The repository shall have procedures in place to monitor and receive notifications when software changes are needed.

This is necessary to ensure expected, contracted, secure, and persistent levels of service

Audits of capacity versus actual usage; audits of observed error rates; audits of performance bottlenecks that limit ability to meet user community access requirements; documentation of technology watch assessments; documentation of software updates from vendors.

The objective is to track when changes in service requirements by the designated communities require a corresponding change in the software technology, when changes in ingestion policies require expanded capabilities, and when changes in preservation policies require new preservation capabilities. This can be driven by security updates (vendor supplied corrections to newly identified vulnerabilities), by changes in delivery mechanisms (new software clients for displaying authentic records), and changes in the number and size of archived records (expanded database requirements). The repository should conduct or contract frequent environmental scans regarding software evolution, likely points of failure, and interoperability among the software and hardware components. The repository should also be in contact with its software vendors regarding technology updates, points of likely failure, and how new programs may affect system integration and performance.

APTrust has migrated to a platform based microservices hosting solution in its most recent iteration of the APTrust software. As part of the AWS shared responsibility model , this step has moved even more of the infrastructure maintenance and monitoring effort to AWS, leaving the container infrastructure, rds, and elasticache along with the application to be monitored by APTrust. 

In the case of AWS updates, a notification is sent via email and in the events console. 

 “You are receiving this message because you have one or more instances running Amazon RDS for MySQL minor versions 8.0.27, 8.0.26, 8.0.25, 8.0.23, 5.7.36, 5.7.34 or 5.7.33 that require your attention. Amazon RDS for MySQL minor versions 8.0.27, 8.0.26, 8.0.25, 8.0.23, 5.7.36, 5.7.34 and 5.7.33 will reach end of standard support on April 20, 2023. To learn more about the RDS policies related to major and minor version support, please refer to Database Engine Versions section in RDS FAQs [1]

 

We recommend that you take action and upgrade your RDS for MySQL databases running 8.0.27, 8.0.26, 8.0.25, 8.0.23, 5.7.36, 5.7.34 and 5.7.33 to the latest minor available for the respective major version before April 20, 2023. To minimize the downtime during the upgrade, you can now use the newly launched fully managed Amazon RDS Blue/Green Deployments Service [2]. Alternatively, you can enable Automatic Minor Version Upgrade [3] to allow Amazon RDS to upgrade your instances in the next maintenance window.

We recommend upgrading these instances to newer minor versions to benefit from patches for known security vulnerabilities, as well as bug fixes, performance improvements, and new functionalities added by the MySQL community.

Your Amazon RDS for MySQL instances running minor versions 8.0.27, 8.0.26, 8.0.25, 8.0.23, 5.7.36, 5.7.34 and 5.7.33 are listed in “Affected Resources” tab of the AWS Health Dashboard.”

In the case of APTust monitoring, there are multiple methods being used for tracking.  Cloudwatch provides both log aggregation for all application activities to be tracked. This includes database activity, and some of the related services. Cloudwatch also provides monitoring via Container Insights of the container infrastructure that APTrust is responsible for. Container resourcing, lifecycles, scaling, and network activity can all be tracked to verify if changes are necessary. 

Within the repos themselves, there are tools such as Snyk – container vulnerabilities – and Dependabot, which do a combination of automated and manual checks for vulnerabilities. 

Picture3

Update processes and monitoring documentation to cover the current processes listed above.