User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

Cybersecurity Concepts – How to Secure the System

Server Services

A6V11646120_enUS_b_40

63 | 85

● Shared

Provide read access on all files and subfolders to the web server account and all

Windows client accounts.

● All other folders

Provide read/write access to the [System Account] only ([System Account] is

configured in SMC).

Do not provide access on these folders to any other account.

3.7 Server Services

The following services are deployed on the Desigo CC server:

GMS_WCCILpmon_[Project Name]

This service can run under a local Windows account without administrator privileges.

Siemens GMS HDB Service

This service can run under a local Windows account without administrator privileges.

Siemens GMS Closed Mode Service

This service must run under local system or a Windows account with administrator

privileges.

Siemens GMS SMC ProjectData Service

This service supports setting up distributed systems, and remote installed clients and

FEPs. This service is not needed for operating Desigo CC and can be disabled in the

Windows Services once the setup of remoted components is completed.

In case of distributed systems it is recommended to disable this service after system

configuration and re-enable it only during system reconfiguration.

SQL Server ([Instance Name]) and SQL Server Browser

Microsoft SQL Server services for the History/MNS Database (if the database is

deployed on the Desigo CC server).

Additional services are installed depending on the extension modules deployed

(please refer to the respective integration guides), for example:

OPC Enum

Belongs to the Desigo CC OPC server.

● Select None as your Authentication Level.

● Launch Permissions - Select the option Use Default.

● Access Permissions - Select the option Use Default.

Configuration Permissions:

● Anonymous

● Everyone

● Guests

● Interactive

● Network

● System

Ensure that all of the accounts above receive Full Control rights.

If you are using IIS (Internet Information Services) as an OPC client make sure to add

the following accounts as well:

● IWAM_<computer-name>*

● IUSR_<computer-name>*

Use the Interactive Account or System Account.