User Manual
Intended Operation Environment (Including Deployment Options)
Definition of Intended Operational Environment
3
18 | 27
A6V11917731_en_b_41
3 Intended Operation Environment (Including
Deployment Options)
3.1 Definition of Intended Operational Environment
The DNA (Driver iNdependent Architecture layer) software enables the integration
between Desigo CC and Novigo/Cerberus PACE VA/PA systems, thus providing
bidirectional communication, and alarm monitoring and management of
Novigo/Cerberus PACE in Desigo CC.
Figure 5: System Overview
The communication between DNA and Novigo/Cerberus PACE is based on the
ITC-Net API, which is an unprotected protocol on TCP/IP.
This requires that the connection between Desigo CC and the Novigo/Cerberus
PACE control unit must be protected from attacks and unauthorized access.
Desigo CC and Novigo/Cerberus PACE must be operated in a protected
environment. The following secure deployments are possible:
● Isolated network [➙ 19]
● Tunneled network [➙ 21] (through VPN)
The components in Desigo CC must not be connected to other networks (for
example, intranet or the Internet), except for temporary connections created for
maintenance purposes.
The following sections describe the permitted use cases in detail. For a system
tree structure and for systems with ring structure the requirements similarly apply.
Any other possible applications other than the following use cases are not
permitted.
NOTICE
Unauthorized access and manipulation of the security-relevant PACE zone
In case of alarm, limited or no evacuation and personal injury due to corrupted
system.
NOTICE
Insecure Networks
Connections between computers at backbone level and insecure networks (like
the Internet or any other networks) can compromise the security of the system.