User Guide
Table Of Contents
Intended Operation Environment
Isolated Network Deployment
4
A6V11979532_en_b
19 | 26
● In case one of the allowed components is remote, a physically protected and
secured communication is also required through tunneling that enables the
users to create a virtual network between two remote points on an existing
public IP network and communicate through a VPN.
● The Zone Boundary Protection must be implemented through VPN and firewall
to limit the inbound and outbound communication to temporary exception for
maintenance remote access.
4.2 Isolated Network Deployment
Isolated Local Network
An isolated local network consists of servers that are connected in an environment
which has no connection to any other network. In this model, there is zero network
connectivity to a larger internal network or the Internet. Since there is no potential
for remote exploits from a large number of unknown sources, this environment
provides well defined physical, network, and security characteristics.
By definition, the access to this configuration is limited to personnel with access to
the trusted admin hosts on the closed local network. Threats consist of an
accidental connection being made to other networks, a trusted admin installing an
unsigned package, or an application that might inject a malware agent.
Guidelines for the isolated local network model:
● Set all default passwords for uniqueness and complexity.
● Limit physical access to essential personnel.
● Avoid installing untrusted third-party software.
Stand-Alone Desktop Configuration
The stand-alone configuration is used with small sites that use few control units
and require only a single operator station. The station can be either single or multi-
discipline.
In the stand-alone configuration, there is only one station, eventually with a client
station, which contains all the software layers that make up the system (Client,
Server, and Communication).
The following the figure presents a Local access to a NK823x system with a stand-
alone management station (MMS):
Fig. 6: Stand-alone Local Access MMS
LAN ( Ethernet TCP / IP )
Server / Client Client
Protected Zone
AlgoRex
CS11 STT11/20 DF8000
Sintony
SI410FS20