Table of Contents
Advertisement
4
Network Architecture and Secure
Deployment
This chapter provides security recommendations for deploying remote access using iFIX WebSpace.
4.1 Reference Architecture
The following figure provides a reference deployment of IPC2018 IPC components. The control system network is segregated
from other untrusted networks such as the enterprise network (also referred to as the business network, corporate network, or
intranet) and the internet. Process control network data and applications are authenticated and exposed in a limited fashion
using web-based applications and reporting capabilities.
Network Architecture
4.2 Demilitarized Zones (DMZ)
A DMZ architecture uses two firewalls to isolate servers that are accessible from untrusted networks. Never expose an iFIX
SCADA node directly to the internet. Instead, place a relay server or WebSpace in a DMZ configuration.
For additional isolation, three firewalls can be deployed to create a double-hop DMZ configuration in which both the relay
server and the WebSpace server can be deployed in their own DMZ.
Network Architecture and Secure Deployment
GFK-3015 Secure Deployment Guide 13
For public disclosure
Advertisement
Table of Contents
