Solution Center Updates

ArcFM XI end-user applications allow users to pin versions and update only when your organization has validated the new release in a lower environment, and you are confident with pushing the build to production. Unlike end-user apps, our administrative app, Solution Center, follows an industry standard auto-rollout pattern. This pattern ensures Solution Center is updated for the latest security measures, as well as updated to support the latest functionality for the ecosystem of ArcFM apps administrated through Solution Center.

Release notifications, Solution Center release announcements, and plugin announcements are available in the Announcements plugin. These announcement messages include information on what was released, release content, and release date.

IMPORTANT: If any action is required on your part prior to an update, you are notified of those actions in the Announcements plugin, email notifications, and/or an article on myArcFM.

This topic describes how Solution Center is updated to continually improve functionality and security of this administrative application.

Methodology

When you launch Solution Center, it makes a call through Application Gateway to our Azure hosted installer storage to determine if a more current version than the one currently running exists. If it finds a more current version, the update is downloaded to the machine from Azure Blob Storage via our subscription. The application is then stopped, the update is applied, and the app is restarted.

Plugins are updated during the login process prior to loading. Each time you log in, plugins are downloaded from our installer storage, then they are loaded prior to plugin use to guarantee the most current plugin versions.

Technology

Solution Center uses an open-source application packaging tool called Clowd.Squirrel/Velopack for autoupdate functions. Autoupdates take place when Solution Center is launched and the login process has begun. The update process consists of a several steps:

  1. During the build of a release, the installer packaging tool creates a file to track and verify the latest released version of Solution Center. This file contains a SHA1 hash, filename, and file size for each package, and is saved within Installer Storage.

  2. The app packaging tool is given a specific URL to access and download the file. Solution Center checks this file during the login process to determine if an update is available.

  3. If there is a newer version of Solution Center available, the new package is verified by comparing SHA1 hashes, file size, and file name found in the previously mentioned release file.

  4. Once the package is verified, it’s downloaded to devices from its location within Installer Storage. The old package is then replaced with the new one in the correct locations, which includes app shortcuts, and then removed.

  5. Solution Center is then automatically restarted to allow use of the recently updated package. Solution Center relaunches and returns to the login process. If any part of verification during the update process fails, the update ceases and Solution Center does not relaunch.

When Solution Center plugins are updated, those versions are downloaded from Installer Storage on application startup. There’s a Loading plugins notification that displays the number of plugins being downloaded, including the status of the process. Downloading plugins during the login process allows them to consistently be the most updated version, whether or not Solution Center itself has an update available.

Security

You are assured of Solution Center’s security when you activate autoupdate functionality. The ability to update and apply patches to Solution Center, including its dependencies, is crucial in maintaining secure apps. Often there are security updates implemented due to new dependency versions or newly found attack vectors. Ensuring that Solution Center is running the most up-to-date version protects from the security vulnerabilities that we continue to monitor.

Solution Center dependencies are signed and verified during execution time. When updates are available, the new files are verified prior to download, as mentioned previously in the Technology section above.

Solution Center has a security catalog file available for an added level of security. A catalog file is a secure “.cat” file type that allows Microsoft operating systems to verify cryptographic hashes for each file included in the catalog. This file type is digitally signed and is used as an additional security measure to validate the authenticity of specified files prior to execution. Solution Center’s catalog file is generated and signed when a release is built. This file is provided on request and implemented client-side, given that Solution Center functionality using this secure file type is not available.

When Solution Center plugins are updated, those versions are downloaded from Installer Storage on application startup. Prior to downloading, the hash of the plugin is checked to confirm it hasn’t been tampered with and contains everything that Solution Center expects. Plugins are also signed, and their signatures can be checked on the client side at any time. Running updated plugins allows implemented security updates to be installed immediately upon startup of the application. This keeps the application safe from vulnerable dependency versions and known attack vectors.

Solution Center and its plugins are consistently scanned for security vulnerabilities using tools such as Black Duck Binary Analysis and Sonar Cloud. Those tools also undergo penetration testing to unearth vulnerabilities that scanners may have missed.

QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.

Was this helpful?