Use DMZ Servers instead of Permanent Standby Servers

If your system architecture has permanent standby servers that are only used to read data from Geo SCADA Expert, you can improve your security by reconfiguring them as De-Militarized Zone servers (DMZ servers).

DMZ servers can run outside a firewall and have a single, read-only connection to Geo SCADA Expert. The read only connection means that it is impossible for the Geo SCADA Expert software on the DMZ server to write to the Geo SCADA Expert database.

However, vulnerabilities in the operating system that runs on the DMZ server can potentially expose your system to unauthorized access. To avoid this, you can use your DMZ server outside a firewall—the firewall can be set to help protect your system against unauthorized access via the operating system.

The table below shows the benefits of using a DMZ server outside a firewall in comparison to a DMZ server without a firewall or a read-only permanent standby server.

For maximum security, we recommend that instead of read-only servers, you use DMZ servers that run outside a firewall.

If your requirements mean it is impractical to use a firewall, we still recommend that you use a DMZ server instead of a read-only server. Using DMZ servers means you have the added protection of the single, read-only connection between the Geo SCADA Expert software on the DMZ servers and the Geo SCADA Expert database.

Even without a firewall, a DMZ server offers greater protection than a permanent standby server as it has no write connection to Geo SCADA Expert.

To configure a server as a DMZ server, see De-Militarized Zone (DMZ) Permanent Standby Servers.