Protection of the host PC
Customers are responsible for protecting their own host PCs and for preventing unauthorized access to their host PCs.
Siemens suggests taking the following measures to protect the host PC:
Protect network access to the host PC with appropriate measures. If remote network connections to the host PC are required, Siemens recommends that you protect the communication to the PC with appropriate mechanisms, such as VPN connections.
Enable the screen saver and lock the screen when leaving the computer.
Install compatible antivirus software on the host PC. Make sure that your virus scanner and its database are always up-to-date.
Install updates and patches for the operating system and software on the host PC to keep it up-to-date.
In order to maintain an adequate security level, Siemens strongly recommends that you deactivate the unused interfaces, for example, USB ports or Ethernet.
Note on using USB stick
Only use dedicated USB stick
Do a malware scan of the USB before using it
Only plug in the USB stick when you use it
Notes on protecting administrator accounts
A user with administrator rights has extensive access and manipulation options available to the system.
Therefore, ensure there are adequate safeguards for protecting the administrator accounts in order to prevent unauthorized changes. To do this, use secure passwords and a standard user account for normal operation. Other measures, such as the use of security policies, should be applied as needed.
Protection against access by unauthorized users
An unauthorized user can operate the PC incorrectly. Operator actions by unauthorized Users jeopardize operational reliability.
Restrict the rights for users by Windows user account.
Notes on the use
AI Model Deployer can only be accessed from the host PC. Do NOT allow other machines in the plant network to access AI Model Deployer.
The current AI Model Deployer is only applicable for non-safety critical applications.
Customers are responsible for the CIA (Confidentiality, Integrity and Availability) of the downloaded / exported files by AI Model Deployer.
Port settings
AI Model Deployer also provides some backend API service which is assigned to the following port. If the default port is already occupied by another application on the host PC, AI Model Deployer will automatically search and assign another port for the backend services.
Name |
Port number |
Transport protocol |
|---|---|---|
AI Model Deployer REST API service |
54300 |
HTTP |
FTP/SFTP Installation and Settings
For Security reasons, Siemens highly recommends using Secure FTP (SFTP) for server communication. For FTP-communication with the TM NPU, please ensure that both AI deployer and TM NPU are in a secure and protected network environment (see TM NPU user manual). For AI Model Deployer and TM NPU, you can access the same SFTP/FTP server or folders shared by different SFTP/FTP servers using the same or different configurations.
Debug settings
The debug function is for commissioning purpose only. After successful commissioning, disable the debug server (by removing the debug configuration file from SD card) during productive operation to ensure the confidentiality of the debug information.
For more information, refer to the TM NPU user manual.