Do you know your patch compatibility?

A pending ISA99 technical report defines a standard XML format for automation vendors to publish patch compatibility information.

03/01/2010


Managing dozens of software applications on dozens of servers with supporting software elements, such as browsers, office tools, and virus protection can be an overwhelming task. There are numerous compatibility issues for patches and updates from multiple vendors. On the first Tuesday of every month, Microsoft releases a new set of OS (operating system) and application patches, and automation vendors start testing the supported versions of their software against the patches.

Other vendors also release their patches and updates regularly or as needed. Virus updates may come out several times a week; database patches and updates may be released every few months; automation application patches and updates may be released quarterly. Manufacturing IT staff need to keep track of all these changes and all the compatibility dependencies across all of their applications. For example, your vendor’s HMI may require a specific version and minimum patch level for an OS, your data historian may require a different patch version, and your database may require a different maximum patch level. It can be a fulltime job just collecting the compatibility information from all of your vendors and building a compatibility network.

Managing patch and update compatibility across vendors is difficult, but managing patch and update compatibility within a vendor suite can be even more complicated. Most of the large automation vendors have constructed application suites by buying software companies and collecting the software into a commonly named suite, even if the software doesn’t integrate. It’s not uncommon to hear “… well, that version of the HMI doesn’t work with the latest version of our database” from your vendor’s support staff.

Because of compatibility issues, many organizations will get one application and operating system configuration working and then will not install any new patches or updates. While this strategy minimizes your support effort, it does add a significant amount of risk.

The ISA99 committee on industrial automation security is working on solutions to the problems of patch management in industrial systems. One new work product of the committee is a pending technical report that defines a standard XML format for vendors to publish their patch compatibility information.

Vendors currently publish the information in PDF files, spreadsheets, databases, and Microsoft Word documents. The formats for publication are not common, and it is sometimes difficult, if not impossible, to find detailed information on: what was tested for compatibility; if testing is planned; and the results of the tests (success and failure). The ISA99 patch compatibility format addresses these issues.

Each vendor would provide a set of patch compatibility files for their products. Each file identifies the vendor’s product and version, the patch that was tested, and the test results. Patches are identified by the patch vendor’s name (such as Microsoft, Adobe or Oracle), the patch ID (which in the case of Microsoft is Patch KB-Number), the version of the patch, and the release date of the patch. The test results can specify if the patch applies to the vendor’s product, if a test was performed or is still in progress, and test results.

When vendors provide this information in a common format, it is possible to construct a compatibility network that shows the impact of implementing a patch or update on all of your systems. Vendors that provide this information across their own suite will also reduce their support and service calls.

In patch management, knowing compatibility dependencies helps you make intelligent decisions about what to patch and when to update. Ask your vendors to support the new format and make your job easier.




References

www.isa-99.com

 


Author Information

Dennis Brandl is president of BR&L Consulting in Cary, NC, www.brlconsulting.com . His firm focuses on manufacturing IT. Contact Dennis at dbrandl@brlconsulting.com .




No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me