Security and permissions

Note the following about security and permissions when running an MES Cloud integration installation:

• To prevent HTTPS-related vulnerabilities, such as reply and collision attacks, a secure, supported version of TLS should be enabled on the environment where MES Cloud integration is being installed.

• The user performing the installation must have administrator privileges for the Windows operating system on the node on which the software is being installed.

• During the installation, a services account named MESCuratorHostService for the MES Curator Host service is created. When configuring the MES Curation Services component, you can select an option that will provide the necessary permissions to the MES Cloud integration database server for this service account. For more information, see Configure the Staging Curation Services AVEVA Identity Manager settings.

• When installing in a workgroup environment, permissions to access the MES database must be granted manually.

• The MES Curation Services component uses AVEVA Identity Manager (AIM) to authenticate users.

DMZ Secure Link

DMZ Secure Link can be an important part of an overall security architecture for your operation. It helps restrict internet access to allow connections only to the online resources required to use the desired CONNECT solutions.

DMZ Secure Link uses a transparent proxy where an allowlist, maintained by AVEVA, enables connection from on-premise System A to System B (CONNECT) easily and securely. This solution requires minimal configuration and no extra administration while offering the following advantages:

• DMZ Secure Link facilitates using AVEVA SaaS solutions in a segmented network architecture without exposing systems to the entire internet.

• DMZ Secure Link supports compliance and regulatory requirements.

• DMZ Secure Link can work with additional proxy servers to protect your network infrastructure.

To learn more about how to install and configure the product, click here.