Towards Automated Patch Management in a Hybrid Cloud

Software patching is routinely employed for enterprise online applications to guard against ever-increasing security risks and to keep up with customer requirements. However, in a hybrid cloud setting, where an application deployment can span across diverse cloud environments, patching becomes challenging, especially since application components may be deployed as containers or VMs or bare-metal machines. Further, application tiers may have dependencies, which need to be respected. Worse, to minimize application downtime, selected patches need to be applied in a finite time period. This paper presents an automated patching strategy for hybrid-cloud—deployed applications that leverages a greedy algorithm design to optimally patch applications. Our implementation and evaluation results highlight the efficacy of our strategy and its superiority over alternative patching strategies.