Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
31323334353637383940
Network Security Controls
3
31
Siemens
Application Note
Smart Infrastructure
The required certificates (SMC created or commercial) are imported in the
Windows Certificate store:
The root certificate of the host certificate provided for CCom port se-
curity is imported in the Trusted Root Certification Authorities
store.
The communication between the web server and the web/Windows
App clients is always secured. Hence, the web site and the web appli-
cation creation certificates are mandatory. Desigo CC supports using
either the same or different certificates for the web site and the web
application. This chapter describes how to configure the web server to
use the same certificate for both the web site and the web application.
When a commercial certificate is used for creating a web site and web appli-
cation, then ensure the following:
The commercial self-signed certificate must be imported in the Trust-
ed Root Certification Authorities and Personal stores of the Local
machine store.
The commercial host certificate, along with its private key, must be
imported in the Personal store and its root certificate must be import-
ed in the Trusted Root Certification Authorities store of the Local
machine store.
You can also configure a remote web server (IIS) as an Installed Client/FEP.
This will allow you to perform the Client/Server deployment scenario. For
more information, see client/server deployment scenario.
Security
Secure server/remote web server (IIS) deployments require medium secu-
rity configuration setup.
The component in the DMZ are exposed to internet, therefore it is im-
portant to keep them up to date to the latest security patches
Deployment Diagram
Figure 13: Remote Web Server Deployment Scenario.