Home > Products & Technology > Industrial Application Server : Security
Content Authors: Please type in your comments below on what was changed or added.
Please keep existing comments that may be there for future recordkeeping, and include a date with your
comment.
Page Content
Please type in or update your page content below.
Industrial Application Server
Security Capabilities
System Change Audit & Security Capabilities
Security Down to the Individual Data Element
The Industrial Application Server provides data security at the lowest possible level of granularity and extends the Microsoft Windows security model down to the physical equipment layer, providing security attributes that specifically match factory requirements. At this level, data is arranged according to plant area. Users will enjoy the same centralized, easy log-in procedures that the Microsoft model offers, but the Industrial Application Server expands upon them after clients enter the system. Carrying the security model down to the equipment and associated automation levels provides much greater granularity of secured access.
Most HMI vendors offer operator and administrator logon security, but this only allows them to control who can start an application or interact with a display. This inadequate security model allows any user who can open a display or window in the editing tool to change anything in the control system. In order to restrict data access with this model, operators and administrators must spend a great deal of time scripting or programming security into each application. Even then, scripted HMI and SCADA security is only enforced at the window interface level, not the data level. This means that the only enforcement of the application security at runtime is through the application windows. Plus, open interfaces like OPC and DDE pass/transfer (MS2) data values without additional security. So, even if security is configured into an application, anyone can access any data value within that application, leaving the system alarmingly at risk.
Whereas, Wonderware's Industrial Application Server allows every single object and attribute in a network to be locked down, both from a development and run-time point of view. As data travels through the network, information about who made the request, that person's role, permissions and, in some cases, encrypted password information accompanies the data. There is also an audit trail for development activities that keep track of who made which change and when.
FDA 21 CFR Part 11 Ready
The FactorySuite® Industrial Application Server approach to security is ideal for industrial applications that are impacted by regulatory and FDA 21 CFR Part 11 requirements. Engineering FDA-regulated applications is now very simple, with support for automated configuration audit trails, secure writes and verified reads.
The Industrial Application Server provides data-model security at the lowest possible level of granularity and extends the Microsoft® Windows® security model down to the physical equipment layer, providing security attributes that specifically match factory requirements. Users will enjoy the same centralized, easy log-in procedures that the Microsoft model offers, but the Industrial Application Server expands that security model by carrying it down to the equipment and associated automation levels, providing much more granular secured access for electronic signatures and audit trails.
Examples of security settings include:
- Alarm limits, tuning parameters, change privileges
- Security settings at user, device and physical locations
- Template configuration and modification tracking
