Q300. What is zero downtime patching?

Answer:

Zero Downtime Patching is a technique of applying system or kernel patches without stopping services or affecting users, usually achieved through rolling updates, load balancing, or live kernel patching.

Zero Downtime Patching (ZDP)

Zero Downtime Patching is a method of applying OS, kernel, or application patches to a system without stopping services and without impacting end users.
The goal is to keep the application available 24×7, even while maintenance is happening in the background.

In simple words:
👉 Users should not feel that patching is happening at all.

Why Zero Downtime Patching is Needed

In real production environments:

• Applications run 24×7

• Downtime causes:

  • Business loss 💰

  • SLA violations

  • Customer dissatisfaction

• Restarting servers for patching is not always acceptable

So organizations prefer Zero or Near-Zero downtime approaches.

Where Zero Downtime Patching is Commonly Used

• Banking & Financial systems

• E-commerce websites

• Telecom applications

• Cloud environments (AWS, Azure, GCP)

• Large enterprise Linux servers

How Zero Downtime Patching Works (Concept)

Zero downtime patching is achieved by avoiding single points of failure and shifting traffic during patching.

Common techniques include:

1. Multiple servers

2. Load balancers

3. Rolling updates

4. Live kernel patching

Methods of Zero Downtime Patching

1️⃣ Rolling Patching (Most Common Method)

• Servers are in a cluster

• Traffic is handled by a load balancer

• One server is patched at a time

Flow:

1. Remove Server-1 from load balancer

2. Apply patches & reboot Server-1

3. Add Server-1 back to load balancer

4. Repeat for Server-2, Server-3, etc.

✅ Application stays online
❌ Individual servers may reboot

2️⃣ Live Kernel Patching (No Reboot)

Used to apply kernel security patches without rebooting.

Examples:

• kpatch (RHEL)

• KernelCare

• Oracle Ksplice

Benefits:

• No reboot required

• No service interruption

• Critical for high-availability systems

⚠️ Limitation:

• Only supports security fixes, not major kernel upgrades

3️⃣ Active–Passive Setup

• One server is Active

• One server is Passive (standby)

Flow:

1. Switch traffic to Passive server

2. Patch Active server

3. Switch traffic back

4. Patch Passive server

Used in:

• Databases

• Legacy applications

4️⃣ Container & Kubernetes Based Patching

• Pods are recreated automatically

• New patched containers replace old ones

• Traffic is shifted automatically

Used in:

• Microservices

• Cloud-native applications

Tools Used for Zero Downtime Patching

• Ansible (automation)

• Red Hat Satellite

• AWS Systems Manager Patch Manager

• Kubernetes Rolling Updates

• Load Balancers (ALB, NLB, HAProxy)

Advantages of Zero Downtime Patching

✅ No service interruption
✅ Better customer experience
✅ Meets SLA requirements
✅ Improved system security
✅ Suitable for production environments

Limitations

❌ More complex setup
❌ Requires multiple servers
❌ Higher infrastructure cost
❌ Not always possible for single-node systems

Real-Time Production Projects

An e-commerce website runs on 3 RHEL servers behind a load balancer.
During patching:

• One server is removed from traffic

• OS patches are applied

• Server is rebooted and tested

• Added back to the load balancer

Users continue shopping without interruption.