Understanding virus and security policies, Windows operating system update policy, Embedded security modes and policies – Grass Valley K2 System Guide v.9.0 User Manual

your STRATUS system. This includes Windows operating system ACL settings and K2 AppCenter
security/permission settings on bins and channels. Since the GVAdmin user is not a member of the
Administrators group, changing these settings could prevent the STRATUS system from accessing
the K2 Summit system.

Understanding virus and security policies

Read the topics in this section for a better understanding of your system.

Windows operating system update policy

Grass Valley recognizes that it is essential to deploy Microsoft security patches to Windows operating
system products as quickly as possible. As Grass Valley systems are used to meet the mission-critical
requirements of your environment, it is imperative that these systems be kept up to date in order to
maintain the highest level of security available. To that end, Grass Valley recommends that for
standard-edition Windows operating system products, you install all high priority updates provided
by Microsoft. In the unlikely event that one of these updates causes ill effects to a Grass Valley
system, you are urged to uninstall the update and contact Grass Valley customer service as soon as
possible. Grass Valley will investigate the incompatibility and, if necessary, provide a software
update or work-around to allow the system to properly function with the Microsoft update in question.

Note that this policy applies to “High Priority” updates only. There are countless updates not classified
as “High Priority” that are made available by Microsoft. If you believe that one or more of these
other updates must be applied, contact Grass Valley prior to installation. This policy also applies to
standard-edition (not embedded) operating systems only. Do not attempt to update an embedded
Windows operating system in any way except as directed by Grass Valley for the specific product.

You should exercise common sense when applying updates. Specifically, do not download or install
an update while a Grass Valley product is being used for mission-critical purposes such as play to
air.

Embedded Security modes and policies

The Embedded Security solution protects against viruses and other unauthorized programs on the
following Grass Valley systems:

•

K2 Summit/Solo system

•

K2 Media Server

•

GV STRATUS server

•

K2 Dyno S Replay Controller

Embedded Security prevents any unauthorized programs from running on the system. It contains a
whitelist of programs that are authorized to run. Whenever a program attempts to run, it is checked
against the whitelist. If the program is not on the whitelist, Embedded Security blocks the program
from running. SiteConfig, and any software deployed by SiteConfig, is on the whitelist, so you do
not need to manage Embedded Security in any way when using SiteConfig to deploy software. All
versions of SiteConfig are compatible with Embedded Security.

06 November 2012

K2 System Guide

183

Administering and maintaining the K2 system