User Manual
Network Security Controls
Protected System Configuration Concept
2
A6V11646120_enUS_b_40
27 | 85
2.1.1 Zone Boundary Protection
● The Desigo CC backbone level and DMZ level are security zones that are
physically protected (for example, locked in rack in server room) and use
separated networks that only permit Restricted access to its components.
● A separate VLAN alone does not meet the requirements for zone boundary
protection. A firewall is required too.
● Allowed components in the Desigo CC backbone level protection zone are: Desigo
CC server, Desigo CC computer with Secure Global Desktop and Samba server,
related clients and printers. In case one of the allowed components is remote, a
physically protected and secured communication is also required.
● Allowed components in the Desigo CC DMZ level protection zone are: Desigo CC
as well as an optional computer with OPC Clients or Secure Global Desktop.
● The zone boundary protection must be implemented via firewall to limit the
inbound and outbound communication among network zones.
Figure 2: Zone Boundary Protection