For companies working with unsupported end of life (EOL) open source Linux distributions, it’s important to know the inherent risks. Whether that’s in exposure to vulnerabilities, or in less commonly considered costs, ensuring these EOL deployments are fully supported and secure is key.
In this blog, we walk through some of the risks inherent to EOL open source Linux distributions, the benefits of a supported deployment, and the approach OpenLogic uses to ensure their customers are safe and supported after EOL – including details on the new OpenLogic Download Hub for CentOS.
The OpenLogic On-Demand Download Hub provides users with secure, on-demand access to backported patches, bug fixes, and updates. When a patch is needed, users can visit the hub, download a patch, and apply it to their system.
This is made possible via our team of expert enterprise architects, who proactively monitor and update packages to include the latest security fixes.
This improvement to our Extended Long-Term Support offering enables customers to be more proactive with updates, and ensure their EOL Linux distribution is safe and secure from known CVEs.
We’ve covered the changes to CentOS 8 EOL extensively in other blogs, but the abridged version is as follows.
CentOS 8 was initially scheduled for community support EOL in 2029. In December of 2020, Red Hat and CentOS announced that the EOL would be shortened by 8 years, to December of 2021. This came as unwelcome news to many who had migrated to CentOS 8 to ensure they were on a community-supported version until 2029.
So why the uproar? What risks do enterprises inherit with an EOL CentOS or Enterprise Linux deployment? Let’s look at some of the risks inherent to EOL CentOS and Enterprise Linux.
Whether it’s an open source OS like CentOS, or a commercial software offering, all software is deprecated eventually. For software that is deprecated, or at least deprioritized, deployments of that software can become an immediate liability for those deploying them.
This liability grows the longer the software is in EOL, with CVEs going unpatched, and associated libraries and integrations (typically) no longer patched for that EOL software. Compliance, of course, is immediately impacted, with companies needing to ensure they have recognized alternative means of support.
When an open source Linux distribution reaches EOL, it ceases to be patched by the community. This means patches for CVEs, or bug fixes, end. As CVEs are discovered, and remain unpatched, those CVEs become exploitable. Typically, there aren’t a deluge of CVEs on day one of EOL, yet the steady accrual of these unpatched CVEs compounds the risk of an eventual exploit.
For those working on CentOS 8, another complicating factor is the change in approach with CentOS Stream. Given the differences in release cycle between CentOS Linux and CentOS Stream, a CVE patch in CentOS Stream may not be as easy to manually backport as it would be for someone who wanted to backport a patch in a CentOS 7 version to CentOS 6.
For sectors that must follow established security compliance standards, this exposure generally breaches those standards. For enterprises who need to stay on an EOL open source Linux distribution and maintain compliance with security standards, they must maintain an alternative source of patches and support.
EOL open source Linux deployments are also exposed to risk within their associated libraries and integrations. Libraries and integrations are often updated beyond the deployed EOL version, which can mean a few things:
Aside from the new features introduced in new versions, major versions often add performance improvements that encourage adoption by decreasing overhead. In an era of burgeoning cloud costs and increasingly complex applications, ensuring systems are leveraging the latest improvements in performance can be well worth the hassle of upgrading.
Though less of a concern, reliability can also suffer in EOL. EOL open source Linux deployments and their supporting libraries and integrations, unless fully patched and supported, can introduce risks to system reliability.
As an example, a patch for a CVE, or an upgrade to a supporting library or integration, might cause a bug that breaks functionalities within a system.
As mentioned above, something as simple as a patch or library upgrade can mean your developers are immediately shifting their focus and hours to finding and fixing bugs.
In comparison to the time needed to manually backport CVE patches to your EOL version, those hours can seem trivial.
For organizations running unsupported EOL Enterprise Linux, they need to have dedicated resources at their disposal with the required expertise necessary to complete those updates.
For most, self-supporting is not a valid option.
As we recently announced via press release, the OpenLogic team has added new functionality to their Enterprise Linux support offering – specifically around CentOS 6, 7, and 8.
This functionality is designed to enable what we’re calling “On-Demand Enterprise Linux.” On-Demand Enterprise Linux is the ability for OpenLogic Enterprise Linux Support customers to access patches, fixes and kernel updates via a secure repository – at any time.
For those on EOL open source Linux distributions, ensuring they proactively have those backported patches, fixes, and updates available when they need them is key to maintaining safety and compliance. Beyond CVEs, backported bug fixes, and even kernel updates, can mean better performance for the overarching system.
But, as discussed above, the advantages of a supported EOL open source Linux distribution go beyond just patches and bug fixes – they also beget benefits in compliance, costs, performance, and beyond.
As mentioned throughout this article, ensuring your open source Linux deployments are patched and secure is critical. For EOL deployments, having a dependable source of backported patches is a must.
For those working under security compliance standards, ensuring compliance for their Enterprise Linux deployments is the bare minimum.
As discussed above, backporting patches can be time-consuming, and isn’t something most teams are equipped to do without adding additional staff. Commercial support can eliminate the tangible and intangible costs associated with self-support.
OpenLogic Extended Long-Term Support includes patches and bug fixes for EOL Enterprise Linux distributions like CentOS 6, and the soon-to-be EOL CentOS 8. But that’s only part of the value they provide to those running EOL open source Linux distributions.
To complement our on-demand, proactive backported patches for Enterprise Linux, users gain the ability to request custom patches, and get direct access to our team of experienced enterprise architects for technical support and guidance.
OpenLogic also knows that the patches customers need aren’t universal. That’s why, in addition to the Download Hub, OpenLogic offers custom patches upon request.
Have a problem updating your Enterprise Linux deployments? Need guidance on your migration path? Want help finding and fixing a bug caused by an update? Our team of experienced enterprise architects is only a ticket, email, or phone call away.
This direct technical support from experts means faster resolutions, and better outcomes for your systems and teams.
Finally, OpenLogic extends support for EOL Enterprise Linux distributions like CentOS by a full five calendar years past community EOL. For organizations who need more time to plan a migration, this added time can be a lifesaver.
All good things must end eventually, even the OpenLogic Extended Long-Term Support period for your EOL Linux deployment. The good news is that OpenLogic offers a full slate of migration and consultation services that can help make your migration to a new OS a breeze.
Want to learn more about the OpenLogic approach to Enterprise Linux Support? Have questions about the 450+ technologies we support? Need CentOS 8 support? Our experts are standing by to help.
Talk to an Expert
Chief Evangelist - OSS & API Management, Perforce Software
Passionate about technology and open-source software, Javier is Chief Evangelist of OSS and API Management for Perforce Software. He is responsible for technical thought leadership and advocacy for the open-source and API management portfolios.
Javier has been in the application development, open-source, cloud, app security, AI, SaaS, and mobile industries for 20+ years, and has had the opportunity to speak at industry events all over the world. Javier holds an honors degree in Computer Systems and an MBA.