HIVE The NexaVM Community NexaVM HIVE Community
    • Categories
    • Tags
    • Recent
    • Register
    • Login

    Frequently asked questions.

    Scheduled Pinned Locked Moved Blogs
    1 Posts 1 Posters 8 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jackundefined Offline
      jack
      last edited by

      Storage efficiency visibility
      Storage efficiency–related information (such as capacity usage and logical/physical storage statistics) is available in the nSSV Data Storage view and the Storage Management page. These views are mainly used for operational monitoring and capacity management.

      Security vulnerabilities and patch timeline
      For vulnerabilities identified through VAPT, NexaVM follows a structured security response process.
      For high or critical issues, a mitigation solution or temporary hotfix is typically provided within 10 business days, depending on severity and impact.
      A permanent fix will be delivered in the next scheduled release.

      Upgrade and release cycle
      NexaVM supports online upgrade with rolling upgrade mechanisms, including phased (gradual) upgrade scenarios.
      For a three-node cluster, upgrades can be performed in a rolling manner to minimize service interruption.
      The standard release cycle is approximately every 6months.

      NexaVM Host OS and Kernel Strategy

      1. Base Operating System and Kernel Baseline
        NexaVM Host OS is built on Rocky Linux 8.The kernel is based on the Linux 4.18.0 LTS branch and is maintained as a NexaVM-managed kernel, rather than directly tracking the upstream community mainline kernel.
        This kernel serves as a stable long-term baseline for the NexaVM virtualization platform intentionally. This approach significantly reduces operational and integration risks in production environments.

      2. Kernel Version vs. Kernel Capabilities
        While the kernel reports a major version of 4.18.0, the kernel content is continuously maintained and enhanced.
        Relevant updates are selectively backported into the NexaVM kernel branch, including:

      Security fixes and CVE mitigations
      Stability and reliability improvements
      Virtualization-related enhancements
      Hardware enablement and compatibility updates

      As a result, kernel functionality and security evolve continuously without changing the kernel major version.

      Kernel security posture is therefore not determined by the kernel version number, but by the applied patch set. It is 100% managed by NexaVM R&D Team on daily basis. The functionality and security patches are already aligned with the latest Rocky Linux.

      1. Rationale for Maintaining a Stable Kernel Baseline
        Maintaining a stable kernel version provides clear advantages in enterprise production environments.
        Driver stability
        Kernel-dependent drivers do not require frequent replacement or revalidation due to kernel major version changes, ensuring long-term system stability.
        Third-party ecosystem compatibility
        Integrated third-party products and drivers do not need repeated re-adaptation or re-certification caused by kernel version churn.

      This strategy significantly reduces operational risk, regression exposure, and integration overhead in production deployments.

      1. Kernel and System Update Policy
        Kernel and system component updates are driven by actual requirements, not by fixed version upgrades.
        Updates are applied when needed for:

      Security vulnerabilities (CVE fixes and mitigations)
      Functional dependencies of virtualization features
      New hardware support (CPU, storage, networking, accelerator devices)
      Stability, reliability, and performance optimizations

      1. Security Maintenance
        NexaVM continuously monitors security advisories from the Linux community and enterprise distributions.
        Relevant security patches are backported and integrated into the existing 4.18.0 kernel branch, ensuring that the platform remains secure without introducing unnecessary kernel major version changes.
        Vulnerability Monitoring and Patch Management
        NexaVM continuously tracks:

      Linux kernel security advisories
      CVEs disclosed by upstream communities and enterprise distributions

      Relevant patches are reviewed, validated, and backported into the NexaVM kernel branch when applicable.
      Security updates are applied based on risk severity and platform relevance, rather than version churn.

      1. Kernel Versioning Policy
        NexaVM uses an independent kernel versioning scheme that is not strictly aligned with upstream community kernel version numbers.
        This approach allows NexaVM to maintain precise control over:

      Compatibility guarantees
      Regression risk management
      Platform lifecycle and long-term support

      Kernel version number does not reflect kernel capability. NexaVM prioritizes stability, security, and ecosystem compatibility over version churn.

      1. Kernel Evolution and Lifecycle Planning
        The current kernel branch is maintained within a long-term support window.
        A major kernel upgrade is typically evaluated and planned approximately every two years, based on:

      Hardware ecosystem maturity
      Virtualization stack compatibility
      Customer upgrade impact and risk assessment

      Summary
      NexaVM ensures kernel security through active vulnerability monitoring, controlled backporting, and risk-based updates, rather than frequent kernel major version changes.
      This approach significantly reduces operational and integration risks in production environments.

      1 Reply Last reply Reply Quote
      • nexusundefined nexus marked this topic as a regular topic
      • 1 / 1
      • First post
        Last post