EcoStruxure Panel Server – Cybersecurity Guide PDF
DOCA0211EN-11

Cloud Application Security

Data Security in Motion

Schneider Electric with EcoStruxure cloud applications implements best practices such as:

  • All communications to and from EcoStruxure Panel Server with internal Schneider Electric systems or external third-party systems, are encrypted using HTTPS (minimum level required is TLS 1.2).

  • Certificate involved in these encrypted sessions are leveraging SHA 256 secure hash algorithm. This applies to communications between Panel Server application and the servers in Microsoft Azure cloud platforms.

Data Security at Rest

Schneider Electric follows best practices to create secure solutions and to limit the risk of data being compromised in any meaningful manner while protecting the privacy, control, and autonomy of each customer’s data independently from any other.

All system to system credentials and tokens are stored and encrypted in Microsoft Azure cloud platforms.

Expected Endpoints

Schneider Electric recommends only allowing access to the required domains as per your needs.

The following table lists the domain names and protocols used when the Panel Server connects to the cloud.

Domain name

Protocol

Description

cbBootStrap.gl.StruXureWareCloud.com

HTTPS (TCP port 443)

Used at first connection of Panel Server to the cloud (or after a factory reset) to authenticate and register the Panel Server.

etp.prod.StruXureWareCloud.com

HTTPS (TCP port 443)

Used to download firmware update.

cnm-ih-na.Azure-devices.net

HTTPS (TCP port 443)

Used for communication of Panel Server with Schneider Electric cloud services such as configuration, data, or alarms.

RemoteShell.rsp.Schneider-Electric.com

HTTPS (TCP port 443)

Allows Schneider Electric Customer Care Center to remotely access the Panel Server webpages through VPN.

cnmdapiappstna.Blob.Core.Windows.net

HTTPS (TCP port 443)

Allows the Panel Server to upload logs and diagnostics files upon request from Schneider Electric Customer Care Center.

cnmiothubappstna.Blob.Core.Windows.net/file-upload

HTTPS (TCP port 443)

Allows the Panel Server to upload a topology to the Schneider Electric cloud services.

time.gl.StruXureWareCloud.com

NTP (UDP port  123)

NTP server allows the Panel Server clock to remain synchronized.
NOTE: Domain names are not case-sensitive.
QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.

Was this helpful?

Contact Information
Legal Information
Privacy Policy
Change your cookie settings