User Manual
Network Security Controls
Intended Operational Environments
2
A6V11646120_enUS_b_40
49 | 85
For systems with key components in the Internet additional network and IT security
measures are required to run Desigo CC properly:
● Only web and Windows App clients are hosted outside the customer network.
● Communication between all key components is required to be secured by
standard IT security mechanisms, like virtual private network (VPN) and/or
certificates.
● Communication to components in the Internet must be secured by customer or
trust center-provided certificates, and must be separated from the customer
network by professional hardware firewalls/DMZ.
● Log on to Desigo CC in the Internet only with users of the customer Active
Directory
● Field systems must be separated from Internet access.
Figure 14: Client/Server with Internet Access