Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Application Server

Data protection in Application Server and System Platform

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Data protection in Application Server and System Platform

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 22, 2024
  • 2 minute read

Protection for System Platform data can be enabled as it is stored (data at rest), transferred (data in transit), and used (data in use).

  • Data at rest refers to the data that is stored on a hard disk drive (HDD) or solid state drive (SSD). In the context of System Platform, this data includes SQL databases, code modules, and configuration data that exist on a GR node or Historian node, as well as any other stored data, such as Galaxy backups.

  • Data in transit refers to data being transmitted across nodes, such as deploying a Galaxy to a run-time node, and changing or propagating configuration changes to GR nodes.

  • Data in use refers to run-time data, such as changing a set point, acknowledging an alarm, or the data being viewed on a visualization client.

The following is a summary of how Application Server allows data to be protected through encryption utilizing industry standards.

Data protection summary

  • Data in transit is encrypted between System Platform nodes, provided that AVEVA recommendations are followed and the System Management Server (SMS) is enabled. SMS configuration is normally done when System Platform is installed, and applies to all System Platform nodes for which SMS has been enabled. Communications are encrypted using TLS 1.2.

  • Data at rest can be protected, if necessary, by enabling BitLocker. BitLocker is a Windows feature that encrypts an entire storage volume. Note, however, BitLocker can slow down performance.

  • Data in use can be protected by enabling strong user authentication policies and procedures. Enable Galaxy security to limit user access to the functions that each user needs to perform their job. The use of Named Credentials within AVEVA OMI ViewApps can enhance user-based or group-based security at run time.

  • Encryption key management and storage: TLS certificates are stored locally by the operating system in the Windows Certificate Store. Keys can be managed with the Windows Certificate Manager.

  • Federal Information Processing Standards (FIPS): Application Server does not support the FIPS security policy option in Microsoft Windows.The Federal Information Processing Standards are United States Government standards that provide a benchmark for implementing cryptographic software. If FIPS is enabled in the Local Security Policy settings, disable it.

TitleResults for “How to create a CRG?”Also Available in