24
January 2018

MAP Server – Protecting legacy applications

Andy Harris

In any IT environment, there are legacy applications that do something business useful but cannot be replaced. That’s where MAP Server from Osirium can help.

For example, whilst industrial CNC systems have an expected lifetime of 25 years, the applications that drive those systems will become dated and vulnerable within closer to 5 years.

Other examples of legacy systems and dependencies include:

  • Data feed handlers for old information feeds
  • Estimating Applications
  • CAD/CAM applications that create specific outputs
  • In-house developments where the original programmers have long since left the company
  • Expensive externally developed applications that are still delivering value
  • Applications for which there are no replacements
  • Applications that need special protocol drivers

Whilst it’s one thing to be aware of a vulnerability – it’s another to be able to do something about it, especially in cases where software cannot be upgraded.

At Osirium, we created our Management Application Proxy Server (MAP Server) as a home for these (and other) applications. MAP Server is a way of creating an environment with all the dependencies that an old application needs, then projecting the window for that application using remote desktop protocol (RDP) to client workstations.

The MAP Server can use a series of secure local accounts, or specified domain accounts that the PxM Platform can manage.  This means that privileged accounts used on the MAP Server have long and strong passwords, and effectively there becomes only one way to access the applications – through the PxM Platform, which controls the MAP servers.  Of course, the credentials never enter the user’s workstation; they stay well isolated between the PxM Platform and the MAP Server.

If you have applications that use insecure protocols such as ‘telnet’ you can isolate these by defining two network interfaces on the MAP Server to keep all the vulnerable protocols on a network with only the devices needed.

Making the journey easier

Customers that find they need multiple versions of management applications to cope with the transition between multiple versions of a security application, can use MAP Server to stand up each version that’s needed. Using MAP Server, SysAdmin and DevOps can seamlessly switch between versions whilst managing a rolling upgrade – less effort, more uptime, less overtime. Perfect.

Management Application Proxy Server – part of our PxM Platform

Launch Video