Add a DMZ Permanent Standby Server
The process for adding and configuring a DMZ Permanent Standby server is very similar to the process used when adding and configuring a 'normal' Permanent Standby server.
ATTENTION: You should install the same drivers on the DMZ Permanent Standby server as those installed on the Main server. If the Main server has drivers that are not installed on the DMZ Permanent Standby, the DMZ Permanent Standby server will not be able to establish a connection with the Main server.
Configure a DMZ Permanent Standby server
To configure a DMZ Permanent Standby server, you need to:
- Select the Standby tab.
- Choose DMZ Permanent Standby Server as the Type. Do not choose Permanent Standby Server as the type as this will set the server to have a connection back to the ClearSCADA system.
- Configure the DMZ Permanent Standby server to recognize the Main and Standby servers as appropriate.
The other aspects of the DMZ Permanent Server configuration are the same as those for the configuration of a 'normal' Permanent Server.
Configure the Main/Standby to recognize the DMZ Permanent Standby server
- Select the Permanent Standby tab.
- Use the settings in the Permanent Standby A, Permanent Standby B, Permanent Standby C and Permanent Standby D columns, in the same way as you would when configuring a Main/Standby server to recognize a 'normal' Permanent Standby server. The difference is that you need to select the DMZ check box so that the Main/Standby server can establish a connection to the DMZ Permanent Standby server. The DMZ Permanent Standby server will be unable to connect to the system if the DMZ check box(es) are cleared.
- Select the Encrypted check box to ensure that the transfer between the Main/Standby and the DMZ Permanent Standby is encrypted.
- Select the Allow DMZ Object Updates to allow the Main/Standby server to read user security information from the DMZ Permanent Standby server. When this check box is selected in addition to logon/logoff events additional information about a users logon activities, for example failed logon attempts, it forces the DMZ Permanent Standby server to update the state of a user on the Main server.
If a user account is disabled on the DMZ Permanent Standby then it becomes disabled on the Main server. The System Administrator is then required to reset the account on the Main server and DMZ Permanent Standby server.
This transfer request is initiated from the Main as part of the standby transfer process, and occurs after the object data has been transferred, but before the historic is transferred.
When the Allow DMZ Object Updates check box is selected, limited credential updates and event logging of users' accesses via the DMZ, are made available to be written to the Main server (these are batched and provided to the Main server as part of the synchronization process). However, as the DMZ Permanent Standby server has no connection back to the Main server it is unable to write the information to the database itself. As such, it offers more protection against malicious attacks than 'normal' Permanent Standby servers.
ATTENTION: If you configure a 'normal' Permanent Standby server and then configure the Main server or Standby server to have the DMZ setting enabled for the Permanent Standby server, the connection will fail. Similarly, a Main or Standby server can only connect to a DMZ Permanent Standby server if the DMZ Permanent Standby server’s Type is set to DMZ Permanent Standby Server and the DMZ check box is selected on the Main and Standby servers.