Windows Updates
To maintain security from newly found vulnerabilities it is important to upgrade the Operating System and other programs installed on the server.
Implementing Updates
If possible the Windows Operating system should be regularly patched, using the Microsoft Windows Server Update Service (WSUS), with the latest verified updates from Microsoft.
We recommend the use of a form of pre-production staging area to test updates. This allows you to verify the installation of a patch and ensure there is a method to revert back to a good point in time should the patch fail or cause a failure to the machine itself.
Due to the nature of SCADA, you may not be able to perform updates live if they require a server reboot or where certain patches are known to conflict with SCADA processes and services. Please check the Geo SCADA Knowledge Base for its compatibility with the latest Windows Updates.
Formulate a "back out" plan
We also recommend that a working “back out” plan is created or in place for the Production or “Live” System. This allows you to restore the system to its original state with the minimum of disruption should any updates have a negative impact on the system.
Use a local WSUS server
You can connect clients and servers to a local WSUS server. This allows you to safely implement tested and approved updates using the domain group policy setting. You can manage the distribution of updates within the network to ensure that the minimum of disruption occurs with. It requires that the BITS (Background Intelligent Transfer Service) and the Windows Update (WUAUSERV) service are correctly enabled.
Check the Geo SCADA Knowledge Base for the status of Geo SCADA Expert compatibility with the latest Windows updates.