On this page:

General Requirements

The StruxureWare Data Center Infrastructure Management suite may consist of the following components:

  • StruxureWare Data Center Expert
  • StruxureWare Data Center Operations Suite of Products
  • SturxureWare Data Center: IT Optimize collection server
  • StruxureWare Portal

Each of these components will require a dedicated server to host the component.  In the case of Data Center Expert, if a physical server is not delivered by Schneider-Electric, then the customer provided server will be a virtual server hosted on a VMware ESX 4.1 or later infrastructure  For Data Center Operations and Capacity as well as IT Optimize , the server may be installed onto either a virtual environment, or installed onto a physical server.

Each of the components will require a unique IP address.  In the case of Data Center Expert, a second IP address for the private network segment may be required depending upon requirements of the monitoring solution.  The physical port connections will depend upon the installation approach.  Should each component be hosted on a unique server then the following port connections will be required:

  • StruxureWare Data Center Operations Suite, 1 Network port
  • SturxureWare Data Center: IT Optimize 1 Network port
  • StruxureWare Data Center Expert 1 Network port, or 2 if private network required
  • StruxureWare Portal: 1 Network Port

Component

Server Required

Physical or Virtual

IP address Required

Physical Network Port

Operations

Yes

Either

1

Yes if on dedicated physical, No if sharing network port on virtual

IT Optimize Server

Yes

Either

1

Yes if on dedicated physical, No if sharing network port on virtual

Data Center Expert

Yes

Virtual

1 or 2

No, will utilize a shared port or ports on the hosting virtual

Portal

Yes

Either

1

Yes if on dedicated physical, No if sharing network port on virtual

StruxureWare Data Center Operation

System Requirements

These system specifications are recommendations for your DCO system configuration in general. The performance and operation of the system depends largely on the nature of the configuration, such as:

  • Number and population of racks
  • Number and nature of integrations to external systems
  • Number of devices and number of data points stored on these
  • Power path configuration (one big, several small, across rooms, etc.)
  • Concurrent and total users of the system and nature of their work cycle
  • Cluster configuration (recommended to run on hardware, not virtual setup for better ready time)

If StruxureWare Data Center Operation is running on lower specification servers than recommended, users may experience long response times or timeout issues. In addition, the server may not be able to process scheduled jobs in a timely manner. This can lead to an infinite job queue, where the amount of queued work on the StruxureWare Data Center Operation server is ever increasing to the point where one or more StruxureWare Data Center Operation cluster servers are no longer responsive.

Recommended server hardware for StruxureWare Data Center Operation

The StruxureWare Data Center Operation Suite requires a dedicated server, either hardware or a virtual environment. The operating system is included in the StruxureWare Data Center Operation installation. For further details, see here. The below requirements are referring to the latest version StruxureWare Data Center Operation.

Recommended StruxureWare Data Center Operation server configuration

Server requirement guidelines

  • CPU: 4 cores minimum. We recommend 8 cores
  • Memory: 16 GB RAM
  • 100 GB storage, speed minimum 170 MB/s
  • Cluster network: 1 Gbps connection between nodes
  • Disaster recovery network: 10 Mbps with low latency <100 ms

Server requirement guidelines for 10,000 racks across 200 rooms with 30 concurrent users

  • 8 CPU cores
  • 32 GB RAM
  • 1 Gbps network connection between cluster nodes
  • 100 GB storage, speed minimum 170 MB/s

Server requirement guidelines for 20,000 racks across 400 rooms with 30 concurrent users

  • 16 CPU cores
  • 64 GB RAM
  • 1 Gbps network connection between cluster nodes
  • 100 GB storage, speed minimum 170 MB/s

RAID systems

Recommended: Hardware RAID controllers (we have tested hardware controllers in the following server series, DELL x20 series, IBM M4 series, HP G8 series) Be aware there might be hardware RAID controllers that we have not tested in special configuration of the server series mentioned.

Not supported:

Generally all software RAID controllers

HP RAID Controller B-Series

DELL RAID Controller S-Series

Security configuration

For information about security configuration, see here.

StruxureWare Data Center Operation Server Communication

For information on server communication, see here.

Recommended StruxureWare Data Center Operation Client Configuration

  • Processor: 2 GHz Intel Core 2 Duo (or equivalent)
  • Hard disk: 500 MB free hard disk space for installation
  • Memory: 4 GB RAM
  • Display: Absolute minimum 1024x768 screen resolution with 16 million colors, 1280x1024 is recommended. For 3D view to work, 3D hardware including working drivers are needed
  • Operating System: MS Windows Vista, Windows 7, Windows 8, Windows 8.1, Mac OS X (Mountain Lion), Linux (supported Linux versions)
  • Browser: Internet Explorer (v11 and newer), Chrome (all versions), and Firefox (all versions)

These are the absolute minimum recommendations for running StruxureWare Data Center Operation but for larger setups, better specifications are recommended.

You must have local administration rights on the client computer during installation, first login, and license upgrade.

See also

StruxureWare Portal System Requirements
IT Optimize Server Requirements
IT Optimize Client Requirements
StruxureWare Data Center Operation Security 
StruxureWare Data Center Operation Network Firewall Port Details
Installing StruxureWare Data Center Operation 
Troubleshooting Performance Issues  
Configuring External System Integration  
StruxureWare Portal v.1.2 
Installing IT Optimize 
Initial Setup of StruxureWare Data Center Operation PRO Pack

Security Configuration of the Operation Platform

On this page:

StruxureWare Data Center Operation is a client/server configuration. The server can be configured to run in cluster mode with multiple nodes including data recovery node. The client runs on standard PC. You can find system requirements here.

Default user account for client

When setting up a server, a default apc user account is created for logging on to the client. The default credentials should be changed. See Managing Users in the System.

Firewall 

It is recommended that the firewall is enabled. The firewall will reduce the number of open ports to the required minimum. It will also protect internal services, such as the database, against external attacks. The firewall will allow all outgoing traffic and incoming traffic according to these details.


Packages used in StruxureWare Data Center Operation

Packages and their version numbers being used in StruxureWare Data Center Operationcan be found here.

Software Vulnerability, Scan(s) and Certifications

3 different software scanning tools are run against StruxureWare Data Center Operation. Status in terms of general known vulnerabilities can be found here.

Antivirus

StruxureWare Data Center Operationdoes not include antivirus in the installation. From a functionality point of view, it is fine to install an antivirus program on the server. We do have experience that antivirus will affect client performance and that performance loss depending on configuration can potential lead to errors, e.g. in a cluster environment.

Logging

The DCO product has several log files capturing kernel, cron job, etc. based on standard Linux capabilities. Furthermore, DCO logs all user account changes, logins and logouts to the Audit Trail log (available with change module license). The logs do not contain confidential information but might include some of the data entered when building the model. 

Server log files are stored on the server and are accessible to system administrators via the server configuration interface, Webmin (StruxureWare DC Operation>Download Log Files).

Client log files are stored in the user folder, e.g. Windows 7: C:\Users\[Username]\.isxo\[Version]\Operations\application.log or Mac: ~/.isxo.

Asset Management Records: Asset additions, changes, moves, and removals are tracked and can be found in Audit Trail report in the Reports section. 

User Account Records: User additions, changes, and removals can be configured in User Rights and Authentication. These are tracked and can be found in the Audit Trail report in the Analytics->Reports section.

Database architecture

Currently the database and server make up one unit and cannot be separated. The database and operating system are running on the same partition on the server by default. The database technology is postgreSQL and cannot be exchanged with any other database type or technology. The database is protected using RSA 2048 bits certificate password encryption.  

Running in a cluster will also make the database run in a cluster. It is furthermore possible to have disaster recovery (DR) node in your cluster environment. You can find more information here.

ETL is open to other database types and technologies. You can find more information about ETL here.

Network protocol and ports (incoming ports allowed by the firewall)

The firewall provides basic protection. If protection against sophisticated attacks is required, using a dedicated firewall product is recommended.

Communication across a NAT firewall is not supported.

The following protocols and ports are used by StruxureWare Data Center Operation:

Protocol

Transfer protocol

Port(s)

NetworkCredentials/AccessEncryptionComments

HTTP

TCP (SSL)

80 (443)

Latency less than 200 ms, bandwidth minimum 1 Mbps. Bandwidth usage between client and server heavily depends on size of solution, number of users and the type of operations done to the solution.

Manually created user and password (default apc/apc)

Authentication server integration support

There is no option to reset client user password

Password policy is not implemented in DCO but can be enforced using Authentication servers. Password can be ASCII format and numbers

Server and client negotiate SSL cipher type and key length

The server supports: AES256-SHA , DES-CBC3-SHA - 168 bits , AES128-SHA

The client will tell what is supported by the given client OS.

Communication between server and client
SNMPUDP161Basic system information and status of the Operation service will be exposed. More information can be found here
The SNMP server can be disabled using the Server Configuration interface
SNMP community string is default "public"For added security from v7.3.6, disable SNMPv1 and configure SNMPv3. More... 
JMSTCP (SSL)4457,4460 (4459,4462)Latency less than 200 ms, bandwidth minimum 1 Mbps. Bandwidth usage between client and server heavily depends on size of solution, number of users and the type of operations done to the solution.Controlled by DCOServer and client negotiate SSL cipher type and key lengthCommunication between server and client
PostgreSQLTCP5432Depending on system integration the bandwidth requirements should be specified accordingly.As specified in external system ETL configuration

Default MD5 authentication

Otherwise depending on database integration created

ETL communication between database and server
WebminTCP with SSL10000Depending on the applications used in Webmin.

Manually created user and password during installation

User password reset instructions

Server and client negotiate SSL cipher type and key lengthServer Configuration interface found at https.//<server ip>:10000
PingICMP Will reply to ping requests   

External systems related protocols (outgoing, default (can be edited))

HTTPTCP (SSL/TLS)80 (443)

Depending on system integration being used.

For StruxureWare Data Center Expert it is estimated that every alarm will be around 2000 characters in size. Sensor data has approximately the same size but is transferred more often (depending on the integration configuration). The alarm and sensor data are bidirectional communicated with the majority of data going to DCO. A catch-up job is run on a hourly basis (configurable) this job will poll number of active alarms * 2000 chars.

As specified in external system configurationDepending on system integrationVMware, SCOM, Cisco UCS
SMTPTCP25Email traffic from the DCO is limited and "user generated" via e.g. work order execution, some system configuration etc.As specified in external system configurationNot supportedcommunication with e-mail server
DNSTCP/UDP53Very limited traffic and bandwidth requirementAs specified in external system configurationNot supportedDNS server communication
NFSTCP/UDP111Depending on system integrationAs specified in external system configurationNot supported by protocolNFS mounted external drive
NTPUDP123Very limited traffic and bandwidth requirementAs specified in external system configurationDepending on system integrationNTP server communication
SMBTCP/UDP139Depending on system integrationAs specified in external system configurationDepending on system integrationSMB communication to NAS/SAN
CIFSTCP445Depending on system integrationAs specified in external system configurationDepending on system integrationCIFS communication to NAS/SAN
NFSTCP/UDP2049Depending on system integrationAs specified in external system configurationNot supported by protocolNFS communication to NAS/SAN

Disaster recovery node and cluster related protocols

SSHTCP22

Since text only is transferred the bandwidth requirement is very limited.

Handled by DCO serverYes. Server and client negotiate cipher type and key length SSH communication between server and nodes
HTTPTCP80Public key information will be exposedCredentials None / Required access for cluster membersNoneCommunication between cluster nodes of public key
PostgreSQLTCP5432

Based on some data usage testing we found that the minimum requirement for running a DR node on a 200 rack solution is 10 Mbit/s. This of course varies by usage, but unless the user performs multiple changes to the entire solution in short succession, the DR node will stay in sync within a few minutes on a 10 Mbit/s connection even with larger changes (e.g. adding 50 racks). For most common tasks, the DR will be sync'd within seconds. DCO also has a large buffer (8 GB), so the DR node will be able to catch up even if there are many changes at once, it will simply be a few saves behind the main node (however, still in a consistent state).

Handled by DCO server

Database user has role of "Superuser" and "Replication" 

Certificate for authentication and data transfer encryption

RSA 2048 bits (Diffie-Hellman)

HMAC-SHA1

 AES 256 bits

Database communication between disaster recovery node and server
"Cluster"TCP/UDPConfigured

1 Gbps connection between cluster nodes. Nodes (except disaster recovery) must be on same site in order to ensure network latency, failure rate, etc. is low enough for cluster data traffic to get synchronized as needed and thereby avoiding a "split brain" situation which is not supported.

Multicast group communication must be allowed on the network in order for communication in the cluster to work.

Handled by DCO serverAll user data is encrypted. Failover communication is not encrypted. -

See also

StruxureWare Data Center Operation Security

StruxureWare Data Center Operation - System Requirements   

 StruxureWare Data Center Operation Software Vulnerability Scans

 

StruxureWare Data Center IT Optimize Server Requirements

The StruxureWare Data Center IT Optimize server requires a dedicated server to be deployed for its use. The system may be a physical device or a virtual machine and it must have network connectivity to the targeted data center assets.

  • Windows Environments: Windows 2008 and 2008 R2 (Windows 2012 and 2012 R2 are currently not supported)
  • Linux Environments: RH 5.4, SUSE 11 (Linux ITO server cannot discover Windows 2008 R2, Windows 7, Windows 2012 or Windows 2012 R2 servers).
  • OS: All operating system versions can be either 32 or 64 bits
  • CPU: Minimum dual CPUs, four CPUs are recommended
  • Memory: Minimum 4 GB memory
  • Storage: Minimum 20 GB disk space

The hostname of the StruxureWare Data Center: IT Optimize/StruxureWare Data Center: Server Access server must be DNS resolvable from all StruxureWare Data Center Operation clients. 

It is recommended that StruxureWare Data Center: IT Optimize servers connected to StruxureWare Data Center Operation match the version.

Windows specific requirements:

  • IT Optimize must be installed by an Administrator level user.
  • The IT Optimize services must run as a user which has been granted the "Logon as a Service" privilege. Instructions are available here: http://technet.microsoft.com/en-us/library/cc794944(v=ws.10).aspx
  • StruxureWare Data Center: IT Optimize license must be installed on the Data Center Operation server.

See also

System Requirements

Installing IT Optimize

Restoring IT Optimize Backup

StruxureWare Data Center Operation: IT Optimize

StruxureWare Data Center: IT Optimize security

This page contains StruxureWare Data Center: IT Optimize security details.

StruxureWare Data Center: IT Optimize functionality

There are two conditions which cause StruxureWare Data Center: IT Optimize to reach out to a server. They are discovery and polling.  

During discovery, for WMI, SSH, and VMware protocols, ITO performs a logon to the target server, and pulls a series of information from the host including server make and model, IP, serial number, OS type, CPU details  (make/model, cache, speed,...), Memory details (make/model, size, type,  ...). SNMP discovery is similar, except no physical logon to the host is required. After initial discovery, a discovery of a Windows or Linux server only needs to occur if the physical hardware changes. Often running discoveries less than once a month is enough but must be based on server changes done in the data center.  

Polling occurs when ITOcontacts the target server to pull CPU utilization information. In this case, only previously discovered servers are polled. By default,  polls occur every five minutes. This value can be configured using the DCO GUI to occur as infrequently as every 30 minutes. So having 1000 discovered hosts, you can expect approximately 100k of polling data to be read from servers every 5 minutes. Overall load on the target servers is low. In our labs, we have a large set of ITOconfigurations discovering and poling a set of live servers. They are all polling and discovering the same servers 24x365. The average CPU utilization of our idle lab servers (so only ITOdiscover and polling is occurring on them) is approximately 3%.

 

Tip

If you want to check if the port 8090 is responding from DCO to ITO you can use the following command:

netstat -aln | awk '$6 == "LISTEN" && $4 ~ "8090$"'

 

Network protocol and ports

Protocol

Transfer protocol

Port(s)

NetworkCredentials/AccessEncryptionCommands

WMI

TCP

Request: 135

Response: 1024-65535

WMI Windows Required Ports

Discovery queries between 3K and 10K of data (on average) per discovered asset.

Polling queries approx. 60 bytes of data per asset per poll. Polling interval can be configured in the external system configuration.

WMI connections between hosts require valid user credentials on the remote system.

The credentials should be encrypted on Linux (using j-Interop) as well as Windows (using the  native Windows libraries).

StruxureWare Data Center: IT Optimize polls Windows server WMI namespace. The specified user account must have local administrator access to query disk related details from the namespace.

Credential information is always encrypted using NTLM  and/or Kerberos encryption. 

WMI Command Details

SNMP

TCP/UDP

161, 162

Discovery queries between 3K and 10K of data (on average) per discovered asset.

Polling queries approx. 60 bytes of data per asset per poll. Polling interval can be configured in the external system configuration.

StruxureWare Data Center: IT Optimize uses a read-only community string to pull values from a set of server OIDs or Blade Chassis OIDs

No encryption is used for SNMP communication

Both SNMP v1 and v2 are supported.

SNMP Command Details

VMware vSphere Web Service

TCP

80, 443

Discovery queries between 3K and 10K of data (on average) per discovered asset.

Polling queries approx. 60 bytes of data per asset per poll. Polling interval can be configured in the external system configuration.

Connections are made on port 443 by default

SSL connections to VMware web services api's to pull ESX server and guest utilization information

Password authentication is used, no keys are stored on the ITOserver.

VMware protocol discoveries require a local user account on each ESX host. The account must belong to at least the readonly role. It does NOT require access to the ESX shell.

Encrypted connection (SSL) to the default https port (443) key length is determined by server

VMware vSphere Web Service command details

SSH

TCP

22

Discovery queries between 3K and 10K of data (on average) per discovered asset.

Polling queries approx. 60 bytes of data per asset per poll. Polling interval can be configured in the external system configuration.

Discovery commands require root level access. "sudo" may be used to complete this task a guide can be found here. Polling of Linux and Unix clients is completed using SNMP.

 

Server determine cipher type and key length.

SSH v2 is supported, v1 is not supported.

SSH command details

TCP ECHO

TCP

7

Echo functionality to make sure discovered device is alive---

ICMP ECHO

IP

N/A

Ping/Echo functionality to make sure discovered device is alive---

IPMI

UDP

623

Discovery queries between 3K and 10K of data (on average) per discovered asset.

Polling queries approx. 60 bytes of data per asset per poll. Polling interval can be configured in the external system configuration.

IPMI connections between hosts require valid user credentials on the remote system.

Depending on configuration and BMC interface 
PostgresUDP3306Localhost only - internal ITO database connectionHandled by ITO systemYes-
HTTPTCP8090Management Console interface for ITOHandled by DCO/ITO integration interface--

HTTPs

TCP

8643

Management Console interface for Intel DCM

Localhost only--

HTTP

UDP

8688

Management Console interface for Intel DCM Localhost only--

Postgres

UDP

6443

Localhost only - internal Intel DCM database connectionLocalhost only--
Server Access - related protocols
VNCRFB5900 (default)Bandwidth usage is very depended on screen activity and usageMore info can be found here The encryption is depended on the OS and the installed VNC application-
SSHTCP22Since text only is transferred the bandwidth requirement is very limited.More info can be found here Server determine cipher type and key length-
RDPTCP3389 (default)Bandwidth usage is very depended on screen activity and usageMore info can be found here The encryption is depended on the OS and the installed application. Default 128-bit encryption, using the RC4 encryption algorithm-


A 1024-bit RSA key is generated and used for SSL communication. The key is self- signed and will generally require the user to trust the signing authority. When connecting to an ITOserver, DCOpresents a dialog asking the user to trust the certificate. The keystore where the RSA key is stored is password protected.

Packages being used in StruxureWare Data Center: IT Optimize server

Packages and their version numbers being used in StruxureWare Data Center: IT Optimize server can be found here.

Firewall configuration

StruxureWare Data Center: IT Optimize does not contain any firewall in the installation. The firewall must be allowing ports as needed from the above table of ports and protocols.

Software Vulnerability, Scan(s) and Certifications

Status in terms of general known vulnerabilities can be found here.

A software scanning tool is run against every release of the product. The results are investigated and needed action in terms of security updates etc. taken. The scanning tool used is named Nessus.
Nessus is a network vulnerability scan utility. It scans the server as a network device and not just a webserver. Please contact us for details.

Antivirus

Antivirus tools are not provided with the StruxureWare Data Center: IT Optimizeserver installation. Antivirus is allowed on the StruxureWare Data Center: IT Optimizeserver and target client. It is recommended to exclude the data folders for the databases to maintain performance and reduce problems when installing and upgrading ITO software.

Logging

Log files can be found in the .log folder in the installation directory of the StruxureWare Data Center: IT Optimize server

Database architecture

StruxureWare Data Center: IT Optimizedatabase technology is MariaDB version 5.2.14 and cannot be exchanged with any other database type or technology.


See also


StruxureWare Data Center Operation: IT Optimize

StruxureWare Data Center Expert

StruxureWare Data Center Expert Virtual

System Requirements

Server Hardware Requirements for hosting StruxureWare Data Center Expert Virtual

The StruxureWare Data Center Expert can run on  a virtual environment.  The 7.2.x server is available as a virtual appliance and supported on VMware ESXi 4.1.0.  The Data Center Expert server is delivered as an .OVA file and is expected to function properly on any virtualization platform that supports this format, or has an appropriate converter utility.  The operating system, application and database  is included in the StruxureWare Data Center Expert installation.

Hardware resource configuration guidelines

Use the following guidelines to determine the hardware resources necessary for a virtual appliance to monitor a given number of device nodes.

NodesHardware Resources
Up to 325 device nodes

1 GB RAM

1 CPU

Up to 1025 device nodes

2 GB RAM

1 CPU

Up to 2025 device nodes

2 GB RAM

2 CPU

Up to 4025 device nodes

4 GB RAM

4 CPU

NoteVMware supports fault tolerance on virtual machines with 1 CPU only. Please refer to your vendor's documentation for more information about fault tolerance.

Disk space

The disk space required to monitor a given number of nodes varies according to the device types monitored and the amount of data you want to store. The minimum hard disk size is 18 GB.

To determine whether to add another hard disk, you can view available disk space in the "Storage Settings" display, accessed from the Server Administration Settings option in the System menu. View this display periodically to help determine how quickly the virtual appliance consumes disk space.

NoteTo store large amounts of surveillance data, using a remote repository is recommended.

 

StruxureWare Data Center Expert Security

On this page:

StruxureWare Data Center Expertis a client/server configuration. The server is a proprietary version of CentOS 6.10 (64-bit). The client runs on a standard Linux or Windows computer. System requirements can be found here.

Network protocol and ports

Protocol

Transfer protocol

Port(s)

NetworkCredentials/AccessEncryptionComments

HTTP

TCP (SSL)

80 (443)

Network speed of minimum 100 Mbps is recommended. Bandwidth usage between client and server heavily depends on number of discovered devices, alarm configuration and operations carried out in the client e.g. report generation.

 

Manual created user and password (default apc/apc)

Authentication server integration support

There is no option to reset client user password

Password policy is not implemented in DCE but can be enforced using Authentication servers. Password can be ASCII format and numbers

Server and client negotiate SSL cipher type and key lengthCommunication from NetBotz Appliances / DCE Console/Web API and 3rd party integrations. 
SNMPUDP161The bandwidth needed heavily depends on number of discovered devices, polling interval configured and alarm activity in the system.

Specified in device SNMP configuration

default community string: public

SNMP v3 offer encryption as configuredSNMP Communication between discovered devices and DCE 
SNMP (Trap)TCP/UDP162The bandwidth needed heavily depends on number of discovered devices, polling interval configured and alarm activity in the system.

Specified in device SNMP configuration

SNMP v3 offer encryption as configuredSNMP Communication between discovered devices and DCE
SMTPTCP25Network requirements are low. Email traffic from the DCE is depended on alarm policy configuration and number of alarms occurring.As specified in E-mail settingsRequires STARTTLS extensionCommunication with e-mail server
FTPTCP21Used when device is discovered and DDF file transferred. The network requirements are low.As specified in Device File Transfer SettingsNot supported by protocolTransfer DDF files between devices and DCE
SCPTCP22Used when device is discovered and DDF file transferred. The network requirements are low.As specified in Device File Transfer SettingsServer and client negotiate cipher type and key lengthTransfer DDF files between devices and DCE
ModbusTCPTCP/UDP502The bandwidth needed heavily depends on number of discovered devices, polling interval configured and alarm activity in the system.Not supported by protocolNot supported by protocolModbus TCP Communication from Modbus Device/Gateway
NTPTCP123Very limited traffic and bandwidth requirementAs specified in system time settingsDepending on system integrationNTP server communication
SMBTCP/UDP139Depending on system integrationAs specified in system storage settingsDepending on system integrationSMB communication to NAS/SAN
NFSTCP/UDP111Depending on system integrationAs specified in external system configurationNot supported by protocolNFS mounted external drive
NFSTCP/UDP2049Depending on system integrationAs specified in external system configurationNot supported by protocolNFS communication to NAS/SAN
DNSTCP/UDP53Very limited traffic and bandwidth requirementAs specified in external system configurationNot supportedDNS server communication
LDAPTCP389Very limited traffic and bandwidth requirement  Active Directory/LDAP 
CIFSTCP445Depending on system integrationAs specified in external system configurationDepending on system integrationCIFS communication to NAS/SAN
APC Proprietary CommunicationTCP6000The bandwidth needed heavily depends on number of discovered devices, polling interval configured and alarm activity in the system.Not supported by protocolNot supported by protocolCommunication with AP76xx outlet strips and gen1 PDU on private lan. 
PostgreSQLTCP5432Depending on system integration the bandwidth requirements should be specified accordingly.As specified in external system configurationDepending on system integration 


Firewall configuration

StruxureWare Data Center Expertserver also comes with a firewall included. The server is not configurable and therefore the firewall cannot be changed.

Packages used in StruxureWare Data Center Expert

Packages and their version numbers being used in StruxureWare Data Center Expert can be found here.

Software Vulnerability, Scan(s) and Certifications

 

Nessus

A Nessus scan is run against StruxureWare Data Center Expert before every release of the product. The results are investigated and needed action in terms of security updates etc. taken. This scan might also be part of official certifications.
The results and resolution of the security scan and StruxureWare Data Center Expert status in terms of general known vulnerabilities are here.

Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools.

Antivirus

StruxureWare Data Center Expert does not include antivirus in the installation. The server is not configurable and therefore the antivirus cannot be added.

Logging

The StruxureWare Data Center Expert product has several log files capturing kernel, cron, job etc. based on standard Linux capabilities. 

Logs are stored on the server and are accessible to system administrator.

Database architecture

The database and server is one unit and cannot be separated. The database and operating system is running on the same partition on the server. The database technology is postgreSQL and cannot be exchanged with any other database type or technology.

 

See also

 

StruxureWare Data Center: IT Optimize security

Schneider Electric Cybersecurity Support Portal

 

 

 

 

 

 

StruxureWare Portal

StruxureWare Portal requirements

The page StruxureWare Portal v1.3.3 does not exist.

Skip to end of metadata
Go to start of metadata
  • No labels
RELATED COMMUNITY QUESTIONS
WAS THIS ARTICLE HELPFUL?