User Manual
Network Security Controls
Intended Operational Environments
2
A6V11646120_enUS_b_40
53 | 85
2.2.5 Large, Distributed Client/Server with Internet Access
Intended Use Case
This is the configuration choice for cases where system size or specific customer
indications require the deployment of key Desigo CC components on different
hardware platforms, which can be physical or virtual.
Communication between the key components is required to be secured by standard IT
security mechanisms like certificates. Communication to components in the Internet
must be secured by customer or trust center provided certificates and protected by
professional hardware firewalls/DMZ.
Field networks are connected to the Desigo CC server. When appropriate, FEP can
be used.
The size of the field system and the number of clients that can be supported by this
configuration depend on the server hardware configuration.
For systems with Internet access additional support for networks and IT security is
available:
● Support of Windows domains and Active Directory
● Support of network policies
● Firewall/DMZ support
For systems with key components in the Internet additional network and IT security
measures are required to run Desigo CC properly:
● Only web and Windows App clients are hosted outside the customer network.
● Communication between all key components is required to be secured by
standard IT security mechanisms, like virtual private network (VPN) and/or
certificates.
● Communication to components in the Internet must be secured by customer or
trust center-provided certificates, and must be separated from the customer
network by professional hardware firewalls/DMZ.
● Log on to Desigo CC in the Internet only with users of the customer Active
Directory
● Field systems must be separated from Internet access.
Figure 17: Large, Distributed Client/Server with Internet Access