User Manual
Network Security Controls
Intended Operational Environments
2
50 | 85
A6V11646120_enUS_b_40
Figure 15: Intranet-Extranet
Server and a Remote Web Server (IIS) in a DMZ Network
A DMZ (demilitarized zone) refers to an area of a network, usually between two
firewalls, where users from the Internet are permitted limited access over a defined set
of network ports and to predefined servers or hosts. A DMZ is used as a boundary
between the Internet and your company's internal network. The network DMZ is the
only place on a corporate network where Internet users and internal users are allowed
at the same time.
In a DMZ setup, the web server (IIS) and the Desigo CC server are hosted on
separate machines that are on different networks, separated by firewalls.
In such a scenario, commercial SSL certificates are typically used for the website on
IIS. For verifying the signature of the web client/Windows App client, the same
certificate or a separate commercial or self-signed certificate, may be used. However,
you can use the same certificate if the private key used to secure the web site is
exportable.
The following section describes a typical deployment scenario for setting up a Desigo
CC system with a remote web server (IIS) in a DMZ scenario.
Server Station
A single dedicated workstation with the following features: