When you make scheduled maintenance announcements, will that not make customers' VMs vulnerable to attacks?

We do anonounce on the website but only for large numbers and do not give specific VM information.  The policies and work-flow for this should be the same for both US and Japan since we are doing the maintenance for both.

We only announce maintenance on the website for large numbers and do not give specific VM information.

For scheduled maintenance windows, we announce to the customer via their registered email address. We also announce on the support, news, and official social media pages of GMO Cloud:

The announcements on the website are when large numbers of customers would be affected. The affected servers are identified by which Zone they are part of. Red, Blue, etc and/or Hypervisor ID. These do not note which IP addresses except by large ranges if that is being changed, removed, or added.

For individual customers or small numbers we do not put this on the website announcement page. But contact via email and/or directly.

On the Security Issue:

Maintenance for large numbers is usually for a whole hyperVisor or more. For this, the HV needs to be rebooted; during which time every virtual machine is unavailable. Those VMs do not get access to the outside world until the HV gets itself booted and ready, then the VMs are booted. Outside access to the VMs are, therefore, also unavailable until then.

A hacker would not be able to tell which VMs are on which HV. The website announcements only gives details that customers can use to identify if their VMs would be affected or not. Customers cannot tell who else is on the same HV either.

We do not use remote maintenance scripts or applications. The systems are all ours and such scripts or apps are never used.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk