Security Guide PCo 15.5
Security Guide PCo 15.5
Content
Document History
SAP Plant Connectivity
Introduction
Security Required by Plant Connectivity
About this Document
Overview of the Main Sections
Before You Start
Important SAP Notes
Additional Information
Technical System Landscape
User Administration and Authentication
Authorizations
Authorization for Management Console
Authorization for Agent Instance Services
Authorization Management in SAP Plant Connectivity
Authorization Management for the SAP Digital Manufacturing Cloud
Communication and Network Security
Communication Channel Security
DCOM Security
Use of Certificates
Certificate Stores in PCo
Validation Checks for Certificates
Generating Certificate Signing Requests or Self-Signed Certificates
Import a Certificate into a Microsoft Certificate Store
Recommendation to Use Certificates Signed by a CA
Certificate Rotation
OPC UA Security
Application Certificate Management in Plant Connectivity OPC UA Components
Application Certificate Management in Plant Connectivity MQTT Components
TLS-Based Secure Communication in PCo
Enabling TLS for the Management Services
Enabling TLS for the Cloud Services
Enabling TLS for an Agent Instance
Enabling TLS for the Web Server Hosted in an Agent Instance
Network Security
Storing Configuration Information and Data Privacy Protection
Dispensable Functions with Impacts on Security
Verifying the Integrity of the Installation
Appendix: Access Rights Required for SAP Plant Connectivity
Installation
Configuration through the Management Console
Operating SAP Plant Connectivity
Other Activities During Configuration of PCo