Commit 37bce369 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Give room for a cluster deployment

Closes #24
parent e542f87a
Loading
Loading
Loading
Loading
+2 −2
Original line number Diff line number Diff line
@@ -382,7 +382,7 @@ Threats to secure update during installation & execution:
Therefore, it is important to test all system upgrades and design the upgrade procedure in a way, that keeps the system within the set [5.3.8 High Availability] targets.

Requirements:
- **[REQ-UPDATES-0]:** The product shall verify the authenticity and integrity of update packages using a cryptographic digital signature verification prior to installation.
- **[REQ-UPDATES-0]:** Authenticity and integrity of upgrade package shall be verifiable using a cryptographic digital signature verification prior to installation.
- **[REQ-UPDATES-1]:** The product shall maintain a monotonic version counter or equivalent mechanism to prevent installation of updates with an older vulnerable version.
- **[REQ-UPDATES-2]:** If the product supports intentional rollback, this action shall require explicit authorisation and shall be based on separately versioned and signed rollback metadata.
- **[REQ-UPDATES-3]:** The product shall apply updates in an atomic manner such that incomplete or failed updates do not result in a partially updated state. In the event that an update cannot be completed successfully, the product shall automatically restore a previously operational software state, ensuring the product remains functional.
@@ -393,7 +393,7 @@ Requirements:

These requirements are generally binding, and there is no low-medium-high tiering available.

The requirements REQ-UPDATES-5, REQ-UPDATES-6, REQ-UPDATES-7 and REQ-UPDATES-8 are conditional due to different operative management models.
The requirements [REQ-UPDATES-5], [REQ-UPDATES-6], [REQ-UPDATES-7] and [REQ-UPDATES-8] are conditional due to different operative management models.
A cellphone that is connected to a corporate inventory management often has it's own update manager, and the device does not rely on the centralised control.
Similary in a modern cluster deployment, the application can not update itself, as the control is in the cluster, which makes the provisioning, scheduling and network shaping decisions for all applications ran in the same context.