Stand-Alone System with a Local Web Server (IIS)
The following describes a typical deployment scenario for setting up a Desigo CC system with a local web server (IIS) on a single computer.
What is a Local Web Server?
The Windows App client option requires installing an optional web server component (IIS). When the web server (IIS) is installed on the same computer as the Desigo CC server, it is called the local web server (IIS).
What is a Stand-Alone System with a Local Web Server?
A local web server is a single dedicated workstation with the following features:
- Desigo CC Server
- Web server (IIS)
- Own administration
- Microsoft SQL installed
- Accessed by means of Windows App client
- Intranet, own network segment
- IPv4
- No IT firewalls (to other network segments or to the Internet)
Security
- Simple setup
- Effort for security configuration is medium
- A stand-alone system with a local web server must be protected against attacks from other machines in the network. Follow the configuration guidelines to limit outside communication by firewall settings, virus scanner, and so forth to secure the system.
Certificate Usage on a Stand-alone System with a Local Web Server
- No certificate is required for the communication between the Desigo CC server and the installed client or FEP since there is no FEP and no remote installed client in this deployment.
- The communication between the Desigo CC server and the local web server (IIS) can be left unsecured (without certificates), since they are both installed on the same machine.
- The communication between the web server and Windows App clients is always secured. Hence, the Web site and the web application creation certificates are mandatory. Desigo CC supports using either the same or different certificates for the web site and the web application. This section describes how to configure the web server using the same certificate for both the web site and the web application.
- The certificate and its private key must be imported into the Windows certificate store (in the Local machine\Personal store; its root certificate must be imported in the Local machine\Trusted Root Certification Authorities (TRCA) store). The private key must be marked as exportable.
Validity of Self-Signed Certificates
Self-signed certificates allow local deployments without the overhead of obtaining commercial certificates. When using self-signed certificates, the owner of the Desigo CC system is responsible for maintaining their validity status, and for manually adding them to and removing them from the list of trusted certificates.
Self-signed certificates must only be used in accordance with local IT regulations (several CIO organizations do not allow them, and network scans will identify them). Importing the commercial certificates follows the same procedures.
You must ensure the compliant installation of the trusted material on the involved machines, for example, on all Installed Clients. In some organizations, this must be done by the IT organization.
Deployment Diagram
