Skip to main content

Immutable Deployments

Context

Microservices are being adopted. The microservices are deployed to managed servers.

Problem

  • Manual changes to the infrastructure persist over multiple deployments
    • Attackers can introduce persisting malicious changes

Solution

Make the deployed server immutable, meaning that it can't be changed manually.

We recommend to use containers to decouple from the underlying server since they are immutable by design. Deploy a change by replacing the old container with a new one. This way, maliciously introduced changes to the container won't persist past redeployment.

Maturity

More data required (only 3 sources).

Sources of Evidence

L16:

  • microservices use immutable server pattern using containers
  • after application is put into operation it is not altered anymore
  • emphasized by not providing any user credentials to the container
  • when something has to be changed => replace container with new version
  • if new version is faulty, redeploy old version to replace the new version again
  • not employed in IoT yet

L61:

  • Mentions immutable server pattern in one of ther examined papers (P29)

LN44:

  • immutable deployment: to introduce permanent change to microservice, rebuild and redeploy
  • improves overall system security since malicious changes by attackers are unlikely to persist past redeployment
  • immutability aids security similiarly to how immutability promotes correctness in programming languages