On cloud services like AWS, am I still able to control all system upgrades?
One of the issues my organization has had with running things in the cloud vs. our own data center is not controlling when major upgrades happen. My industry is very cyclical and there are times where no major changes should occur.
I can tell about some of my cloud providers. I think it's ultimately going to be about who you get your cloud services from.
One cloud provider supplied me with full VMs. I had root access to them and could easily upgrade packages - including the kernel - whenever I wanted. I mostly didn't do so, however, because they'd injected their own monitoring, control, and backup facilities into the system and I was concerned that the would get confused, at a minimum, so I left things like kernel version upgrades strictly to them. They did, however, check with us to schedule major updates when it was most suitable.
In the case of a system running off base+overlay OS's. Stuff like Amazon and OpenStack, you normally would get your core OS as the base image for your VM. So to get a major system upgrade, the most efficient way to do so would be to re-base the underlying image. If your provisioning and elasticity is good enough, you might, in fact, simply create new instances and discard the old ones. Do expect that some work MUST be done underneath you, though, because when you're running a cloud farm, some OS/VM/Container vulnerabilities are so critical that as a cloud provider you simply cannot afford for all users to get around to dealing with the necessary updates themselves. In fact, alas, some of them would never bother to do so to being with - IfItAintBrokeDontFixIt - Hey! why are our client records being marketed online in Bosnia???!!! And major zero-day exploits are likely to be patched ASAP, year-end-processing or no just because the potential rapid spread of infestation is so high.
And the cloud is more than just VMs - you may also simply lease containers or even smaller units, where you're sharing unknown servers potentially with other users.
So there's no simple answer, I think. You'd just have to check with your cloud service providers.
When it comes to destroying a civilization, gas chambers cannot hold a candle to echo chambers.
We don't have time for this. We've gotta save the moon! Or check this out:
global solutions you can do at home or in your backyard