GMP Monitoring System: Virtual Server vs. Hardware Server

When operating a GMP monitoring system, the question often arises whether a hardware server or a virtual server is the better solution. We have examined both options in detail and compared their advantages and disadvantages.

GxP-compliant monitoring systems are important monitoring and analysis tools in manufacturing, laboratory, or storage areas. The monitoring software typically consists of server components (application and database) as well as clients (user PC / touch panel PC...). When it comes to software server components, the question repeatedly arises whether an explicit hardware server should be used or whether a virtual server – provided by the customer – is the better choice. Below, we take a closer look at both options and explain their pros and cons.

Option 1: Physical Hardware Server

In this solution, the hardware server is usually supplied by the monitoring system provider.
Advantages of this solution

– Minimal IT resource requirements for the customer. The supplier provides everything from a single source.
– Clear separation between the production network and the monitoring network is possible.

The advantages can be very significant for the customer, especially if there is no internal IT department or if it is unavailable. However, some points must be clearly defined in advance to ensure smooth commissioning.

Points to clarify beforehand

Should the server be connected to the existing customer network?

If yes:

– Backup of the server by the customer or is a separate backup solution needed?
– Which antivirus scanner should be installed?
– Network configuration (IP addresses, etc.)?
– Are local users permitted?

If no (= "island solution")

– Which / how many clients are required? Will they be provided by the customer or should the supplier deliver them (clients are to be used exclusively for monitoring)?
– Are network sockets available that can be used for the monitoring network?
– Is a necessary switch provided/installed by the customer, or should this be part of the monitoring offer?
– Are client accesses outside the area also needed and even possible (laying network cables, etc.)?
– Who is responsible for maintenance / operational safety / availability of the server?

It is clear that a physical hardware server for the monitoring system can be a good and sensible solution. The seemingly simple handling for the customer is somewhat deceptive, as the points to be clarified are not to be neglected, and the overall concept (server, clients, backup, security) must be clearly defined. Especially the topic of fail-safety (e.g., redundant components) must be considered and evaluated on a risk basis if necessary.

Option 2: Virtual Server (provided by the customer)

In this solution, the customer prepares a virtual server according to the specifications of the monitoring manufacturer. Then, the software or database is installed on the server and becomes available in the network.

The main advantages of this solution

– Highest fail-safety possible through customer platform for virtual servers
– Adaptation to customer standards for antivirus, backup, and monitoring software
– No hardware maintenance of the server required

These advantages are contrasted by the following "CONTRAS"

– High IT standard required from the customer (often difficult for small businesses)
– Possibly: No clear separation between monitoring network and production network

Other variants

In addition to the two solutions presented, there are other variants that can be used:

Customer’s virtual server – but a "segregated" network for monitoring (VLAN)
In this case, the solution largely behaves like the "physical hardware server".

Physical hardware server provided by the customer and fully integrated into the customer’s network
In this case, the solution largely behaves like the "virtual server".

Hardware or virtual server with restricted access to the production network
(e.g., only client access to the server). In this case, both variants are mixed.

"Cloud" solution: If the virtual server is not provided by the customer but is externally hosted (in a suitable data center), secure access via VPN is required. If this access is guaranteed, such cloud servers can also be used for a monitoring system. Data centers offer various certifications. A thorough review of security and data protection policies before implementing such a solution is essential.

Conclusion

Which solution is the right one largely depends on the customer’s IT capabilities and their requirements for backup, antivirus, and update options. Early clarification with the customer’s IT is indispensable. For good system support by the manufacturer, an online connection for remote access is necessary. Pure "island solutions" (monitoring networks isolated from the network) are possible and in some situations also the right solution, but in most cases, they are not optimal and do not reflect the "state of the art".