User Manual
Cybersecurity Concepts – How to Secure the System
License Security
3
A6V11646120_enUS_b_40
61 | 85
3.4 License Security
Licensing is important to guarantee the operation of the system within the agreed
system limits. Only the system is allowed to change license data.
If a license becomes temporarily unavailable (for example, dongle unplug) the system
continues running fully operational for a demo period of 30 minutes. The system
continues to check for the license and shuts down at the end of the demo period, if the
license checks are unsuccessful.
Exceeding the limits of the license (for example, by integrating more field system data
points than stated in the license), puts the system into Courtesy mode. Phases of
Courtesy mode accumulate until a total duration of 30 days is exceeded, then the
server shuts down. Unless new licenses are purchased and activated, after a manual
restart the system returns into Courtesy-mode strike exceeding and shuts down.
Any unauthorized attempt to modify system license data directly in the database (for
example, change of the remaining time of a specific license mode) shuts down the
system.
3.5 Stored Data Security
Data is generally stored unencrypted in Desigo CC. Exceptions are sensitive data
such as passwords for accessing Desigo CC (hashed) or passwords required by
Desigo CC to access field system devices (encrypted).
Project Data
Runtime data (process image) and engineering data is stored in a file-based database
in a subdirectory of the project directory. Data is unencrypted and database access
can only be prevented by restricting access to the database files. The project directory
must be shared when deploying installed clients. It is hence important to restrict
access to the DB folder in the project directory to the Windows account running the
Desigo CC server.
Database (HDB)
Historical data is stored in an access-controlled Microsoft SQL Server database. This
database should be outside the project folder to allow for independent handling and
backup of project data and historical data. It is recommended to encrypt the
connection to the History Database when using a remote Microsoft SQL Server.
Backups of Project or History Database
Backups of the system or archives from the History Database are not encrypted and
can get restored on any system. Therefore, it is important to store backups in secure
locations and encrypt if necessary (different passwords should be used for different
sites).