Designer Hybrid Fiber Coax (DHFC) – Implementation Guide

Security Considerations

ArcGIS Server:

  • All ArcGIS Servers must be protected against cross-site scripting attacks by configuring the origins allowed to be accessed alongside content from ArcGIS Server. It is crucial that you follow the instructions to Restrict cross-domain requests to ArcGIS Server.

  • ArcGIS Server is usually hosted within another HTTP stack (IIS, Apache). Follow the vendor's best practices for hardening the server against attack.

  • If you install ArcGIS Web Adaptor to allow ArcGIS Server to integrate with your existing web server, you must enable HTTPS on your web server, which means you need to obtain a server certificate and bind it to the website that hosts ArcGIS Web Adaptor.


ArcGIS Portal (if using Portal for authentication):

  1. Your Portal-based authentication can use Portal built-in users or Active Directory (AD)-based users.

  2. Whether you use built-in users or AD-based users, you need to let traffic come from Auth0 (a hosted service that enables single sign-on) through the firewall to your portal instance.

  3. Decide which groups, whether built-in or AD-based, map to which roles. We make assignments via group information from the identity provider so that group membership can be managed in a central location.


Client Devices that Run the DHFC XI Application:

  • DHFC XI provides users with access to an important asset of the organization: its GIS data. As such, it is important to secure that data against theft.

    • Recommendations specifically for securing client devices:

      1. Enable full disk encryption on devices that host DHFC XI.

      2. Configure screen lock timeout for a maximum of five minutes.

      3. Follow these recommendations for general Windows settings:

        • Do not grant local administrator privileges to end users.

        • Do not grant end-user account permissions to install applications.

        • Use application “allow-listing” to permit only approved applications or executables to run.

        • Use real-time endpoint protection to detect unauthorized changes to installed components.

  • DHFC XI allows users to save designs to a file, and save that file to a local or network directory. Schneider Electric recommends you give users access only to secure locations determined by your IT department. File permissions are managed by the user’s Windows profile.


Abandoned File Directories After Upgrading from Squirrel to MSIX

As described in the myArcFM article Designer HFC MSIX Migration, the application now uses MSIX installer technology, and it no longer uses the previous Squirrel installer technology.

After you upgrade using the new MSIX installer, some file directories from the Squirrel installer are left behind. These include the following:

  • %appdata%\local\CoaxNetworkDesigner: This is where the client application settings were stored. Once you have upgraded, these settings are no longer used, and you can safely delete this directory.

  • %appdata%\roaming\SE.Coax.NetworkDesigner: This is where the logs were stored when using the Squirrel installer. You might want to keep the logs for historical purposes. You can either leave them in the directory, or you can copy them to another location. If you copy them to a different location, you can then safely delete this directory.

  • %appdata%\local\Schneider_Electric\DesignerHFC*: This is where dialog location settings were stored. You might have multiple child folders depending on how many versions you have installed using the Squirrel installer. Once you have upgraded, these settings are no longer used, and you can safely delete this directory.


Uninstalling the Application and Transferring Equipment:

Uninstall the application from either:

  • The Apps & features menu on your computer. Locate the application, then click Uninstall.

  • The Start Menu on your computer. Right-click the application icon, then choose Uninstall.

After uninstalling the application, the following files and directories are still present.

  • Logs stored in C:\ProgramData\Schneider Electric\SE.Coax.NetworkDesigner.

  • Settings stored in C:\ProgramData\Packages\ArcFMDHFC_qybjwhg5w8jy8. If this directory is not deleted and the user reinstalls, any Settings changes previously made are restored.

If your company intends to transfer the equipment to another user, you should follow best practices for the secured deletion of these directories.

TIP: The ProgramData directory is not visible by default on most machines. In Windows Explorer, type “C:\programdata” then press Enter to view this directory.


Privacy Policy

For details about how Schneider Electric processes and protects your personal information, see the myArcFM topic ArcFM Privacy.

QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.

Was this helpful?

Contact Information
Legal Information
Privacy Policy
Change your cookie settings