Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
21222324252627282930
3
Network Security Controls
28
Siemens Application Note
Smart Infrastructure
Installed and Windows App Clients are connected via the system LAN to the
server.
The size of the field system and the number of clients that can be supported by this
configuration depend on the server hardware configuration.
Client/Server
A Desigo CC installation has only one server, but it can have multiple clients, run-
ning on different computers. You can work with Desigo CC in configuration where a
Desigo CC server communicates with multiple Desigo CC clients installed on sepa-
rate computers. This allows multiple operators to manage and supervise the same
site.
The communication between the client and the server must be set up using the
SMC. First, you must set up the server and then the client station. The communica-
tion should be secured using certificates (this might be simplified on dedicated and
protected networks, such as within a control room).
By default, the template project is created for a stand-alone configuration (with the
indication that no communication is possible). To set up a secured/unsecured cli-
ent/server system, you must edit the project.
Server Station
A dedicated workstation with the following features:
Desigo CC server
Own administration
Microsoft SQL installed/remote customer MS SQL
Own network segment
IPv4/IPv6
IT firewalls must allow communication between server and client
Client Station
A dedicated workstation with the following features:
Desigo CC client/FEP
Own administration
IPv4/IPv6
Internal firewalls
Security
Secure client/server deployments require medium configuration setup.
Certificate Usage
This scenario explains setting up a secured client/server communication using cer-
tificates from the Windows store.
For a client/server deployment, the following restrictions apply with respect to cer-
tificates:
The root certificate validates the certificates used for communication. There-
fore, it must be the same for all host certificates and it must be installed into
the server and in all clients.
The root and communication (host) certificates must be different and have
different subject names.