DCO security

EcoStruxureIT · ‎2019-10-07

Data Center Operation is a client/server configuration. The client runs on standard PC.

See System requirements in the DCO user guide.

Default user account for client

When setting up a server, a default apc user account is created for logging on to the client. The default credentials should be changed.

See Managing DCO users and user rights in the DCO user guide.

Firewall

It is recommended that the firewall is enabled. The firewall will reduce the number of open ports to the required minimum. It will also protect internal services, such as the database, against external attacks. The firewall will allow all outgoing traffic and incoming traffic according Network firewall port details in the DCO user guide.

Software vulnerability, scans and certifications

Schneider Electric Vulnerability Handling & Coordinated Disclosure Policy V3.0

End-of-version for Data Center Operation version 8.3.x, its modules, and all prior versions was January 1, 2022.

More...

New vulnerability patches for DCO 8.3.x will not be provided.

Upgrade to IT Advisor to use all the new features and get security updates, free for all customers with active support contracts.

The Schneider Electric Cybersecurity Portal is the single source for up-to-date information about cybersecurity vulnerabilities and incidents for installed solutions.

Antivirus

Data Center Operation does not include antivirus in the installation. From a functionality point of view, it is fine to install an antivirus program on the server. We do have experience that antivirus will affect client performance and that performance loss depending on configuration can potential lead to errors.

Logging

The DCO product has several log files capturing kernel, cron job, etc. based on standard Linux capabilities. Furthermore, DCO logs all user account changes, logins and logouts to the Audit Trail log (available with change module license). The logs do not contain confidential information but might include some of the data entered when building the model.

Server log files are stored on the server and are accessible to system administrators via the server configuration interface, Webmin (DCO>Download Log Files).

Client log files are stored in the user folder, e.g. Windows 7: C:\Users\[Username]\.isxo\[Version]\Operations\application.log or Mac: ~/.isxo.

Asset Management Records: Asset additions, changes, moves, and removals are tracked and can be found in Audit Trail report in the Reports section.

User Account Records: User additions, changes, and removals can be configured in User Rights and Authentication. These are tracked and can be found in the Audit Trail report in the Analytics->Reports section.

Database architecture

Currently the database and server make up one unit and cannot be separated. The database and operating system are running on the same partition on the server by default. The database technology is postgreSQL and cannot be exchanged with any other database type or technology. The database is protected using RSA 2048 bits certificate password encryption.

ETL is open to other database types and technologies. You can find more information about ETL here.

DCO security

Related Forums

EcoStruxure IT forum

APC UPS Data Center & Enterprise Solutions Forum

DCO security

Default user account for client

Firewall

Software vulnerability, scans and certifications

Antivirus

Logging

Database architecture