Security
- As important proprietary data are saved on the PPS server system, an adequate privacy must be guaranteed. The system administrators must ensure that only authorized persons have access to this system.
- As the PPS server is connected to a network and numerous clients access it, an antivirus software must be installed additionally to the firewall to protect against malware and spam.
- Define exceptions to the on-access scan in the antivirus software
- Exclude the following directories and applications from the on-access scan:
-
PPS Database Directories
(all SKR3_DB_15 directories (stating with PPS 2.0.x, formerly SKR3_DB) -
PPS Distribution directory
e.g:
D:\PPS,
C:\Program Files (x86)\Apache Group\Apache2\htdocs\sns, - C:\Program Files\Stoll
-
PPS Backup directory
(e.g. E:\PPS\Backup ) -
PPS Log directory
(C:\Skr3log, C:\Program Files (x86)\Apache Group\Apache2\logs) - Exclude the following programs from scanning:
- java.exe
- postgres.exe
- PollClient.exe
- wildfly-service.exe
- Apache.exe
- guacd.exe
- Rules for incoming TCP and UDP messages of the PPS, which the firewall must not block.
The paths to the programs may vary, depending on the installed version or the installation drive.
Create this rules: - Name of the rule: „Stoll PPS PostgreSQL Server“
Path of the application:
C:\Program Files\Stoll\skr3_15\PostgreSql\15.5-1\bin\postgres.exe (starting with PPS 2.0.x, formerly C:\Program Files\Stoll\skr3\PostgreSql\9.5.10-1\bin\postgres.exe)
Name of the profile: Skr3_DB - Name of the rule: „Stoll PPS OpenJDK”
Path of the application: "C:\Program Files\java\zulu-11\bin\java.exe" (starting with PPS 1.9.29, formerly "C:\Program Files\java\zulu-8\bin\java.exe")
Name of the profile: StollPpsServer - Name of the rule: „Stoll PPS Apache HTTP Server“
Path of the application: „C:\program files (x86)\apache group\apache2\bin\apache.exe“
Name of the profile: Apache2 - Name of the rule: „Stoll PPS PollClient“
Path of the application: "C:\Program Files\Stoll\skr3_15\bin\pollclient.exe" (starting with PPS 2.0.x, formerly "C:\program files\stoll\skr3\bin\pollclient.exe")
Name of the profile: Skr3_PC - Name of the rule: „EnableFireWallPingRule“
Log: „icmpv4:8,any“
Name of the profile: any
If the Windows Defender, is working starting with Windows 10, the installation program automatically enters the above mentioned exceptions and firewall rules into the Defender settings.
- The SKR component comes with a live backup software for your valuable data of orders and events in the PostgreSQL database. Activate this software to increase the failure-safety. You can create rolling backups over several days, which can be recovered accurate to the second.
- Software Update
Previously to a release by Stoll, the update is tested intensively. Nevertheless, it is not possible to fully exclude the chance that there might exist operating conditions that lead to a malfunction. In order to limit the risk to your production operation, it is recommended to install and test the update and its suitability first of all on a parallel PPS installation connected for example to some patterning machines.
- A copy of the current day can only be created after deactivating the backup service, as the files are being accessed otherwise. The backup folder of the current day is located in the backup directory specified by you and has a timestamp of the current day with the time of the base backup. Example: 2016-01-31T090002+0100
- The PPS Server Suite has an automatic recovery function, which can restore the orders and events from the data existing on the machine in the database, in case you recover a backup which does not contain the orders generated afterwards. For the events, the machine uses a buffer, which normally is sufficient for a week.
- It is recommended to test an update with a second PPS installation with some connected machines before updating the production system.
- The setup retention days for finished tickets in the PPS determine how many days backwards, the distributed orders can be recovered in the database.
Determining the retention time of completed tickets on the machine - Assign passwords for the PPS access only to authorized persons. Change the password in regular intervals and ensure sufficient complexity. Use passwords that contain upper and lower case, special characters and numbers.
- Make a note of the access passwords assigned for the JBossUser and the _Skr2DbUser during the installation so that they are available to you if necessary.
- Comply with the regulations of your country when using the PPS Server Suite. This applies also to the collected personal data. Inform your employees about it and coordinate the utilization with the work council if necessary. Critical minded persons might perceive the offered possibilities as surveillance. We see the advantage of the PPS more in the fact, that the production sequences are optimized, simplified and more transparent, that inefficiencies are eliminated, the flow of information and the work load are improved, the training potential are determined, deadlines are met more easily and everybody benefits, if one is better equipped to deal with the tough competition. Encourage and reward your best employees but do not blame anybody based on data gained from the PPS. Initiate a healthy competition among the employees. Promote a team spirit and name the improvements that got possible due to the PPS and everybody takes benefit from. Please use the PPS only with this in mind, in order to achieve a high level of acceptance and to realize the full potential.