User Manual
Part A: System Overview
System Architecture - How the System is Organized
1
A6V10415500_en_a_42
Restricted
29 | 53
● Support of Windows domains and Active Directory
● Support of network policies
● Firewall/DMZ support
For systems with key components on the Internet, additional network and IT
security measures need to be implemented to run Desigo CC properly:
● Only Web, Windows App and Flex Clients are hosted outside the customer
network.
● Communication between all key components is required to be secured by
standard IT security mechanisms such as VPN and/or certificates.
● Communication to components on the Internet must be secured by customer or
trust center provided certificates and separated from the customer network by
professional hardware firewalls/DMZ.
● Only logon to Desigo CC on the Internet with users on the customer’s Active
Directory.
● Field systems must be separated from Internet access.
1.2.2.5 Distributed System Configurations
The distributed system configuration allows interconnecting several systems that
run independently, either on one or several physical machines. The interconnection
of the projects allows transparent engineering and operation through them seeing
them as one only system. The distributed system configurations extend even
further the support of very large systems, increase robustness eliminating single
point of failures and allow geographical or discipline segregation.
Three types of distributed deployments are supported:
● Fully meshed: Each system is logically connected to all others. Clients can see
all objects in all systems. Systems can be run on separate servers that can be
geographically distributed. Virtual servers are also supported
● Segmented: A fully meshed configuration where all systems run on the same
server. Allows to build larger systems on one single server
● Hierarchical: Distributed local systems, also called supervised systems, are
logically connected to one head system or supervisor. Clients connected to the
supervisor can see all objects; clients connected to supervised systems can
only see the local objects. For campus or inherently hierarchical applications