Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
31323334353637383940
3
Network Security Controls
34
Siemens Application Note
Smart Infrastructure
Server Station
A single dedicated workstation with the following features:
Desigo CC server is installed.
Microsoft SQL is installed on the Desigo CC server.
The server project folder is shared.
The required certificates are imported in the Windows Certificate store:
The root certificate is imported in the Trusted Root Certification
Authorities store.
The host certificate is imported in the Personal store.
The host certificate used must have a private key; no private key is needed
for a root certificate.
Remote Web Server (IIS) Station in a DMZ
A dedicated workstation serving as web server for hosting the web
site/application. To simplify the web site configuration, it is recommended
that you install the Desigo CC client or FEP software on this machine.
The web application user on the remote web server has access rights on
the shared project folder on the server.
The required certificates are imported in the Windows Certificate store:
The root certificate of the host certificate provided for CCom port
security is imported in the Trusted Root Certification Authorities
store.
The communication between the web server and the
web/Windows App clients is always secured. Therefore, creating
the web site and the web application certificates are mandatory.
Desigo CC supports using either the same or different certificates
for the web site and the web application. This section describes
how to configure the web server to use the same certificate for
both the web site and the web application.
The certificate and its private key must be imported into the Win-
dows certificate store (in the Local Machine\Personal store; its root
certificate must be imported in the Local Machine\Trusted Root
Certification Authorities (TRCA) store). The private key must be
marked to be exportable.
If different commercial certificates are used for creating the web
site and web application, then both must be present in the Trusted
Root Certification Authorities store and the Personal store of the
Windows Certificate store.
Security
Secure server/remote web server (IIS) deployments require high security
configuration setup.
The component in the DMZ are exposed to internet, therefore it is im-
portant to keep them up to date to the latest security patches.