User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC Version V4.2 System Description

Part A: System Overview

System Architecture - How the System is Organized

28 | 53

Restricted

A6V10415500_en_a_42

remote connectivity to an external application via Web Services.

The Management System Server, history database service, Web Server and the

first Installed Client are deployed on the same hardware platform, which can be

physical or virtual.

Field networks are connected directly to the Management System Server.

FEP can be used to better balance the communication load or to better adapt to

the distribution of the field systems. A typical case for FEP usage would be a

system with multiple remote sites and one central control location.

Installed and Windows App Clients are connected via the system LAN to the

server.

The size of the field system and the number of clients that can be supported by this

configuration depend on the server hardware configuration.

➜ Please refer to Part B: System Dimensioning [➙ 31].

For systems with Internet access additional support for networks and IT security is

available:

● Support of Windows domains and Active Directory

● Support of network policies

● Firewall/DMZ support

For systems with key components on the Internet, additional network and IT

security measures need to be implemented to run Desigo CC:

● Only Web, Windows App and Flex Clients are hosted outside the customer

network.

● Communication between all key components must be secured by standard IT

security mechanisms, such as virtual private network (VPN) and/or certificates.

● Communication to components in the Internet must be secured by customer- or

trust center- provided certificates and separated from the customer network by

professional hardware firewalls/DMZ.

● Only logon to Desigo CC on the Internet with users of the customer’s Active

Directory.

● Field systems must be separated from Internet access.

1.2.2.4 Large, Distributed client/Server with Internet Access

This is the configuration choice for cases where system size or specific customer

indications require the deployment of key Desigo CC components on different

hardware platforms which can be physical or virtual.

Communication between the key components is required to be secured by

standard IT security mechanisms, such as certificates. Communication to

components on the Internet must be secured by customer or trust center provided

certificates and protected by professional hardware firewalls/DMZ.

Field networks are connected to the Management System Server, and when

appropriate FEP can be used.

The size of the field system and the number of clients that can be supported by this

configuration depend on the server hardware configuration.

➜ Refer to Part B: System Dimensioning [➙ 31].

For systems with Internet access additional support for networks and IT security is

available: