An internal security audit discovered that some of the SIMATIC PCS 7 clients had outdated patch levels dating back more than two years, which posed a significant security risk. During a short maintenance window, which only opens a maximum of twice a year, all SIMATIC PCS 7 clients were now to be patched. Often, the previously applied patch process, in which clients were updated remotely via Windows Server Update Services (WSUS), resulted in necessary reboots. In addition, there was no way to automate the patch process. After evaluating three different patch management solutions, the team finally chose ondeso SR.
Of particular importance was the fact that ondeso SR, as an official Product Partner for SIMATIC Automation Systems, is so far the only patch management tool approved by Siemens. With a specially developed ondeso SR connector for SIMATIC PCS 7, Microsoft Update Management can be automated within SIMATIC PCS 7 infrastructures.
Sector
Biotechnology
Requirements
Patching of Siemens SIMATIC PCS 7 clients within a short maintenance window
Solution
Automated patch process via ondeso SR connector for SIMATIC PCS 7 taking into account groups within security cells
Client Management Software for OT
In OT environments, there are many industrial PCs. Discover how you can securely and reliably manage these clients with ondeso SR.
The number of clients to be patched was already known and comprised about 50 clients per security cell. After all requirements and solution paths were coordinated in close cooperation with the automation team, our ondeso consultants from the Professional Services team created independent workflows, so-called „Operations“, with ondeso SR.
First, the prerequisites of the client were checked, for example, whether sufficient hard disk space was available. In the second step, the project running on the client was stopped, before the client‘s system was patched in the third step. The redundant server pairs were also patched automatically, since with ondeso SR it is possible to query the redundancy status of the servers directly via an interface to the SIMATIC Management Console.
Our customer had also defined groups within a security cell, which were also taken into account in the execution of the patch process. The patch process was started only once per security cell during the maintenance window, after which it was processed fully automatically. This meant that our customer was now able to patch all SIMATIC PCS 7 clients automatically within the defined time.
Results That Impress
100 %
automated
Processing
82 %
faster
Overall Process
Blueprint for
future Patch Operations
or Plants
By using ondeso SR, the biotechnology company was able to significantly increase the security level of the SIMATIC PCS 7 clients. The patch process became less error-prone and ran about 82% faster. „With a single click, our customer is now able to patch through an entire security cell automatically,“ says ondeso OT consultant Andreas Decker.
„Patch management for SIMATIC PCS 7 clients is now 100% automated and our customer has a reliable blueprint for other plants and can create its own operations for client management. „The success of this implementation has thus enabled the biotechnology company to improve its security and make the patch process efficient.“
„With a single click, our customer is now able to patch through an entire security cell automatically“
Andreas Decker
OT Consultant at ondeso
Would you like to find out more?
I will be happy to help you.
Moritz Metka
Phone: + 49 941 462932-34
More Success Stories
From automated Asset Inventory to controlled End-of-life Management. Discover in our Success Stories which projects have already been successfully implemented in practice with ondeso SR.
More about ondeso SR
Click here for more information about our OT administration software designed for industrial PCs.
About ondeso
Learn more about our company and our comprehensive expertise as a pioneer and market leader.
References
Which companies rely on ondeso for their industrial IT management? Discover the answer here.
