Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
41424344454647484950
Cyber Security Concepts -
How to Secure the System
4
43
Siemens
Application Note
Smart Infrastructure
4.4 License Security
Licensing is important to guarantee the operation of the system within the agreed
system limits. Only the system is allowed to change license data.
If a license becomes temporarily unavailable (for example, dongle un-plug) the
system continues running fully operational for a demo period of 30 minutes. The
system continues to check for the license and shuts down at the end of the demo
period, if the license checks are unsuccessful.
Exceeding the limits of the license (for example, by integrating more field system
data points than stated in the license), puts the system into Courtesy mode.
Phases of Courtesy mode accumulate until a total duration of 30 days is exceeded,
then the server shuts down. Unless new licenses are purchased and activated,
after a manual restart the system returns into Courtesy-mode strike exceeding and
shut down.
Any unauthorized attempt to modify system license data directly in the database
(for example, change of the remaining time of a specific license mode) shuts down
the system.
4.5 Stored Data Security
Data is generally stored unencrypted in Desigo CC. Exceptions are sensitive data
such as passwords for accessing Desigo CC (hashed), or passwords required by
Desigo CC to access field system devices (encrypted).
Project Data
Runtime data (process image) and engineering data is stored in a file-based
database in a subdirectory of the project directory. Data is unencrypted and
database access can only be prevented by restricting access to the database files.
The project directory must be shared when deploying Installed Clients. It is hence
important to restrict access to the DB folder in the project directory to the Windows
account running the Desigo CC Server.
Database (HDB)
Historical data is stored in an access-controlled Microsoft SQL Server database.
This database should be outside the project folder to allow for independent
handling and backup of project data and historical data. It is recommended to
encrypt the connection to the History Database when using a remote MS SQL
Server.
Backups of Project or History Database
Backups of the system or archives from the History Database are not encrypted
and can get restored on any system. Therefore, it is important to store backups in
secure locations and encrypt if necessary (different passwords should be used for
different sites).