Key security assumptions:
● The LogiX solution to be hosted within client owned Azure subscription as a PaaS
● The Factory edge is connected to a private IoT Hub.
● Both the web and mobile applications integrate with client Directory Services for identity management and access control. (to be detailed)
● SSL certificates are used for secure HTTPS connections for the applications.
IoT Hub
The IoT Hub is an Azure PaaS solution for managing sensor data information streams. As such, it requires a feed from factories and connectivity to Logix. As the corporate and Azure networks are separate connectivity needs to be established.
...
Data from Factory
Set of raw machine counters and signals needed for KPI’s calculation (performance related signals).
No user data other by login information is transferred from factory (login information is managed by Domain Controller and is part of signed JWT token)
No commercially sensitive data other than signals and counters mentioned above is transferred from factory level.
Master Data
Imported into the PackOS application through files (Orders, Materials, and Work Calendar information).
Files are not persisted in PackOS, data from files is encrypted in the SQL Server Database and available only for authorised authorized users.
Metadata and Configuration Data
Simplified factory structure needed to add semantic to raw signals. (assignment of signals to the machines and machines to the line)
Business rules to transform data from raw signals into information about production state and metrics.
Necessary information about users of PackOS system needed for:
Authorizing users, Audit user activity, Support notifications
Data at rest
Data in the database is encrypted at rest by Azure SQL Server Transparent Data Encryption
User credentials are not stored within the application – authorisation is delegated to Azure AD.
Data in transit
Communication between components is made with TLS v1.2 (as specified in the networking architecture)
...