Platform and Patching Overview¶
Our OS is an image-based Linux installation. This image is maintained and updated in line with our SDLC (System Development Lifecycle) as well as our “Product Roadmap”, usually about 4-6 times a year.
At each release we evaluate what needs to be updated to keep the platform up to date and secure. In cases where there is a need for separate security patches due to security vulnerabilities that could potentially affect our platform (e.g. poodle/shell shock, etc.) StoredSafe will update our image for testing, distribution and installation at the customer site. Thus, we use the same procedure whether it is a release update or a patch, a new complete image replaces the old one.
The image is read only and only customer-specific parts such as host name, IP address and of course database content are writeable. The system always boots from an default image, change of default image is done easily and intuitively through our system console gui (please se our StoredSafe System Administration Guide). When satisfied, just set the new image to permanent boot image.
ISO-image based solutions also facilitates an easy "roll back", the system administrator just need to set the old image to permanent boot image and reboot the system.
In case of an upgrade to a new major release, the roll back procedure may require a restore of latest backup.
Before an image can be installed, the system performs verification of the image PGP signature to ensure that it is an official StoredSafe release