Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
21222324252627282930
Network Security Controls
3
25
Siemens
Application Note
Smart Infrastructure
Stand-Alone System with a Local Web Server (IIS)
The following describes a typical deployment scenario for setting up a Desigo CC sys-
tem with a local web server (IIS) on a single computer.
What is a Local Web Server?
The web client and Windows App client options require installing an optional web
server component (IIS). When the web server (IIS) is installed on the same computer
as the Desigo CC server, it is called the local web server (IIS).
What is a Stand-Alone System with a Local Web Server?
A local web server is a single dedicated workstation with the following features:
Desigo CC Server
Web server (IIS)
Own administration
Microsoft SQL installed
Accessed by means of Web client and Windows App client
Intranet, own network segment
IPv4
No IT firewalls (to other network segments or to the Internet)
Security
Simple setup
Effort for security configuration is medium
A stand-alone system with a local web server must be protected against attacks
from other machines in the network. Follow the configuration guidelines to limit
outside communication by firewall settings, virus scanner, and so forth to secure
the system.
Certificate Usage on a Stand-alone System with a Local Web Server
No certificate is required for the communication between the Desigo CC server
and the installed client or FEP since there is no FEP and no remote installed
client in this deployment.
The communication between the Desigo CC server and the local web server
(IIS) can be left unsecured (without certificates), since they are both installed on
the same machine.
The communication between the web server and web/Windows App clients
shall be always secured. Hence, the Web site and the web application creation
certificates are mandatory. Desigo CC supports using either the same or differ-
ent certificates for the web site and the web application. This section describes
how to configure the web server using the same certificate for both the web site
and the web application. Usage of TLS 1.2 is suggested whenever possible.
The certificate and its private key must be imported into the Windows certificate
store (in the Local machine\Personal store; its root certificate must be imported
in the Local machine\Trusted Root Certification Authorities (TRCA) store). The
private key must be marked as exportable.