Technical prerequisites for web & mobile clients deployment
The deployment of web and mobile clients implies, in fact, the use of computer networks, internal to an organization with restricted access to a certain domain, or external with wider access, for example from the internet.
Above all, the deployment will depend on the sizing of the necessary architecture according to the uses: number of users, number of installations (networks, sites …), and nature of access (internal, external access, office and industrial networks …) etc.
In any case, it will be necessary to respect technical prerequisites in terms of security in particular, such as:
– Ensure the legitimacy of the servers
– Protect data during exchanges between servers and web clients
– Manage access to data according to areas of use
The main objective is to guard against a malicious attack that alters the data and can have serious consequences on the operation of the installations.
In other words, you have to know how to answer the following questions:
– Where do the data come from?
– Are the data the same at the start and the finish?
– Who has the right to access it and in what domain?
For this, the following actions should be performed when deploying web or mobile clients:
– Sizing of the system and networks
– Securing networks
– Implementation of an adapted domain management
– Using a secure data exchange protocol
– Creation of digital security certificates
It is clear that this approach requires IT skills but also the expertise of the automation specialists and maintenance/operation operators.
Sizing of system
This step will consist of defining a number of elements that will guide the technical decisions to be made. The following questions will need to be answered:
– Number of users? Beyond a certain number of users, the use of a server-type station will be imperative.
– Number of installations (networks, sites …)?
– Nature of access?
o Internal or external access on one or more networks (industrial, office, internet, …)
The nature of the access will have direct consequences on the technical choices. For example if an external access from the internet is planned for the web clients a VPN will have to be put in place.
Securing networks
The deployment of web or mobile workstations needs to follow good cybersecurity practices in terms of network deployment, ie to ensure that access is strictly defined and data flows are controlled according to the nature of the data networks.
Thus a web client must not be able to directly access the industrial networks on which the equipment is located.
Classically a post hosting the web server must be isolated from other networks because it is the entry point of requests from web clients and therefore a point of vulnerability.
For this it will be necessary:
– to set up routers to segment the networks,
– to install firewalls to control data flows, especially from the outside to the inside of the networks,
– to put the web server in a buffer zone called DMZ[1].
A DMZ or demilitarized zone is a network isolated from both industrial networks and external networks. In the diagram below, given as an indication, the web client accesses industrial and field networks only through the web server located in a DMZ. Firewalls handle allowed flows and filter data.
Figure 2 – Example of architecture
Check out our WEB & mobiles solutions:
https://www.pcvuesolutions.com//products-a-technology/webvue-web-client
https://www.pcvuesolutions.com//products-a-technology/touchvue-assets-based-services
https://www.pcvuesolutions.com//solutions/mobility
[1] DMZ : DeMilitary Zone
Created on: 2 Dec 2019
