Secure Communication
When deciding how to deploy the adapter you develop, you need to consider the security and privacy needs for the data you are exchanging between the adapter and the Desigo CC driver. Since the adapter acts as a web server, any client can connect to it and access its data. For example, from anywhere on the intranet, you can point a browser or Postman at your adapter URL and use those tools to read and write the data you expose. This may not be desirable or acceptable on a customer site. You have two deployment options for addressing these security concerns.
Recommended Option
The recommended deployment option is to allow the adapter to be accessed only by the local computer it is running on. In this scenario, you deploy the adapter on the same computer as Desigo CC.
VPN Option
The other option is to use a VPN between Desigo CC and the computer you deploy the adapter on. This will also secure the data from the intranet and only allow access to computers on the VPN. This method may require IT support and is more costly than using the recommended option. However, this option may be required when you must deploy on a separate computer or on an embedded device.
HTTP vs HTTPS
The following information also applies to WS and WSS for WebSockets.
The SORIS driver and the adapters support both HTTP and HTTPS. HTTPS adds encryption for more secure communication, but this marginally decreases performance. It also requires some extra configuration and management of certificates. Here are some additional guidelines:
- If you are running the adapter on the same machine as the driver, you only need to use HTTP.
- If the adapter and the driver are on the same intranet, and security is not a major concern for the type of data being exchanged, you can still use HTTP.
- If communication occurs on the internet or less secure intranets, you should use HTTPS.
- The decrease in performance for HTTPS can be significant if you are using an inexpensive embedded device for the adapter.
Certificates
You may want to create optional, self-signed certificates for both C# and Java adapters, or you might want to configure a C# Adapter to accept client certificates if the adapter is running on a remote client. If the adapter is not deployed in a secure environment (intranet), you must configure authentication for it.
For step-by-step instructions on these scenarios, see the following topics:
Configure a C# Adapter with HTTPS and WSS
Configure a Java Adapter with HTTPS and WSS
Configure a C# Adapter to Accept Client Certificates
