DeltaV System Software Update Deployment



Similar documents
Local Patch Management Update Service

Automated Patch Management Service

DeltaV Guardian Support

Plant Messenger Alert Reporting Service

Best Practices for DeltaV Cyber- Security

Windows Operating System Upgrade Kits

Smart Card Two Factor Authentication

DeltaV System Cyber-Security

The Personal Computer for DeltaV Wokstations

Endpoint Security for DeltaV Systems

DeltaV Workstation Operating System Licensing Implications with Backup and Recovery

DeltaV Executive Portal

XLReporter for DeltaV Analyze

DeltaV v11 and v12.3 Supported Computers

DeltaV Event Chronicle

Backup and Recovery FAQs

DeltaV Web Server. DeltaV Web Server. Introduction. DeltaV Product Data Sheet. Gives you a secure view of your process from your desktop PC

Base Station. Base Station. Introduction. DeltaV Product Data Sheet. Adaptable work environment. Scalable to suit your needs. Dedicated functional use

OPC Data Access Server Redundancy

Plantwide Event Historian

DeltaV Remote Client. DeltaV Remote Client. Introduction. DeltaV Product Data Sheet. Remote engineering and operator consoles

How To Secure Your System From Cyber Attacks

Professional Station Software Suite

Backup and Recovery. Backup and Recovery. Introduction. DeltaV Product Data Sheet. Best-in-class offering. Easy-to-use Backup and Recovery solution

Best Practices for DanPac Express Cyber Security

DeltaV Event Chronicle

Backup and Recovery. Backup and Recovery. Introduction. DeltaV Product Data Sheet. Best-in-class offering. Easy-to-use Backup and Recovery solution

How To Access Historical Data From The Deltav Oca History Server On A Pc Hda (Opc Hda) On A Microsoft Computer (Opca) Or Microsoft Microsoft Memory Card (Procedure) On An Ipc

ProfessionalPLUS Station Software Suite

How To Use The Deltav System With A Large Data File System

Maintenance Station Software Suite

Application Station Software Suite

DeltaV System Health Monitoring Networking and Security

DeltaV Virtual Studio

DeltaV OPC.NET Server

DeltaV Analyze. Introduction. DeltaV Distributed Control System. Product Data Sheet

DeltaV Network Time Synchronization

Backup and Recovery. Introduction. Benefits. Best-in-class offering. Easy-to-use Backup and Recovery solution.

Batch Historian. Introduction. Benefits. Configuration-free, batch-based data collection. Reliable data retrieval through data buffering

TECHNICAL VULNERABILITY & PATCH MANAGEMENT

Process Miner (PM) Introduction. Search cross-lot data by product code, order numbers, and data parameters

The Evergreen DeltaV Process Automation System

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

OPC Mirror. OPC Mirror. Introduction. Product Data Sheet. Bi-directional data flow. Easy configuration. Fast data transfer. OPC Data Access compliant

DeltaV Virtualization High Availability and Disaster Recovery

DeltaV Operator Keyboard

OpenEnterprise. Lifecycle Services

Industrial Security for Process Automation

Batch Analytics. Predicts end-of-batch quality. Detects process faults and provides reason for deviation so operations can take action in real time

Smart Operations Management Suite

Lifecycle Services for Syncade Logistics

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

DeltaV Logbooks. Benefits. Introduction. Minimize shift handover risk. Electronically document events, observations, and notes.

Compulink Advantage Online TM

Symantec Endpoint Protection Integration Component 7.5 Release Notes

Symantec Endpoint Protection Small Business Edition Installation and Administration Guide

ProfessionalPLUS Station Software Suite

Windows Small Business Server 2003 Upgrade Best Practices

Cyber Essentials Questionnaire

LESSON Windows Server Administration Fundamentals. Understand Updates

Computer System Security Updates

DeltaV Virtual Studio

Symantec Endpoint Protection Analyzer Report

I. General Database Server Performance Information. Knowledge Base Article. Database Server Performance Best Practices Guide

Operator Station Software Suite

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference

M-series MD Plus Controller

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

Operations Management and the Integrated Manufacturing Facility

Patch management and security. updates SIMATIC. Process Control System PCS 7 Patch management and security updates. Preface 1

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Wireless Remote Video Monitoring

Maintaining, Updating, and Protecting Windows 7

Wireless Remote Video Monitoring

Secure Your Mobile Workplace

Computer Security Maintenance Information and Self-Check Activities

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

IBM Tivoli Provisioning Manager V 7.1

Patch management with GFI LANguard and Microsoft WSUS

How To Protect Your Deltav Controllers From Cyber Attacks

S-series DeviceNet Interface Card

Patch management with GFI LanGuard and Microsoft WSUS

The Electronic Arms Race of Cyber Security 4.2 Lecture 7

avast! Business products 2012

Using Windows Update for Windows XP

Getting Started with Symantec Endpoint Protection

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Managing and Monitoring Windows 7 Performance Lesson 8

KASEYA CLOUD SOLUTION CATALOG 2016 Q1. UPDATED & EFFECTIVE AS OF: February 1, Kaseya Catalog Kaseya Copyright All rights reserved.

Symantec AntiVirus Corporate Edition Patch Update

Endpoint Security Management

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

StorageCraft Technology Corporation Leading the Way to Safer Computing 2009 StorageCraft Technology Corporation. All Rights Reserved.

Need to be PCI DSS compliant and reduce the risk of fraud?

Operating System Security

HP Server Automation Enterprise Edition

Client Manager for Endpoint Protection (CMEP) User s Guide

Transcription:

January 2013 Page 1 DeltaV System Software Update Deployment This brief whitepaper provides a handy index to Emerson documents related to deployment of software updates, along with summary information about software update delivery and deployment services available from Emerson. Timely deployment of security updates and software patches contributes to secure and reliable operations. www.deltav.com

January 2013 Page 2 Table of Contents Index of documents related to Software Update Deployment... 3 Software Update Types... 5 Software Update Deployment Methods... 6 Guardian and the Guardian Software Update Delivery Service... 6 Patch Management Service... 7 Deployment Status Reporting... 7 Figures Figure 1 - KBAs Related to Software Update Deployment... 3 Figure 2 - Guidelines Related to Software Update Deployment... 4 Figure 3 - Whitepapers Related to Software Update Deployment... 4 Figure 4 - Software Update Types, Sources and Direction... 6

January 2013 Page 3 Index of documents related to Software Update Deployment The following Knowledge Base Articles (KBAs) are relevant to the general topic of software update deployment. KBAs are highly technical documents, intended for use by qualified individuals, issued and supported by the Emerson Technical Support organization. KBAs are available via an access-controlled Internet support website for DeltaV systems subscribed to either FOUNDATION Support or Guardian Support Service. Individual KBAs can be furnished for non-subscribed systems via request to the local Emerson service department. Always ensure you have the latest revision of a particular KBA before implementing, since these can be revised on a regular basis. Document Title Synopsis AP-0400-0004 Recommended Antivirus and Installation Procedure for DeltaV Workstations AP-0800-0025 AP-0900-0040 AK-1000-0124 AP-0900-0030 AK-1100-0006 and others for prior years Symantec Endpoint Protection 11.0 Installation Procedure on DeltaV Workstations Using a Batch File to Aid the Installation of Microsoft Security Updates Application Notes for Patch Management Deployment Procedure and Tips for Submitting the DeltaV System Registration File via the Internet Microsoft 2011 Released Security Updates for Use on DeltaV Systems This document provides a compatibility chart, specifying the approved Symantec anti-virus product for each DeltaV / OS version. Known issues are identified. This document provides instructions for installing Symantec s Endpoint Protection Version11 anti-virus product. The procedure is limited in scope to an unmanaged mode of deployment. This document provides instruction for creating a BAT batch file to manually install multiple Microsoft security updates in a single workstation. Essentially an optimized unmanaged mode of deployment for Microsoft security updates. This document provides information regarding the implementation of a managed mode deployment of Microsoft security updates, Symantec antivirus definition files, and DeltaV software updates via the Emerson Patch Management Service. This managed mode solution utilizes Microsoft s Windows Server Update Services (WSUS), Symantec s Endpoint Protection Manager (SEPM), Symantec s Live Update Administrator (LUA), and Emerson s Guardian WSUS Interface (GWI) software, approved for use with DeltaV version 9.3.1 and up. This document provides advice for setting up a secure internet path for the DeltaV system registration utility to automatically deliver an encrypted xml file to Emerson, to maintain fresh system content and version information in Guardian. This document lists the approval status of Microsoft security updates issued during the year for supported versions of DeltaV. It also lists the KBA numbers for previous years. Figure 1 - KBAs Related to Software Update Deployment

January 2013 Page 4 The following guideline documents are relevant to software update deployment. Guideline papers are issued to provide information concerning the practices that should be used for installation and deployment of updates in a DeltaV system that is to be supported by Emerson Process Management. It is important that these guidelines be followed in order for Emerson Process Management to provide technical support for your DeltaV system. Failure to follow these guidelines may compromise our ability to provide timely and complete technical support for your DeltaV digital automation system. Document Title Synopsis P_MS_Patch_Mgt.doc Microsoft Security Bulletin Administration on DeltaV Systems This guideline relates to the testing and deployment of operating system updates, security bulletins and new operating system P_Anti_Virus_on_DeltaV.doc Anti-Virus Scanning in DeltaV Systems service packs. This guideline elates to the testing, support and deployment of anti-virus scanning software. Figure 2 - Guidelines Related to Software Update Deployment The following whitepaper documents are relevant to software update deployment or cyber security. Whitepapers provide general guidance and background information. Whitepapers are available on the DeltaV internet website: http://www2.emersonprocess.com/en-us/brands/deltav/documentation/pages/whitepapers.aspx. Document Title Synopsis WP_DeltaVSystemSecurity.doc DeltaV System This whitepaper outline the system philosophy, Cyber-Security guidelines and rules for providing cyber-security WP_BestPrac_CyberSec.doc CS_DeltaV_Security_Manual.doc Best Practices for Cyber-Security Cyber-Security for DeltaV Digital Automation Systems policy to the DeltaV system. This whitepaper is supplementary and complimentary to the whitepaper DeltaV System Cyber-Security. It addresses keeping a DeltaV system secure from hacker attacks, viruses, worms and other malware and security threats. This document is a guide for process engineers, information technology personnel, operations managers and other plant personnel responsible for developing and maintaining the cyber-security of DeltaV digital automation systems. Figure 3 - Whitepapers Related to Software Update Deployment

January 2013 Page 5 Software Update Types System software updates come in a variety of types with different sources: Update Type Description and Source Rollout Directions DeltaV Hotfixes Hotfixes are made available at Emerson s discretion to address issues in a specific build of DeltaV system software. Hotfixes can either be issue-specific or supplied in a bundle of multiple hotfixes. Each hotfix has a corresponding KBA that explains the issue. KBAs and hotfix executables are obtained from the access-restricted Emerson support websites. Microsoft Security Updates Microsoft Operating System and Application Updates Symantec Anti- Virus Updates Security updates are issued by Microsoft to address cyber-security issues. Typically they are issued in a monthly batch, however especially critical updates can be issued at any time. Emerson determines which security updates are necessary for supported DeltaV / OS version combinations and tests them for compatibility. Approved updates can be downloaded from the access-restricted Emerson support websites, or from the Microsoft Knowledgebase website. Microsoft issues updates for reasons other than cyber security. In general, Microsoft non-security updates are not approved for use with the DeltaV system, other than to address a DeltaV software issue. An example exception is the Microsoft OS update to accommodate the 2007 change in US daylight savings time. Microsoft non-security updates are approved for use by way of an issue-specific KBA. Symantec frequently issues updates to their virus/worm pattern files, sometimes with multiple updates the same day. These updates can also include minor updates to the anti-virus engine (application) itself to adapt to the latest cyber threats. The updates are cumulative, meaning that each update encompasses all of the latest anti-virus patterns and minor engine updates. These updates have historically had no impact to DeltaV system compatibility and are considered acceptable for use as received from Symantec. Concurrent with the monthly compatibility check of Microsoft Security updates, Emerson checks the latest available Symantec virus definition file for DeltaV compatibility. Users are encouraged to install hotfixes proactively for maximum system robustness. Install them per individual KBA instructions. Only install security updates that have been approved for use by Emerson, at the earliest opportunity following approval. Special instructions if any are provided in the KBA listing of approved updates. It is recommended to stagger the installation, updating a small number of computers ahead of the majority. Refer to the Guideline Microsoft Security Bulletin Administration on DeltaV Systems for more information. Never install Microsoft OS or application non-security updates unless specifically directed by a KBA. Follow KBA instructions for installation. Customer may elect to install anti-virus updates as received in real-time from Symantec or only apply the ones that Emerson has checked each month. It is recommended to stagger the installation, updating a small number of computers ahead of the majority. Refer to the Guideline Anti- Virus Scanning in DeltaV Systems for more information.

January 2013 Page 6 Symantec Anti- Virus Application Updates (AKA Virus Engine Updates) DDL/EDDL Update New releases of Symantec Anti-Virus scanning products are tested for DeltaV compatibility by Emerson, with new approved versions documented via KBA. Updated Device and Extended Device Definition Language Files are issued by the device manufacturer. Conceptually similar to a PC printer driver, they provide the DeltaV system with essential details for properly interfacing with the device. Device manufacturers supply the updates. Emerson tests many but not all DDL/EDDL updates for compatibility. Only use approved versions of Symantec anti-virus products, identified in KBA AP-0400-0004. Install them per KBA AP- 0400-0004. Refer to the Guideline Anti- Virus Scanning in DeltaV Systems for more information. Install as needed. For best results only install updates that have been compatibility tested by Emerson. Install them per instructions in DeltaV Books on Line. Figure 4 - Software Update Types, Sources and Direction Software Update Deployment Methods In general there are two software deployment methods, Managed and Unmanaged. In a Managed Mode a Management Server is employed to automatically transfer needed software updates to individual workstations. Once the updates are received by the workstation, they are either automatically installed or alternately saved to wait for a user-directed install command which might be given at the client workstation or remotely from the Management Server. In an Unmanaged Mode, software updates are installed at each individual workstation, manually invoked by an individual physically present at the workstation. Simply stated, it is the manual method. However, it is often the best method for DeltaV systems with a small number of workstations. The unmanaged mode is the default recommended method for deploying software updates to a DeltaV system and is the only choice for DeltaV system set up as a workgroup (vs. a domain). Guardian and the Guardian Software Update Delivery Service DeltaV customers are encouraged to subscribe to Guardian Support, a service from Emerson that provides technical support, DeltaV system software updates including hotfixes, and access to a restricted support website that presents technical information tailored to each individual DeltaV system installation. One of Guardian s features is a software update delivery service that transmits software update files and accompanying installation instructions (KBAs), for unmanaged mode deployment, on demand or according to a schedule, targeted to the particular customer system. For more information reference: The Emerson Guardian Support Service Datasheet: http://www2.emersonprocess.com/en- US/brands/sureservice/availabilityservices/guardiansupportservice/Pages/GuardianSupportService.aspx

January 2013 Page 7 Patch Management Service In 2009 Emerson introduced a DeltaV Patch Management Service, to assist customers with the design, deployment and support of a managed mode delivery solution for Microsoft security updates and Symantec antivirus pattern files for DeltaV V9.3 or higher systems. The solution integrates the capabilities of Microsoft s Windows Server Update Service (WSUS), Symantec s End Point Protection Manager and Emerson s Guardian Software Update Delivery Service. When enrolled in Patch Management Service, the Guardian software update delivery service transmits a file containing the latest list of approved and disapproved Microsoft security updates for a specific DeltaV system, in a format that is compatible with WSUS. The file is updated and transmitted whenever Emerson completes the compatibility testing of a security update relevant to the DeltaV system. With the help of a WSUS API interface provided with the Patch Management Service, WSUS approval/disapproval transactions are automated, such that security update deployment can be automatically initiated in a managed mode triggered by the Emerson completion of compatibility testing. For more information reference these documents: The Emerson Patch Management Service Datasheet: http://www2.emersonprocess.com/en- US/brands/sureservice/availabilityservices/PatchManagementServices/Pages/PatchManagementServices.aspx The KBA AK-1000-0124 Application Notes for Patch Management Deployment Deployment Status Reporting To support unmanaged mode deployment, the Guardian website provides an automated comparison of installed vs. approved security updates, based on timely submissions of a DeltaV system registration files. Complete details are described in the Guardian Users Manual available on the Guardian Website. If not on Guardian Support, the customer should regularly compare installed updates to the KBA listing of approved updates. Deployment status reporting is automated in a managed mode deployment. Methods for comparing approved vs. installed updates are covered in detail as part of the Patch Management Service.

January 2013 Page 8 This page intentionally left blank. To locate a sales office near you, visit our website at: www.emersonprocess.com/deltav Or call us at: Asia Pacific: 65.6777.8211 Europe, Middle East: 41.41.768.6111 North America, Latin America: +1 800.833.8314 or +1 512.832.3774 For large power, water, and wastewater applications contact Power and Water Solutions at: www.emersonprocess-powerwater.com Or call us at: Asia Pacific: 65.6777.8211 Europe, Middle East, Africa: 48.22.630.2443 North America, Latin America: +1 412.963.4000 Emerson Process Management 2013. All rights reserved. For Emerson Process Management trademarks and service marks, go to: http://www.emersonprocess.com/home/news/resources/marks.pdf. The contents of this publication are presented for informational purposes only, and while every effort has been made to ensure their accuracy, they are not to be construed as warrantees or guarantees, express or implied, regarding the products or services described herein or their use or applicability. All sales are governed by our terms and conditions, which are available on request. We reserve the right to modify or improve the design or specification of such products at any time without notice. www.deltav.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information