Security and Performance

Comprehensive security architecture and deterministic real-time performance.

Designed for Reliable Performance and Enterprise Security

FrameworX combines deterministic real-time performance with comprehensive security architecture. Built on the Technology Foundation of 100% managed .NET code, the platform delivers millisecond response times while maintaining defense-in-depth protection and full compliance capabilities.

Operational Excellence:

Performance monitoring with <100ms tag updates & 1ms timestamps
Multi-layer security with RBAC, Secrets and encryption
Compliance ready: FDA, IEC 62443, NERC-CIP
Git-based DevOps with JSON export
Hot-standby redundancy with <5 second failover

Optimized Architecture

Optimization Layers

Layer	Optimization	Impact
Application	Efficient scripts, optimized queries	CPU usage
Runtime	Thread pool tuning, memory management	Response time
Database	Indexing, partitioning, archiving	Query speed
Network	Compression, protocol selection	Bandwidth
Hardware	CPU cores, RAM, SSD storage	Overall capacity

Performance Metrics

Metric	Target	Measurement
Tag Update Rate	<100ms	Device to display. Test case: 100,000 Modbus tags in < 1s
Alarm Response	<1 second	Condition to notification, keeping 1ms timestamp on logs
Client Response	<200ms	User display action to feedback
Displays Update	< 50ms	Code behind execution and realtime updates on diaplays
Historian Write	<1 second	Tag change to storage, keeping 1ms timestamp on logs
Failover Time	<5 seconds	Primary to standby

(*) Those are expected numbers in a typical implementation. Exact metrics depending on solution design and hardware

Built-in Performance Monitoring Tools:

Real-time performance dashboards
Resource utilization tracking
Bottleneck identification
Historical trend analysis

Operational Stability

100% Managed Code - No memory leaks or pointer errors
Exception Handling - Graceful failure recovery at every level
Multi-threaded Execution - Parallel processing with thread safety
Resource Management - Automatic garbage collection and optimization

Security Architecture

Defense in Depth Implementation

Layer	Protection Level	Components
Layer 1: Network. Security	Perimeter defense	Hardware: Firewall VLAN / VPN Access Software: IP filtering, connections-Monitoring
Layer 2: Application Security	Access control	Identification: WA, LDAP, OAuth, Native, Custom Authorization: `(Role-Based Access)`
Layer 3: Data Security	Information security	Database Encryption Secure Communication & Audit Logging
Layer 4: Operational Security	Process integrity	Change Management & Built-in Validation Backup/Recovery & Incidents Recovery

Security Zones Architecture (ISA-99/IEC 62443)

TSecureGateway enables secure data transfer across zones, bridging Level 2 (factory floor) to Level 4 (enterprise) while maintaining isolation and protection against threats.

Authentication & Authorization

Flexible Authentication Methods

Enterprise Integration	Native Options
*Active Directory* - Windows domain SSO *LDAP Server* - Directory services *OAuth* - Modern authentication *External Systems* - Custom providers	*Built-in Database* - Local user management *Runtime Users* - Dynamic generation *SQL Database* - External user stores *Electronic Signatures* - Action verification

Role-Based Access Control (RBAC)

Granular Permissions - Display, object, and action-level control
Group Hierarchies - Inherited permissions with override capability
Dynamic Roles - Runtime permission changes based on context
User Policies - Password complexity, session duration, auto-logoff

Compliance & Standards

Industry Standards Implementation

Standard	Implementation	Key Features
ISA-95	UNS design patterns	Enterprise/control integration model
ISA-101	HMI design compliance	Operator effectiveness standards
FDA 21 CFR Part 11	Electronic records/signatures	Audit trails, data integrity, validation
High Performance HMI	Display design principles	Situational awareness, alarm management
IEC 62443	Cybersecurity guidelines	Security zones, defense in depth
NERC-CIP	Critical infrastructure	Access control, monitoring, recovery

DevOps & Version Control

Enterprise Development Practices

Native Tool	Feature
JSON-Git Export	Human-readable diffs for Git integration
Change Tracking	Keep track of changes at object level, with automated version numbering
Cross Reference	Dependency analysis and automated rename for all configuration objects
Build Procedure	Validation of all server scripts and all displays scripts
Publish Procedure	Readonly deployment files for regulated areas
Execution Profiles	Management for Development, Validation, Production and Custom environments — a single `.dbsln` can run all four profiles concurrently on distinct ports, each isolated and managed independently.
DevOps APIs	Programmatic control of configuration and execution
Health Monitoring	Built-in runtime metrics and web dashboard. TServer `/health` and `/ready` (port 3101) for Kubernetes liveness/readiness; TWebServices `/health` (port 10108) for Solution Center health.
REST API	Data-plane on TServer (port 3101+, Bearer-GUID) for tag values, aggregates, and alarm state; management-plane on TWebServices (port 10108, JWT/OIDC) for Solution Center operations.
Container Support	Docker deployment including support for App Hosting in Cisco Routers
Execution Integrity	Built-in diagnostics to verify if running solution matches a given configuration.

Solution Configuration Protection

Encrypted Configuration - All settings in protected .dbsln file
IP Protection - Source code and binaries secured
Single File Deployment - Simplified distribution and management
Access Control - Role-based modification rights

Redundancy & High Availability

Hot-Standby Configuration

Feature	Specification	Benefit
Automatic Failover	<5 seconds switchover	Minimal disruption
Data Synchronization	<5 seconds switchover	No data loss
Client Reconnection	Transparent to operators	Continuous operation
State Preservation	Full context maintained	Seamless recovery