Other Topic Library Versions

Embedded Security modes and policies

The Embedded Security solution protects against viruses and other unauthorized programs on the following Grass Valley systems:
  • K2 Summit system system
  • All types/roles of K2 Media Server
  • All types/roles of GV STRATUS server
Embedded Security prevents any unauthorized programs from running on the system. It contains a whitelist of programs that are authorized to run. Whenever a program attempts to run, it is checked against the whitelist. If the program is not on the whitelist, Embedded Security blocks the program from running. SiteConfig, and any software deployed by SiteConfig, is on the whitelist, so you do not need to manage Embedded Security in any way when using SiteConfig to deploy software. All versions of SiteConfig are compatible with Embedded Security.

When installing software manually (without SiteConfig) it might be necessary to manage Embedded Security. When necessary, you can put Embedded Security in Update mode. This mode allows you to manually install software that is not on the whitelist. Do not confuse Update mode with the idea that Embedded Security is "disabled". When in Update mode, Embedded Security is still active. While in Update mode, Embedded Security keeps track of any software you run or install and adds it to the whitelist. When you are done installing software and any required restarts, you must take Embedded Security out of Update mode so that it can protect the system. For software that requires a restart after installation, such as K2 system software and SNFS media file system software, Embedded Security must remain in Update mode until after the restart is complete.

No system restarts are required for entering or leaving Update mode, and a restart does not change the Update mode status. If in Update mode before a restart, the system remains in Update mode after a restart. You use the Embedded Security Manager to enter and leave Update mode.

The following policies apply to the Embedded Security:
  • Use Update mode only as instructed by Grass Valley product documentation or as directed by Grass Valley Support. Do not do any other operations with Embedded Security Manager, unless under the direct supervision of Grass Valley Support.
  • Do not keep Embedded Security in Update mode long-term, as Embedded Security does extra processing while in Update mode and eventually problems arise when attempting to run software.
  • Make sure that Embedded Security is not in Update mode when using SiteConfig to install software. Update mode interferes with SiteConfig's automatic management of Embedded Security and causes problems running the software installed.
  • Leave Embedded Security enabled for normal operation of your Grass Valley system. Do not disable Embedded Security except as instructed by Grass Valley product documentation or as directed by Grass Valley Support. Enabling and disabling Embedded Security requires a restart.
  • Do not install any programs or modify any operating system settings unless approved by Grass Valley. By design, Embedded Security prevents any programs from being installed or from running that are not present when you receive the system new from Grass Valley. These Grass Valley systems are not general purpose Windows workstations. The applications and configuration have been specifically optimized on each system for its intended use as part of the Grass Valley system.
  • While Embedded Security is the key anti-virus component on these systems, you should still follow the Grass Valley anti-virus scan policy and scan all the devices in your Grass Valley system to ensure viruses are not propagated between machines.

Embedded Security is part of the K2 Summit system generic disk image and the K2 Media Server generic disk image compatible with K2 software version 9.0 or higher. Both K2 Media Servers and GV STRATUS servers use the same generic disk image, so GV STRATUS servers inherit the Embedded Security solution. On K2 Summit systems, the Embedded Security solution introduced with K2 software version 9.0 replaces the write filter from previous versions.

Copyright © 2019 Grass Valley Canada. All rights reserved. GV STRATUS 6.8 gvtp_20190318_01:43:25