User Manual
Network Security Controls
Intended Operational Environments
2
44 | 85
A6V11646120_enUS_b_40
● Microsoft SQL Server installed/remote customer Microsoft SQL Server
● Own network segment
● IPv4/IPv6
● IT firewalls must allow communication between server and client
Client Station
A dedicated workstation with the following features:
● Desigo CC client/FEP
● Own administration
● IPv4/IPv6
● Internal firewalls
Security
● Secure client/server deployments require medium configuration setup.
Certificate Usage
This scenario explains setting up a secured client/server communication using
certificates from the Windows store.
For a client/server deployment, the following restrictions apply with respect to
certificates:
● The root certificate validates the certificates used for communication. Therefore, it
must be the same for all host certificates and it must be installed on the server and
on all clients.
● The root and communication (host) certificates must be different and have
different subject names.
● The communication certificates should be specific. Therefore, it is recommended
to use different host certificates for client and server.
● The communication certificates are used by the Desigo CC client/FEP. Therefore,
the logged on user of the client/FEP operating system requires access to the
private key of the host certificate stored in the Windows Certificate store.
The owner of the Desigo CC system is responsible for distributing authorized
certificates and keys. This is often done by the IT infrastructure, particularly, if
commercial certificates are used instead of the self-signed ones.