Clients connecting to a server must use an authentication requirement to validate the connection to the server. This assures that the client (sender) is authorized to communicate with the server (SCADA) within the secure network. An authentication certificate method is used to ensure that the client is authorized by having the same set of certificates as the server. This is done using a signed password that is validated on the server end to authenticate that the client's certificate will be used to authorize connections between iFIX 4.0 and greater nodes. Your iFIX installation provides a default network password (INETWORK) that allows a default configuration to continue to work as it currently does.
Authentication is managed by the user and is either enabled or disabled; that is, you can only turn on authentication together. This means that you can have only default computing (legacy and iFIX 4.0) or trusted computing (iFIX 4.0 to iFIX 4.0) on an iFIX network; you cannot combine legacy and trusted computing on a node . When secure networking is enabled, the communications server (the client or SCADA) accepting the incoming connection will require all incoming connections to be secure; that is, incoming connections must fulfill the requirements of a secure iFIX connection.
Secure communications allow only machines with known credentials to complete a connection within the secure network.
A secure layer is used to authenticate communications. This gives iFIX networking the ability to validate end-to-end communications. The default certificate used allows all of iFIX to communicate with transmission security without site-specific authentication. An authorized user can change the default certificate for a machine to a site-specific certificate. For more information, refer to Site-Specific Certificates.
The following image graphically demonstrates how trusted networking allows or disallows connections among various types of iFIX installations.
NOTE: It is recommended to enable Enforced Trusted Computing to establish secure connections, and strongly recommended to change the network password to something other than the default. For more information on Enforced Trusted Computing, refer to the Site-Specific Certificates section.
