Understand OS lifecycle phases and mitigate security risks after an operating system reaches End of Life (EOL).
OS lifecycle phases
After release, an operating system goes through the following phases based on vendor support:
-
Mainstream Support (MS) phase: The vendor provides full support, including updates, vulnerability fixes, and technical support. This phase typically lasts until the product is no longer sold.
-
Extended Life Support (ELS) phase: Availability depends on the OS and market demand. The vendor provides limited support, typically restricted to critical security updates and vulnerability fixes. No new features are added. Support is usually paid or limited to specific customers.
-
EOL phase: The vendor stops all support, including security updates and technical support. This marks the official retirement of the OS.
Why operating systems have lifecycles
Technological advancement and evolving security threats drive OS lifecycles. Older OS versions may not fully use the latest hardware, and maintaining them is costly for vendors. Clear lifecycles encourage users to upgrade to newer versions for better performance and security.
Business impacts of each phase
MS phase
The vendor provides full support, including updates, vulnerability fixes, and technical support. Apply vendor-released patches promptly to maintain OS-layer security and stability.
OS-layer security is fundamental, but you must also ensure security and reliability at the software architecture and business logic layers.
ELS phase
During the ELS phase, the vendor still provides some security updates and technical support. However, compared with the MS phase, the following risks exist:
-
Limited security updates: Fewer patches are released less frequently, reducing the system's defense against the latest threats.
-
Stagnation of feature updates: New feature development stops. Support is limited to maintaining existing features and fixing critical errors.
-
Increased costs: Additional support services may require extra fees, especially for commercial operating systems.
-
Migration pressure: As ELS nears its end, organizations face increasing pressure to migrate to a newer OS version, which requires significant time and resources.
Although ELS provides buffer time, EOL risks are unavoidable. Plan and migrate to a supported OS version promptly. Strengthening existing security measures can also help mitigate the impact of losing official support.
EOL phase
After the OS of an ECS instance reaches EOL, the vendor stops providing support for new software, new hardware, error fixes, and security fixes. Running an EOL OS on an ECS instance causes the following problems:
-
Security issues: No security updates or patches, making the system vulnerable to attacks.
-
Compatibility issues: May be incompatible with new hardware or software, causing crashes or unexpected behavior.
-
Compliance issues: Using an EOL OS may violate security and compliance standards required by certain countries, industries, or organizations.
-
Reliability issues: Unpatched errors may cause system instability, data loss, or file corruption, affecting business operations and data integrity.
-
Maintenance costs: Without technical support, you must spend more time and money to maintain the system.
EOL solutions
Event response and risk assessment
Respond to OS EOL events based on your business situation. If the affected service is about to go offline, you can ignore the event. For new services, do not use an EOL OS image to create ECS instances. Choose an OS in its MS phase that is compatible with your services. For existing services, choose a short-term transition plan or a long-term solution as needed.
Short-term transition plan: Subscribe to ELS
Extended support is a short-term compromise from vendors who consider migration difficulties. It reduces the vendor's investment in that version and guides users to upgrade. If you cannot switch to a newer OS soon, subscribe to extended support from the original vendor or a third party to receive updates and fixes during the transition.
Not all operating systems offer ELS, and subscribing to ELS is not always optimal. Evaluate whether to subscribe based on your services deployed on ECS instances, or upgrade the OS directly for long-term stability.
Long-term solution: OS migration and upgrade
ELS only relieves upgrade pressure in the short term. In the long term, replace or upgrade your OS to one in its MS phase. The implementation process has five phases. For data backup, compatibility verification, and acceptance and optimization, design your own plans based on your business architecture. The remaining phases are described below.
|
Phase |
Key operation points |
|
Planning and assessment |
Assess business compatibility, technical requirements, and limitations. Define a migration plan and downtime window. |
|
Data backup |
Create system disk snapshots and verify backup availability. |
|
Compatibility verification |
Test the compatibility of business programs and dependency libraries with the new operating system version. |
|
Migration implementation |
Select a migration solution based on your business architecture and ensure system stability during migration. |
|
Acceptance and optimization |
Verify system features, monitor performance metrics, and complete configuration tuning. |
Migration solutions
Alibaba Cloud provides three migration solutions:
Solution 1: Redeploy the environment (new instances)
Create new ECS instances to replace the original environment.
-
For container clusters, perform a rolling replacement to gradually replace nodes without service interruption.
-
For ECS environments, plan a downtime window depending on whether your architecture has primary/secondary backup. If legacy instances can be released as your business iterates, select an MS-phase OS when creating new instances.
Solution 2: Replace the system disk
Replace the system disk of the ECS instance. The instance restarts during replacement and cannot provide services.
Solution 3: In-place upgrade or transformation
Upgrade or transform the OS within the instance without changing the system disk. For example, upgrade from Alibaba Cloud Linux 2 to Alibaba Cloud Linux 3, or transform from CentOS 7 to Alibaba Cloud Linux 3. The instance restarts during this process and cannot provide services.