Michael Hermann, founder of Omaha Consulting, explains how the technology Omaha works to help users on their browser updates.
While sometimes an annoyance for users, automatic updates are extremely important in today’s IT world. They make it possible to quickly roll out fixes for critical security vulnerabilities. But they also let software vendors have radically more agile – and thus more efficient – development cycles.
On modern platforms, automatic updates are a solved problem. Smartphones automatically download updates from app stores such as Apple’s and Google’s. Also in the web development world, releasing a new version of a website is usually painlessly easy for developers.
In contrast, on more traditional platforms such as laptops or desktop computers, automatic updates are still hard to implement for engineers. While Windows and macOS are able to update themselves, and to a limited extent Microsoft and Apple’s own applications, other software vendors typically have to revert to their own custom solutions.
A good example of this is Google. Because of a lack of good built-in solutions on Windows, Google implemented their own update framework for Chrome. In 2009, Google open sourced this framework under the project name “Omaha”. Because Edge builds on the same foundation as Chrome, also Microsoft now uses Omaha as an update system. With such large corporations using it, Omaha today is installed on hundreds of millions of PCs. Not surprisingly, it is generally considered the best update framework for Windows.
Despite its power and large installation base, surprisingly few people know about Omaha. The rest of this article thus gives you a quick overview of how it works, how you can customize it, or even use it for a project in your own organization. A summary at the bottom then quickly reiterates the most important points.
If you are reading this on a Windows machine, then you can quickly check whether Omaha is installed on your PC by opening the Windows Task Scheduler. If you see “GoogleUpdateTaskMachine” and / or “EdgeUpdateTaskMachine” listed there, then Omaha is running on your system:
Technically, “Google Update” and “Edge Update” are separate forks of the base Omaha implementation. That is, they likely share 99% of the same source code, but also have some custom modifications. A good example of such modifications are Google’s and Microsoft’s brandings in the task names mentioned above.
So how does Omaha work? End users typically install Chrome via its 1MB online installer. This is a binary that sets up the Omaha update client on the user’s system, then instructs it to download and install the latest version of Chrome.
Once installed, Omaha’s default way of operation is to run in the background via the entries we saw in the Windows Task Scheduler above: Every 24 hours, Omaha silently contacts an update server and asks for the latest version. If a newer version than the one currently running on the system is available, then Omaha downloads and installs it.
This highlights an important architectural choice: Unlike other update frameworks, Omaha runs as a separate application, outside the programs it manages. This lets Omaha handle several products. In Google’s case for example, Omaha doesn’t just update Chrome, but also other Google products such as Earth. It also makes it possible for Omaha to run with administrative privileges in the background while Chrome is running without those privileges. This is an important security measure in general, and for browsers in particular.
The protocol used by Omaha is also very clever. When the Omaha update client asks the server “I have version 1.2. Is there an update?” Then the server responds “Yes, there is version 1.3. Use https://…/update.exe to update”. In this interaction, neither the server nor Omaha itself have any knowledge about what’s required to perform the update. The server returns executables which were uploaded by the application developer, and the update client runs them. Keeping information about application specifics out of the update system is the main reason why Omaha is so easily able to manage multiple products.
In addition to silent updates in the background, Omaha also supports on-demand updates. If you go to chrome://settings/help (or edge://settings/help in Edge), then an immediate update check is performed:
The way this works is that Chrome issues COM calls to ask the Omaha update client to check for a new version. Information about the update status (eg. how many percent have been downloaded) are published via the registry.
The registry is generally the central place of communication between Omaha and the applications it manages. Every program that wants to be updated by Omaha needs to create special registry keys. When Omaha runs, it looks at the registry and uses the applications listed there to ask the server for new versions.
Omaha has many more advanced features that are required to support its huge install base. Especially in enterprise environments with restricted IT infrastructures, Omaha gives system administrators the means to tightly control which updates are applied, and to ensure that updates continue to work behind corporate firewalls.
While Omaha was originally written for Windows, Google is now working on extending it for other platforms. The motivation for this is that Google has update systems on other platforms such as macOS, and are looking to consolidate their code bases. This means that Omaha will keep being a foundational technology that runs on most of our laptops and desktop computers.
In summary, automatic updates are indispensable for modern software development. While platforms such as smartphones and the web make it easy for vendors to release new versions, desktop operating systems such as Windows and macOS make it more difficult. Google has implemented an open source framework for Windows called Omaha that powers automatic updates in Chrome and Edge. It is exceptionally powerful, yet surprisingly little-known. Omaha already has an install base in the hundreds of millions. And its future is bright too: Google is working on extending it to platforms other than Windows. As a software that runs on most of our computers, it is definitely a technology knowing about.
Michael is the founder of Omaha Consulting, an agency that helps IT companies implement automatic update systems based on Google Omaha.