Artificial intelligence, Industry 4.0, big data – just some of the buzzwords we hear every day in relation to intelligent, digitally networked systems. As well as the availability of the overall installations, the issue of security is becoming ever more prominent when it comes to the IT components. Protecting the integrity and confidentiality of the data stored on the IT systems is of particular importance. For this reason it is necessary to protect the system from both unintentional errors and targeted attacks in order to guarantee the reliable and secure operation of the systems.
A dramatic rethink has taken place in this respect over recent years. Where the focus had previously been on isolating the systems within the network and ensuring hardware redundancies (power supply units, hard disks – right through to fully equipped server rooms) in order to limit the probability of failure of the entire system to an economically justifiable degree, it had certainly become clear by the time that Stuxnet arrived on the scene in 2010 that isolating industrial systems did not offer any absolute protection. Phrases such as "IT security" and "software patching" were starting to appear with increasing frequency in corporate IT policies.
SSI SCHAEFER works closely with the customer to examine their individual needs and security requirements. This includes providing updates in a managed form that fits in with the operational demands on the customer's installation. For example, a smooth workflow with as little disruption and downtime as possible can be ensured by agreeing suitable maintenance windows with the customer.
Security patches for proprietary applications and third-party software such as the operating system and database are installed on a development system at SSI SCHAEFER during the current development cycle, integrated into the existing solutions in an agile development cycle, frozen, and then transferred to a suitable test instance during the staging process. Once the tests are complete, this software status is approved and made available for installation as part of new systems and as a source of updates for existing systems. Customers are therefore able to use change requests to specify exactly when they wish to upgrade to a new patch status in line with their own personal requirements.
To keep the maintenance window for updates as short as possible, the IT experts at SSI SCHAEFER are increasingly turning to standardized warm standby systems, which consist of two servers running completely separate operating system installations. Application and database data are synchronized and mirrored between the two servers, meaning that if necessary, there is always an up-to-date system readily available.
This architecture means that operating system updates can be installed on the standby system first, which is then restarted and tested, resulting in zero interruptions to the company's operations. Once the tests are complete, a server switchover lasting a just a few minutes is all that's needed to bring the patched server into live operation. Should any problems arise, the first (unpatched) server stands ready to be returned to service at a moment's notice. Assuming that there were no unforeseen problems during the server switchover, the second server is usually updated to the latest software status as well – again without any interruptions to commercial operations – and is able to take over in the event of any system failures. A large part of important patches can be installed and efficiently enabled in this manner.
Application and database updates are usually associated with extended system downtimes as the internal data structures within the database may be changed. It has therefore become established practice to disable the warm standby cluster and temporarily suspend data mirroring. Once the application and database have been updated and the necessary tests carried out, the new status can be copied over without any further interruptions to the second server – or, in the event that unforeseen issues arise, the old data can be restored in just a few minutes.
The warm standby system developed by SSI SCHAEFER therefore ensures that security patches are rolled out quickly and efficiently with as little business interruption as possible while also providing yet another layer of security for customers in the form of the integrated fallback scenario.
From his previous professional fields, Martin Frischenschlager brings several years of experience in a variety of sectors within the SAP environment, the sector of healthcare and the financial sector to the SSI Schaefer Group. He held management positions in project management and worked successfully as VP or SVP in realization as well as service areas of the IT sector.
Since the beginning of 2018 he is the Vice President in charge of the division IT Business Operations at SSI SCHAEFER. This business division is responsible for a long-term and successful partnership with existing customers in terms of strategic as well as operative areas.