Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Preface 2
Commissioning Manual
11/2016
A5E39249952-AA
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will be
used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property
damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified
personnel are those who, based on their training and experience, are capable of identifying risks and avoiding
potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended or
approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described.
Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in
this publication is reviewed regularly and any necessary corrections are included in subsequent editions.
1 Security information......................................................................................................................................5
2 Preface.........................................................................................................................................................7
2.1 Structure and organization of the document............................................................................7
2.2 Special Notes...........................................................................................................................7
3 Support and Remote Dialup.........................................................................................................................9
3.1 Definitions................................................................................................................................9
3.2 Concept..................................................................................................................................10
4 Dialup.........................................................................................................................................................13
4.1 Local dialup............................................................................................................................13
4.2 Remote dialup........................................................................................................................14
4.2.1 Network medium....................................................................................................................14
4.2.2 Support device.......................................................................................................................15
4.2.3 Control System Network Access............................................................................................15
4.3 Choice of technology..............................................................................................................15
5 Practical information...................................................................................................................................21
5.1 General information................................................................................................................21
5.2 Siemens Remote Service (SRS)............................................................................................21
Required Knowledge
This documentation is aimed at anyone who is involved in configuring, commissioning and
operating automated systems based on SIMATIC. It is assumed that readers have appropriate
management knowledge of office IT.
Validity
Security Concept PCS 7 & WinCC incrementally replaces the following previous documents
and recommendations: "Security Concept PCS 7" and "Security Concept WinCC", and is valid
as of WinCC V6.2 and PCS 7 V7.0.
3.1 Definitions
Source: Microsoft
3.2 Concept
Demo System
The following figure shows an example system with front-end and back-end firewall as well as
all devices described in the section AUTOHOTSPOT, for example, the support / dial-up
stations of support staff.
(QWHUSULVH&RQWURO
1HWZRUN
)LUHZDOO
:$1
,QWUDQHW
'RPDLQ&RQWUROOHU 6XSSRUW6WDWLRQ
+LVWRULDQ 6,0$7,&,76HUYHU 6,0$7,&,764/6HUYHU
:HE&OLHQW 5RXWHU,6'1
9LUXVVFDQ6HUYHU
0DQXIDFWXULQJ
2SHUDWLRQV1HWZRUN )LUHZDOO 3HULPHWHU1HWZRUN
,6$6HUYHU
6XSSRUW6WDWLRQ
)URQW)LUHZDOO
5RXWHU,6'1
)LUHZDOO
,6$6HUYHU
%DFN)LUHZDOO 'RPDLQ&RQWUROOHU
:LQFF 26 3URFHVV&RQWURO
&OLHQW &OLHQW 1HWZRUN
6FDODQFH;EDVHGUHGXQGDQWULQJ
that the additional network cards of an engineering station reactivated (for example, CP 1623)
in contact with the CSN are deactivated at the beginning and only reactivated after successful
verification.
Internet
If dialup is via the Internet, maximum possible security must be guaranteed, as in principle
every user on the Internet can attempt to establish a dialup connection to the VPN server. The
VPN server is part of the back firewall and therefore the responsibility of the system
administrator and is published over the front firewall to the WAN (Internet/intranet/office
network). In this scenario, the front firewall accepts VPN connections by proxy and then
forwards them to the back firewall. This configuration ensures that the front firewall has
absolutely no routing information for the PCN or information on the network structure within
the MCS level.
A unique user with a strong password must be created for each support employee for access
to be transparent. Users should only be enabled temporarily and following consultation by
telephone. A particularly secure tunnel protocol, such as L2TP-IPsec VPN, must be used for
communication to guarantee the integrity and confidentiality of the data via a high level of
security and encryption depth.
Defined Support PC
If the support employee is an internal company employee who has to access the system
regularly or, for example, the software manufacturer who has a maintenance contract with the
system operator, it is recommended that a system support PC is made available to the support
service provider for the support employee. The system operator installs this support PC as per
the internal company security policies, configures it for support dialup (IPsec, certificates,
user), installs the required programs and deploys the PC to the support service provider. After
successful VPN dial-up (either through the Internet or a direct connection), the support PC is
in a quarantine network and is checked by the quarantine functionality of the MS ISA server /
MS TMG (back firewall). A simple check is sufficient to determine that the settings have not
been changed and that they still conform to internal company security policies. After checking
has completed successfully, the support PC is granted access to the PCN and can provide
support on the PCN. Organizational measures (e.g. contractual conditions) must be
implemented to ensure that the support employee is informed that the support PC may only
be used for this defined task.
Any PC
If the support employee works with his/her own PC, i.e. a device that is completely unknown
to the system operator and which the system operator cannot configure, greater security
requirements must be applied to access. After successful VPN dial-up (either via the Internet
or a direct connection) the PC is in a quarantine network and is checked by the quarantine
functionality of MS ISA server / MS TMG (back firewall). A detailed test should be performed,
including a complete virus scan, installation of any missing security updates, activation of the
local firewall, etc. Once the PC has passed this test, remote access is granted to it either by
an engineering station located directly in the plant or one installed in the perimeter network for
this purpose.
3&6:LQ&&6XSSRUW
RQO\3URFHVV&RQWURO
1HWZRUN
'LUHFWFRQQHFWLRQ ,QWHUQHW
EHWZHHQGHYLFHV
3&6:LQ&&6XSSRUW
FRPSOHWHLQFOXGLQJ
&RQWURO1HWZRUN
'LUHFWFRQQHFWLRQ ,QWHUQHW
EHWZHHQGHYLFHV
931GLDOXSYLD3373ZLWK 931GLDOXSYLD/73ZLWK
TXDUDQWLQHFKHFN$FFHVVWR FRPSUHKHQVLYHTXDUDQWLQH
DQ(6RQWKHV\VWHPYLD 1RWSHUPLWWHG FKHFN$FFHVVWRDQ(6RQ 1RWSHUPLWWHG
5HPRWH'HVNWRSRU WKHV\VWHPYLD5HPRWH
1HW0HHWLQJZLWKFRQQHFWLRQ 'HVNWRSRU1HW0HHWLQJZLWK
WRWKHV\VWHPEXV FRQQHFWLRQWRWKHV\VWHPEXV
1RQDGPLQLVWUDWLYHDFFHVV
WRQRQ6,0$7,&SURJUDPV
'LUHFWFRQQHFWLRQ ,QWHUQHW
EHWZHHQGHYLFHV
$GPLQLVWUDWLYHDFFHVVWR
V\VWHPSURJUDPV
'LUHFWFRQQHFWLRQ ,QWHUQHW
EHWZHHQGHYLFHV
931GLDOXSYLD3373ZLWK 931GLDOXSYLD/73ZLWK
FRPSUHKHQVLYHTXDUDQWLQH FRPSUHKHQVLYHTXDUDQWLQH
FKHFN$FFHVVWRWKH 1RWSHUPLWWHG FKHFN$FFHVVWRWKH 1RWSHUPLWWHG
SURJUDPYLDVSHFLDOUHPRWH SURJUDPYLDVSHFLDOUHPRWH
WRROVUHPRWH00& WRROVUHPRWH00&
$GPLQLVWUDWLYHDFFHVVWR
WKHHQWLUHV\VWHP
'LUHFWFRQQHFWLRQ ,QWHUQHW
EHWZHHQGHYLFHV
931GLDOXSYLD3373ZLWK 931GLDOXSYLD/73ZLWK
FRPSUHKHQVLYHTXDUDQWLQH FRPSUHKHQVLYHTXDUDQWLQH
FKHFN 1RWSHUPLWWHG FKHFN 1RWSHUPLWWHG
5HPRWH'HVNWRSWRWKH 5HPRWH'HVNWRSWRWKH
FRPSXWHU FRPSXWHU
NetMeeting
Information on NetMeeting is available here:
http://support.microsoft.com/kb/878451/de (http://support.microsoft.com/kb/878451/en)
Remote support
The help wizard account (installed during a remote support session) is the primary account
used to set up a remote support session. This account is created automatically when you
initiate a remote support session and has limited access to the computer. The help wizard
account is managed by the service session manager for Remote Desktop help and is
automatically deleted if remote support is no longer required/has been completed.
You can find additional information on remote support here: http://go.microsoft.com/fwlink/?
LinkId=38569 (http://go.microsoft.com/fwlink/?LinkId=38569)
VNC
Please also refer to the section "Remote Service and Remote Operation" in the PCS 7 Readme
(online).
the responsibility of the SRS provider and is contractually agreed between the customer and
the SRS provider.
Furthermore, SRS also decides which tools may be used for plant support and, since all tools
are provided via the terminal server in the SRS server center, it ensures the timeliness and
reliability of these tools.
All tools recommended by PCS 7 & WinCC for remote access are supported by SRS.
For further information about cRSP, contact your sales partners and visit https://
support.industry.siemens.com/cs/ww/en/sc/2281 (https://support.industry.siemens.com/cs/
ww/en/sc/2281).
The SRS solution is described in detail in a separate manual.