infrequently, patches are not always applied in a timely manner, IBM said. "This leaves the VMs vulnerable to cyber-attacks when they are brought back online. The VMs are particularly vulnerable if they have been left dormant for months, and missed significant patches," IBM said.
The cloud patching system is just one of several virtualization research projects underway at IBM, which first started using virtualizaton on its own mainframe systems decades ago.