New Update Mullvad VPN completes migration to disk-less VPN infrastructure

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,123
VPN provider Mullvad announced today that it has completed the migration to a disk-less VPN infrastructure. The migration to servers that operate fully in RAM strengthens user privacy further and it also improves reliability and management of VPN servers.

Mullvad started the migration in early 2022 with two test WireGuard servers. The company created a special bootloader, stboot, for the purpose and continues to use a custom Linux kernel that is a heavily slimmed down version of the mainline branch.

The server itself has a size of less than 200 megabytes before deployment, according to Mullvad. The company had four major goals when it announced the move to a disk-less VPN infrastructure:
  • If a computer that runs a VPN server is moved, confiscated or powered off, no data can be retrieved.
  • Minimize the risk of storing logs that may reveal information at a later point.
  • Removing disks from systems makes the servers less prone to hardware failures due to fewer breakable parts.
  • Setting up and upgrading servers and packages is faster and easier.
The disk-less servers use provisioning servers to download the operating system and boot from it. Mullvad states that the provisioning servers host just the signed disk images and "some base configuration data".

When a VPN server boots, it launches the bootloader stboot, which is configured to download and verify the OS package from the provisioning server. The operating system will be booted only in RAM if the downloaded image passes verification. The server "waits" then for staff members to provision and deploy it for customer user.
 

Jonny Quest

Level 16
Verified
Top Poster
Well-known
Mar 2, 2023
760
It appears that Mullvad is pretty good at letting us know when there is an update with a yellow app, system tray notification. It's now on 2023.6

Mulvad update 2023.6.jpg
 

rooney49

Level 1
Jun 14, 2023
11
How I know, even Windscribe is on disk-less infra. Do not see an official update on their blog, but I have seen updates from their staff on Reddit regarding the same.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top