User Manual
Network Security Controls
Intended Operational Environments
2
A6V11646120_enUS_b_40
51 | 85
● Desigo CC server is installed.
● Microsoft SQL Server is installed on the Desigo CC server.
● The server project folder is shared.
● The required certificates are imported into the Windows Certificate store:
– The root certificate is imported into the Trusted Root Certification
Authorities store.
– The host certificate is imported into the Personal store.
● The host certificate used must have a private key; no private key is needed for a
root certificate.
Remote Web Server (IIS) Station in a DMZ
This section describes how to configure the web server to use the same certificate for
both the web site and the web application.
● A dedicated workstation serving as web server for hosting the website/application.
To simplify the website configuration, it is recommended that you install the
Desigo CC client or FEP software on this machine.
● The web application user on the remote web server has access rights on the
shared project folder on the server.
● The required certificates are imported into the Windows Certificate store:
– The root certificate of the host certificate provided for CCom port security is
imported into the Trusted Root Certification Authorities store.
– The communication between the web server and the web/Windows App clients
is always secured. Therefore, creating the website and the web application
certificates is mandatory. Desigo CC supports using either the same or
different certificates for the website and the web application.
– The certificate and its private key must be imported into the Windows
certificate store (in the Local Machine\Personal store; its root certificate must
be imported into the Local Machine\Trusted Root Certification Authorities
(TRCA) store). The private key must be marked to be exportable.
– If different commercial certificates are used for creating the website and web
application, then both must be present in the Trusted Root Certification
Authorities store and the Personal store of the Windows Certificate store.
Security
● Secure server/remote web server (IIS) deployments require high security
configuration setup.
● The components in the DMZ are exposed to internet, therefore it is important to
keep them up to date to the latest security patches.