User Manual

Intended Operation Environment (Including Deployment Options)

Definition of Intended Operational Environment

A6V11917735_en_b_41

19 | 28

3 Intended Operation Environment (Including

Deployment Options)

3.1 Definition of Intended Operational Environment

The DNA (Driver iNdependent Architecture layer) software enables the integration

between Cerberus DMS and Novigo/Cerberus PACE VA/PA systems, thus

providing bidirectional communication, and alarm monitoring and management of

Novigo/Cerberus PACE in Cerberus DMS.

Figure 5: System Overview

The communication between DNA and Novigo/Cerberus PACE is based on the

ITC-Net API, which is an unprotected protocol on TCP/IP.

This requires that the connection between Cerberus DMS and the

Novigo/Cerberus PACE control unit must be protected from attacks and

unauthorized access.

Cerberus DMS and Novigo/Cerberus PACE must be operated in a protected

environment. The following secure deployments are possible:

● Isolated network [➙ 20]

● Tunneled network [➙ 22] (through VPN)

The components in Cerberus DMS must not be connected to other networks (for

example, intranet or the Internet), except for temporary connections created for

maintenance purposes.

The following sections describe the permitted use cases in detail. For a system

tree structure and for systems with ring structure the requirements similarly apply.

Any other possible applications other than the following use cases are not

permitted.

NOTICE

Unauthorized access and manipulation of the security-relevant PACE zone

In case of alarm, limited or no evacuation and personal injury due to corrupted

system.

NOTICE

Insecure Networks

Connections between computers at backbone level and insecure networks (like

the Internet or any other networks) can compromise the security of the system.