Nov 08, 2017
Image Based Updates Increase Security, Streamline Upgrades
As you are well aware, maintaining a server remotely when you don’t know exactly what’s installed on it is a real challenge. Now picture doing that for 150,000+ devices worldwide. Datto recently updated over 95% of active devices to Ubuntu 16.04 from 12.04, which is no longer supported by Canonical. During that process, we developed a new technology that will streamline updates going forward.
“Datto’s technology stack is extremely complex, so we wanted to be able to push a single firmware image for updates,” said Austin McChord, CEO, during his keynote address at DattoCon London last week. “When our BDRs leave the factory, they’re identical. But, once a device is installed in the field and changes are made, things diverge. So, we had to account for hundreds of thousands of different potential configurations when we made updates to devices.”
Image Based Updates were designed to eliminate this challenge by creating consistency across the entire fleet of active Datto devices. There is no longer a need for us to code for extraneous software when making updates. This makes devices more secure, because we can easily address issues discovered in regular pen testing conducted by Datto and the wider Linux community. Additionally, Image Based Updates allow us to deploy an entire firmware image to a device with limited impact on device performance. So, an upgrade such as moving to the next long-term support version of Ubuntu can be performed without the risk of a partial or incomplete update. “It was a huge technology move under the hood to make this happen,” said McChord. “But, at the end of the day it allows Datto to deliver innovation faster, and we can ensure that security is tighter, perform deeper QA, and ultimately build more reliable products.”
Here’s how Image Based Updates work:
An update is pushed to the device.
The device recognizes that an update is underway.
The update runs in the background while normal operations continue.
When the entire download is complete, the update is applied over the existing firmware image.
Changes are finalized on reboot.
Datto Partners can choose the frequency of updates they receive. If they always want to be on the bleeding edge of every update we release, that’s an option. If not, they can opt to receive monthly updates and critical security patches. Ultimately, Image Based Updates are all about consistency. “Having consistency across the fleet lowers TCO of our devices,” said McChord. “It allows partners to manage more devices per technician and increase margins.”