http://www.vassure.com



Similar documents
A Project Summary: VMware ESX Server to Facilitate: Infrastructure Management Services Server Consolidation Storage & Testing with Production Servers

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

Streamlining Patch Testing and Deployment

VMware vcenter Update Manager Administration Guide

APPLICATION OF SERVER VIRTUALIZATION IN PLATFORM TESTING

Information and Communication Technology. Patch Management Policy

Patch Management. Module VMware Inc. All rights reserved

VMware vcenter Update Manager Administration Guide

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

Installing and Administering VMware vsphere Update Manager

VMware and VSS: Application Backup and Recovery

Course 6331A: Deploying and Managing Microsoft System Center Virtual Machine Manager

Course Outline: Course 6331: Deploying and Managing Microsoft System Center Virtual Machine Manager Learning Method: Instructor-led Classroom Learning

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

BEST PRACTICES. Systems Management.

Parallels Virtuozzo Containers

Managing Remote Access

STREAM FRBC

RES ONE Automation 2015 Task Overview

Patch Management Policy

VMware vsphere 5.0 Boot Camp

Outsource IT Services

Taking a Proactive Approach to Linux Server Patch Management Linux server patching

Outline SSS Microsoft Windows Server 2008 Hyper-V Virtualization

VMware vsphere 5.1 Advanced Administration

BEST PRACTICE GUIDE TO SYSTEMS MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

AN OVERVIEW OF VULNERABILITY SCANNERS

Shavlik NetChk Protect 7.1

TOP TEN CONSIDERATIONS

Deploying and Managing Microsoft System Center Virtual Machine Manager

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

Table of Contents. Virtual Server Software Trade Study Architecture Working Group, Systems Administrators Group , Revised

In order to upload a VM you need to have a VM image in one of the following formats:

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Advanced Server Virtualization: Vmware and Microsoft Platforms in the Virtual Data Center

[VADP OVERVIEW FOR NETBACKUP]

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Implementing and Managing Windows Server 2008 Hyper-V

Understanding & Improving Hypervisor Security

Best Practices for VMware ESX Server 2

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

F-Secure Internet Security 2014 Data Transfer Declaration

Directions for VMware Ready Testing for Application Software

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

About the VM-Series Firewall

Proactively Managing Servers with Dell KACE and Open Manage Essentials

Kaspersky Security for Business

KASPERSKY SECURITY FOR BUSINESS

EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter

Application Security. Standard PCI. 26 novembre

ATTACHMENT J WINDOWS PLATFORM

THE TOP 4 CONTROLS.

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER

Thinspace deskcloud. Quick Start Guide

PassTest. Bessere Qualität, bessere Dienstleistungen!

Firewalls and Software Updates

VWVCVIM5.5 VMware vcenter Configuration Manager for Virtual Infrastructure Management [v5.5]

FortiAnalyzer VM (VMware) Install Guide

Deployment Options for Microsoft Hyper-V Server

Overview Customer Login Main Page VM Management Creation... 4 Editing a Virtual Machine... 6

Installing and Configuring vcenter Multi-Hypervisor Manager

LANDESK SOLUTION BRIEF. Patch Management

Solution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware

Microsoft Services Premier Support. Security Services Catalogue

VMware Virtual Machine Protection

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Using Emergency Restore to recover the vcenter Server has the following benefits as compared to the above methods:

Virtual Server Agent v9 with VMware. March 2011

Microsoft Technologies

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

LEARNING SOLUTIONS website milner.com/learning phone

Virtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader

CA ARCserve Family r15

Unlimited Server 24/7/365 Support

Simplify Your Windows Server Migration

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Backup and Recovery of Virtual Servers. John A. Davis Senior Consulting Engineer New Age Technologies

Implementing Security on virtualized network storage environment

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

Virtualization of CBORD Odyssey PCS and Micros 3700 servers. The CBORD Group, Inc. January 13, 2007

Release Version 4.1 The 2X Software Server Based Computing Guide

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

Kaseya 2. User Guide. Version 7.0. English

Acronis Backup & Recovery 10 Server for Windows. Installation Guide

Northwestern University Dell Kace Patch Management

Backup and Recovery in the Virtual Age. Scott Baker and Bahar Shah

How To Prevent Hacker Attacks With Network Behavior Analysis

Course: 8911B: Installation and Deployment in Microsoft Dynamics CRM 4.0

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Virtual Desktop Infrastructure in

The Trivial Cisco IP Phones Compromise

Transcription:

Technical Case Study: Patch Management This is subsequent to Summary of Projects VMware - ESX Server to Facilitate: IMS, Server Consolidation, Storage & Testing with Production Server VAssure Virtualization Labs trrims Offshore-QA BI Portals http://www.vassure.com

PROJECT OVERVIEW The Infrastructure Management Services project is made up of a set of hardware components, SAN and ESX server. Work together to provide IMS services and a system to storage applications. The project also involves testing of the storage application. The production server is built upon VMware ESX server running multiple operating systems. The main advantage of using the ESX server is for the server consolidation. The production server is connected to a SAN for storage management. If any problem occurs in the production server at the OS level, recovery server is used by client; a snapshot of the production server is taken and at virtual machine's lab it tested and modifications are to be done at the operating system level of the production's server. Client s applications are also tested at lab and if any bugs are found, the bugs are reported using Bugzilla. Applying required patches to the guest Linux kernel after successfully debugging and testing them in lab to improve the performance of the production server.

Patch Management: During course of running, if any problem arises at production server or in a testing scenario the snapshot of the server is taken and snapshot is brought into the VAssure- Virtualization Labs (Systems from were System Engineers operate) making a clone of it. To rectify the problems, the required patches are developed in the lab. During the Patch Management, the bugs generated in client s applications will be rectified and the patches will be developed. The developed patches will be debugged and tested repeatedly. These patches will be deployed on the ESX server. After checking the functionality of these patches on the ESX server, the patches will be deployed on the production server. To increase the performance of the Guest operating systems of the ESX server and to provide more features to the client the patches will be developed in the VM lab. The developed new patches will be debugged and the bugs will be cleared in the lab. After rectifying the bugs, the patches will be tested on the ESX server which is present in the VM lab. The patch which gives extra functionality to the kernel will be deployed on the production server. This Document Addresses the Following Topics: 1. What is Patch Management? 2. Life cycle of Patch Management. 3. Types of Patch Management. 4. Benefits of Patch Management. 5. Implementation of Patch Management in IMS.

What is Patch Management? Patch management is a process by which systems in network are secured by applying critical patches and updates, and kept free from vulnerabilities that exist in the Guest OS and software applications. Accurately identifying system vulnerabilities, detecting missing patches, testing them and then deploying patches to eradicate the vulnerabilities is the key to effective patch management. Here the Guest operating systems and software applications are on ESX server. It is imperative that every organization follows patching procedures and keeps systems up to date with the latest patches. Life cycle of Patch Management: The Patch Management Life Cycle consists of 1. Reach 2. Resolve 3. Research 4. Repair 5. Report Any patch management process adopted in an enterprise will have to go through these 5 stages of the life cycle. 1. Reach: Discover and identify the servers and workstations in the network. 2. Resolve: Assess what vulnerabilities in the systems. Analyze what patches are missing and what are installed. 3. Research: Be up-to-date with the latest patch related information from various vendors and other websites. Develop or download patches and run extensive tests to validate the authenticity and accuracy of patches. 4. Repair: Schedule patches download and deployment of missing patches. Control deployment with flexible options like machine reboot. Verify and validate the accuracy and patch installation. 5. Report: View status reports of the different patch management tasks. Monitor patching progress in the enterprise. Types of Patch Management: The clients are working on the production server by remote login to the server. The Guest operating systems installed on the ESX server are Linux and Windows. Types of Patch Managements are. 1. Linux Patch Management: The recently released Linux patches and depending on the client requirement newly developed patches are to be attached to the kernel to fulfill the client requirement and to increase the performance of the operating system.

2. Windows Patch Management: Patch management for Microsoft Windows operating systems and other Microsoft software applications. This Patch Management is to discover and scan for missing Microsoft patches, analyzes the vulnerabilities, downloads and deploys patches and secures the Windows infrastructure in network. Benefits of Patch Management: Incorporating patch management in enterprise is very important. Here are some of the benefits: 1. Ensure that the most appropriate software available is installed. 2. Seal security loopholes in systems that can be exploited by malicious hackers. 3. Reduce system downtime. 4. Limit attacks that target known software vulnerabilities. 5. Be the last line of defense and secure networks from security threats. Implementation of Patch Management in Infrastructure Management Services: To provide the Infrastructure Management Services using latest technologies and procedures to the clients patch management implementation is necessary. To deploy the patches on production server, the snapshot of the production server is taken and a clone of it is made. The cloned Virtual Machine is brought to VM lab. The client s applications are tested using the debugging tools and testing tools like KGB, LCOV and GCOV for Linux and Winrunner, silk test and Load runner for Windows. The test reports are generated using the Testdirector and Bugzilla. For Linux: Create a Patch file for the newly developed patches in VM lab and the upgraded patches. For example, diff Naur -u olddir newdir > new-patch - or - diff Naur -u oldfile newfile >new-patch Make sure while creating a patch file same number of directories levels for both olddir path and newdir path.

Using the patch command: Depending on the current working, use the following patch command patch p0 <new-patch patch p1 <new-patch Other method for calling the patch command using the standard input of patch: cat new-patch patch p0 Levels in the Patch Command (-p0 or -p1?): The -p option will optionally strip off directory levels from the patchfile. For Ex: if you have a patchfile with a header as such: --- old/modules/file +++ new/modules/file Using a -p0 will expect, from your current working directory, to find a subdirectory called "new", then "modules" below that, then the "file" file below that. Using a -p1 will strip off the 1st level from the path and will expect to find (from the current working directory) a directory called "modules", then a file called "file". Patch will ignore the "new" directory mentioned in the header of the patchfile. Using a -p2 will strip of the first two levels from the path. Patch will expect to find "file" in the current working directory. Patch will ignore the "new" and "modules" directories mentioned in the header of the patchfile. In the code, line with neither a plus or minus would indicate that this particular line of code is just a reference point. The + would indicate that this particular line is to be added. The - would indicate that this particular line is to be removed. For Windows: The required and upgraded service packages for the guest operating system windows should be downloaded and installed in the VM lab. The created and down loaded patch should be debugged and tested on the ESX server which is present in the VM lab. After checking the functionality and performance of the patch, it should be deployed on the production server. The selected up gradation patches are downloaded from the internet and stored in a particular location in the server. Then they are pushed to the production server virtual machines remotely using clone of the snapshot. Compiled by: Gopinath.K gopinath.k@vassure.com This paper is not intended to be a definitive implementation guide. Many factors are not addressed in this document. Expertise may be required to solve logistical problems when the system is designed and built. VAssure team has not tested this procedure with all the combinations of hardware and software options available on all VMware products or guest OS variants. There may be significant differences in your configuration that will alter the procedures necessary to accomplish the objectives outlined in this paper.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information