User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

Cybersecurity Concepts – How to Secure the System

Server Services

64 | 85

A6V11646120_enUS_b_40

UA Local Discovery Server

Belongs to the Desigo CC OPC server.

Allow the UA Local Discovery Server to start Automatically.

Configure your Firewall to permit TCP port 4840.

UA COM Server Wrapper

Belongs to the Desigo CC OPC server.

The OPC UA wrapper enables a UA client to connect to a COM-based OPC DA2/DA3

server. Internally the wrapper is a small UA server that obtains data from its internal

COM DA2/DA3 client. This client can be configured to connect to any compliant OPC

server.

Siemens BT Video API Service

This service is part of the Video extension module and can also be deployed on a

remote machine as an option.

By default, the BT Video API service runs on the Desigo CC server as an anonymous

Windows Network Service. For security reasons, you must make it instead run as a

named account, with administrator privileges. In addition, for proper operation of the

Video extension, Desigo CC services must also be set to run under this named

account.

On the Desigo CC server computer, you must create a VideoAPIService user account

in Windows.

NOTE: The account must be an administrator Windows user, and it will also be

assigned the role of administrator in the VMS.

Depending on the deployment scenario, this task is performed in the following ways:

● If the VMS server runs on the same computer as the Desigo CC server: create a

VideoApiService local account on the shared computer.

● If VMS server runs on a separate computer different from the Desigo CC server:

– On a Windows domain, create a domain VideoApiService account, which can

be used on all the computers of the domain.

– On a Windows workgroup, create the same VideoApiService account as local

user on the Desigo CC server and on the VMS server. Use the same user

name and password on both computers. If a password change is done later

(for example, due to enforcing password policy), the change must be done

consistently on both computers.

In any case, for more information about creating a new Windows user account, refer to

the Microsoft documentation and online help.

Add Credentials of the Basic User on the Station

Next, the Windows Credential Manager will be used to add the BasicStreamingUser

created above to the Desigo CC station where video streams must be displayed.

Repeat this procedure for all the Desigo CC stations where you want to display

streaming video.

1. On the Desigo CC station where you want to show video streams, open the

Windows Credential Manager as follows:

a. Select Start > Control Panel.

b. Select User Accounts > Credential Manager.

2. Select Windows Credentials.

3. Click Add a generic credential.

4. In the Internet or network address field, enter VMS server host name.