ITA security

EcoStruxureIT · ‎2020-08-18

IT Advisor on-premise is a client/server configuration. The on-premise server can be configured to run with a data recovery node. The client runs on a standard PC.
ITA system requirements for on-premise installations

Default user account for client

When setting up a server, a default apc user account is created for logging on to the client. The default credentials should be changed. See Managing ITA users and user rights.

Firewall

It is recommended that the firewall is enabled. The firewall will reduce the number of open ports to the required minimum. It will also protect internal services, such as the database, against external attacks. The firewall will allow all outgoing traffic and incoming traffic according to these details.

Software vulnerability, scans and certifications

Read the Schneider Electric Vulnerability Management Policy

Three different software scanning tools are run against IT Advisor: Retina, Nessus and Acunetix.
Some of these scans might also be part of official certifications like e.g. DOD RMF IT (Former DIACAP) or FIPS140.

Antivirus

IT Advisor does not include antivirus in the installation. From a functionality point of view, it is fine to install an antivirus program on the server. We do have experience that antivirus will affect client performance and that performance loss can potential lead to errors depending on configuration.

Logging

The ITA product has several log files capturing kernel, cron job, etc. based on standard Linux capabilities. Furthermore, ITA logs all user account changes, logins and logouts to the Audit Trail log (available with change module license). The logs do not contain confidential information but might include some of the data entered when building the model.

Server log files are stored on the server and are accessible to system administrators via the server configuration interface, Webmin. Go to ITA > Download Log Files.

Client log files are stored in the user folder, for example, Windows: C:\Users\[Username]\.isxo\[Version]\Operations\application.log or Mac: ~/.isxo.

Asset Management Records: Asset additions, changes, moves, and removals are tracked and can be found in Audit Trail report in the Reports section.

User Account Records: User additions, changes, and removals can be configured in User Rights and Authentication. These are tracked and can be found in the Audit Trail report in the Analytics >Reports section.

Database architecture

Currently the database and server make up one unit and cannot be separated. The database and operating system are running on the same partition on the server by default. The database technology is postgreSQL and cannot be exchanged with any other database type or technology. The database is protected using RSA 2048 bits certificate password encryption.

ETL is open to other database types and technologies. You can find more information about ETL here.

ITA security

Related Forums

EcoStruxure IT forum

APC UPS Data Center & Enterprise Solutions Forum

ITA security

Default user account for client

Firewall

Software vulnerability, scans and certifications

Antivirus

Logging

Database architecture