Skip to content

General recommendations

Securing first setup of the Industrial Edge Management

The initial setup of the Industrial Edge Management must be performed in a protected private network to ensure that the initial credentials and settings are given by a trusted party (administrator). No default certificates are being used to ensure the identity of the servers and system during the first setup.

Customers are responsible for protecting and securing the first setup of the Industrial Edge Management and for preventing unauthorized access to it.

Securing Industrial Edge Management VMs

The installation procedure for the Industrial Edge Management VM is based on an installation medium (ISO image).

Customers are responsible for storing the installation medium in a secure environment prior to installation and for protecting the Industrial Edge Management and the VM by external measures and firewalls against direct access from the Internet.

It is strongly recommended to operate the the Industrial Edge Management VM in an access protected environment (e.g. locked in a cabinet).

Protection of USB flash drives

Onboarding Industrial Edge Devices to the Industrial Edge Management can be done through an USB flash drive. When onboarding the Edge Device to the Industrial Edge Management, unencrypted configuration data, sensitive system data and customer's network data (proxy password is encrypted) are stored on the USB flash drive. Customers are responsible for keeping the configuration data on the USB flash drive, and in general the configuration file, safe (confidential and integrity protected).

Customers are responsible to securely store the USB flash drive that contains the sensitive configuration data for connection of Edge Devices and prevent unauthorized access to the USB flash drive.

Customers are also responsible for applying the security guidelines regarding the use of USB flash drives in production facilities.

BIOS Password

In general, Industrial Edge Devices are not delivered with a BIOS password. Customers are strongly recommended to set a BIOS password.

Secure onboarding of Edge Devices

The onboarding process of Edge Devices must be according to the documentation of the specific device, as there might be unencrypted configuration data, sensitive system data and customer's network data exchanged in this process.