PATCH.works®

Patch management system for self-contained IT systems

IT systems in the armed forces, for example, or other public authorities and organisations with security responsibilities, are frequently operated as closed systems with no Internet access. As with open systems, the software products contained in these “closed” systems require controlled and ongoing updates, especially as regards the virus protection software. Because of the lack of an Internet connection, the update patches provided by the product manufacturers would have to be installed via what is dubbed the “swivel-chair interface” (a manual operator transferring the files between machines). This procedure is time-consuming, resource-heavy and error-prone. It pays little heed to the aspects of automation, standardisation and reducing administrative overheads. PATCH.works® offers the perfect solution for this issue. The PATCH.works® patch management system provides software updates in closed systems without Internet access and enables straightforward integration into the various operational environments via a generic system architecture.

System concept

The PATCH.works® patch management system provides software updates in closed systems without Internet access and enables straightforward integration into the various operational environments via a generic system architecture. The system that is connected to the Internet and receives updates from the product manufacturer’s servers is the master distribution server; after it, separated by a firewall, comes the project distribution server that supplies the computers in the project area. This guarantees absolute separation of the operative system from the Internet as well as additional virus protection – and dispenses with the “swivel-chair interface”.

ifd-newstyle_beispiele_patch-englisch

System properties

PATCH.works® meets the following requirements:

  • Technology-independent and generic solution, consisting of hardware and software
  • Separation into two “halves” for network-flow control or transition to the protected area
  • Automation, standardisation, reduction of administrative overheads
  • Control and management of update approval by administrators

 

The following software products are currently supported by PATCH.works®:

  • Windows operating systems
  • Linux Debian, Redhat (centos) and OpenSUSE
  • Symantec Endpoint Protection virus protection
  • Application software: Acrobat Reader, Adobe Flash, Mozilla Firefox and Java Runtime

 

Patch management in different security domains

If different security domains exist, the project distribution server can be connected to the master distribution server via the SDoT® Security Gateway for example.

ifd-newstyle_beispiele_patch-mit-sdot-englisch

  • Updates are downloaded from master distribution server’s download servers through the SDoT® Security Gateway
  • Separate staging for test and live environment
  • Manual test in the test system, followed by approval for live environment
  • Management via automatic timetable
PATCH.works® Flyer Download