Ikea Patched For Shellshock By Methodically Upgrading All Servers
It took about 2.5 hours to test, deploy and upgrade Ikea’s entire IT infrastructure to defend against Shellshock. Here’s how Ikea did it so quickly
Global retailer Ikea has built its reputation around common-sense Swedish design. In an entertaining session at the Red Hat Summit here, Magnus Glantz, IT manager at Ikea, detailed the flavor of common sense it used to patch for the recent Shellshock vulnerability that impacted Linux systems.
Glantz explained that Ikea has more than 3,500 Red Hat Enterprise Linux (RHEL) servers deployed in Sweden and around the world. With Shellshock, every single one of those servers needed to be patched and updated to limit the risk of exploitation. So how did Ikea patch all those servers?
Consistent approach
Glantz showed a simple one-line Linux command and then jokingly walked away from the podium stating “That’s it, thanks for coming,” as the audience erupted into boisterous applause.
On a more serious note, Glantz said that it took approximately 2.5 hours to test, deploy and upgrade Ikea’s entire IT infrastructure to defend against Shellshock. The key to Ikea’s ability to quickly upgrade all its servers is having a consistent approach to system-management across its infrastructure, he said.
To audience applause and laughter, Glantz visually displayed the system-management approach with a graphic instruction manual that showed the parts in a manner similar to how a typical Ikea furniture assembly pamphlet looks.
“One does not patch random servers,” Glantz said.
Glantz explained that the first step in the assembly of his IT infrastructure is to have a well-defined Standard Operating Environment (SOE). The SOE includes a definition of the hardware platforms used as well as the Linux and application software that is installed. There is also an installation and configuration management layer that helps enforce the SOE across the distributed Ikea IT footprint. Additionally, Glantz has defined a lifecycle-management plan that describes the lifecycle of how Linux will be used at Ikea for the next seven years.
“It’s not enough just to have documents, you have to have systems driving how technology works,” Glantz said.
It’s critical to enforce a system-management process that keeps servers and application software on the latest versions, Glantz said. He warned that if an enterprise doesn’t enforce that mandate, inevitably, the majority of systems will be running older versions and it will be more difficult to scale, manage and patch.
Technology Perspective
Ikea uses the Red Hat Satellite server-management technology to track and manage its Linux servers in a standardized manner.
One of the potential challenges of constantly updating servers is the risk that applications break when new server operating system software is loaded. Glantz, however, isn’t worried and noted that RHEL offers the promise of Application Binary Interface (ABI) compatibility across updates.
As a joking metaphor, Glantz announced the Ikea Binary Interface to explain what ABI really means in real world Ikea product terms. “You buy a PAX wardrobe system and take all your shirts and stuff them inside,” Glantz said. “In a few years, a new version of the PAX wardrobe system comes out, and the neat thing is you can just take your existing shirts from the older PAX wardrobe, move it into the new one and none of your shirts will break.”
Originally published on eWeek.