Security and Reliability
Flexibility is a feature; Security and Reliability are mandatory and foundational requirements.
We built the platform design selection of technologies and the architecture of the modules to have stability and security at its core.
Easy and Secure Configuration and Maintenance
We created our platform thinking in different scenarios and topologies, from a local interface on an embedded panel to fault-tolerant servers that serve multiple projects and clients. The platform's development tools and project components are scalable, reusable, and consistent.
Operational Stability
Our platform's 100% managed code implementation provides unmatched operational stability since its intrinsically safe software architecture includes execution threads isolation, exception control, failure recovery, modular deployment, hardware abstractions, and operating system independence.
Redundancy and High Availability
For high availability systems, the platform can have a real-time database, Alarm and Historian servers, and data acquisition deployed as a redundant hot-standby system, with no project changes required.
The hot-standby redundancy is field-proven with hundreds of devices in the network and multiple clients.
FDA 21 CFR Part 11 and NERC
The software platform has a range of security and compliance features that can be used to help organizations meet the requirements of FDA 21 CFR Part 11. It is important to note that compliance is an ongoing process, and therefore, organizations should regularly monitor and update their systems and policies to ensure adherence to the standards established by the FDA.
The platform was also designed following the applicable recommendations from NERC, such as the CIP- 007-1-Cyber Security-System Management.
Title 21 CFR Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration (FDA) regulations on electronic records and electronic signatures (ERES).
Part 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.
Listed below and described are some security-related features available in the product:
| Panel | ||
|---|---|---|
| ||
|
For detailed Explanation on how to add security management in project consist with these rules, go to the page FDA 21 CRT Compliance page, under the chapter Security, Users and Roles.
Built-in .NET Security
The FactoryStudio development is based on .NET, using managed code, following security guidelines, where the development with .NET managed code must follow the .NET rules. There are specific guidelines followed for specific modules. For example, the Alarms adherence to the FDA guidelines are followed, for Electrical device communications with the IEC61850, or the other IEC are followed. Below are the main FS-Security topics and some basic information about them.
Link to Microsoft information about Security in .Net:
https://docs.microsoft.com/en-us/dotnet/standard/security/
| Tip |
|---|
Security at the Core Level Security must be implemented at the core, not applied externally. The Platform Modules' have built-in security related components designed from the core. |
Communication Security
Communication between modules
The cryptography between external modules — processes out of TServer: ScriptTaskServer, DataAccess, Devices, TRichClient, SmartClient, ModuleInfo, TraceWindow, PropertyWatch, etc — and TServer uses basically two classes:
a) System.Security.Cryptography.RSACryptoServiceProvider (Asymmetric, KeySize: 1024): Performs asymmetric encryption and decryption using the implementation of the RSA algorithm provided by the cryptographic service provider (CSP).
b) System.Security.Cryptography.Rijndael (KeySize: 256).
Portable Displays
With unparalleled performance on the Web Pages
WebAssembly and .NET CodeBehind deliver blazing-fast performance for web pages, even with thousands of graphical elements.
Although you can create displays that need to open in only one environment or another, our platform supports the Portable option, where the exact same configuration can be used for both Windows/WPF clients and Web/HTML5 clients.
Users don't need to create two different kinds of screens for Windows and Web clients. Using the Portable option for the rendering engine creates displays that will automatically function in both desktop and web environments.
This feature enabled our users from previous releases to use the screens they created over the years on Windows desktops and open them directly in web browsers with no rework or modifications.
Designer and Runtime Themes
Our platform includes a thoughtfully curated set of built-in themes designed to elevate the user experience—whether you’re working in a bright office, a dark control room, or on a mobile tablet in the field. These themes enhance aesthetics, comfort, usability, and visual clarity across a wide range of industrial environments.
Themes apply consistently across both the design environment and runtime operator displays, ensuring a professional and seamless visual experience with no extra configuration.
We offer a full set of Light and Dark theme pairs, covering cool grays, vibrant blues, elegant purples, and rich earth tones. You can also create your own Light-Dark custom themes using our built-in visual customization tools.
Theme Pair | Description |
|---|---|
Light & Dark | Clean white and classic dark — optimized for bright or dim environments. |
Platinum & Onyx | Subtle gray tones paired with a sharp, modern black style. |
Steel & Graphite | Cool grayscale Light and Dark themes with a modern, minimal feel. |
Pearl & Indigo | Soft lilac-accented light theme with a bold, rich purple dark variant. |
Sky & Navy | Airy sky blue matched with a deep, calming navy. |
Gold & Coffee | Elegant golden hues paired with a warm, earthy brown. |
ContrastLight & ContrastDark | Accessibility-first options designed with maximum visual separation and clarity. |
Responsive Dashboards and Process Screens
Responsive Dashboards
Allows the easy creation of responsive User Interfaces that adapt automatically to the User's Device, from a Desktop to a Mobile, organizing the display elements. The same dashboard can be used by Desktop or Mobile users, in Windows Clients or Web Browsers.
Process Screens
For traditional process diagrams and synoptics, the Drawing tools allow extensive flexibility in layouts and frames, and include new features for customizing resizing: proportionally, using scrollbars, or allowing specific objects to resize or change position according to the client window.
Desktop, Mobile (Portrait and Landscape) and HTML5 preview
Easily customize your layout to work properly in various scenarios, with a centralized configuration and preview feature.
Smart Symbols Library
Smart Symbols
The Drawing tool includes a library of around 2,000 Smart Symbols, graphical elements typically used in industrial applications. Many of these symbols are more than just vector images; they also have dynamic behavior that allows for direct mapping to your Tags and Assets. It also includes a set of Industrial Icons, specially designed for typical visuals on process displays.
High-Performance HMI
The well-known book High Performance HMI proposed a set of standards for HMI design. Our platform fully supports the creation of solutions that adhere to these standards, including High-Performance Graphical (HPG) palettes in its themes and hundreds of ready-to-use symbols created according to those specifications.
Advanced Components and Controls
For advanced graphical interfaces, such as Gantt and Trend Charts, DataGrids, PdfViewer, and others, a set of graphical components for both WPF and Web is included. Additionally, third-party controls can be easily integrated into the solution.
Self-Aware Dynamic Displays
Data-centric applications can have their User Interface created automatically based on the assets found in the Data Model. Typically, these applications are organized around a Unified Namespace, MQTT Broker, or OPC UA servers. FrameworX establishes a dynamic connection with these servers, selecting the best UI elements according to the data found on the connected servers.
Note 1: No external program gets access to the TServer without validation/authentication. TServer answers to external programs only after validation/authentication via user/password or Windows Authentication.
Note 2: "RSACryptoServiceProvider" is used to generate "private/public keys"; "Rijndael" is used to encrypt/decrypt the data and it uses "private/public keys" described above.
Note 3: The data are only compressed if block size is over 16000 bytes. The compression is GZIP". "ModuleInformation" displays estimated values of each connection. WCF adds some bytes while sending data, so the values in "ModuleInformation" are estimated.
Note 4: ".NET Framework applications should use the TLS version the operating system (OS) supports." FS does not manually set the TLS version using the configuration of the operating system (OS).
Note 5: Remote access by WebAccess services (third-party program or modules) will use http or https consuming the web services available.
Communication with web clients
HTML5 can use "http" or "https/ssl". The compression will be configured on "IIS" and it will be GZIP".
Further, you can setup your application to have mandatory long, as well various forms with custom authorization, like IP filterer, or Location, among other.
Secure WebGateway
The TWebGateway is a tool included in the platform to allow to route data across different security Network zones, like moving that from the Level 2, the factoryFloor, to Level 4, the enterprise.
It also prevents unsecured traffic from entering an internal network of an organization. It is used by enterprises to protect their employees/users from accessing and being infected by malicious web traffic, websites and virus/malware.
Files and Execution Protection
License/Softkey
"License/Softkey" uses the .NET class System.Security.Cryptography.Rijndael (symmetric, KeySize: 256).
Digital signature
All assemblies created by Tatsoft are signed digitally.
Project format (Configuration protection)
All project configuration is stored in a relational database (.tproj file) with all security and protections like cryptography, power recovery and Users/passwords. The Scripts and Displays have the source and the compiled binaries stored in the same .tproj file. It makes the project easy to manage and deploy.
User Authentication and Permissions
User Authentication
The platform supports Integration with various systems:
| Panel | ||
|---|---|---|
| ||
|
Active-Directory / Windows Authentication
When using Windows Authentication, the project will not use the User list configured in the project, only the policies, and this management is controlled by Windows. The Windows User that is logged into the computer will be the one used in the system.
LDAP
When using LDAP, the project will not use the User list configured in the project, just the policies and this management is controlled by Windows and the LDAP Server. The External User that is logged in the LDAP Server will be the one used in the system.
Runtime Users
Dynamically create users and store credentials in SQL databases. Get users from Active-Directory or third-party system for integrated security or unified login.
Roles, Permission and Policies
Group and User Permissions
Total flexibility to define privileges based on groups or specific users. Permissions can be global or tied to a specific display, object, or input action.
User Policies
Identification policies, session duration, control, automated logoff, e-sign, audit-trail and a complete set of user management feature are available.
Database Injection Protection
In the database, calling Stored Procedure, there is a great concern about this part of "injection", because if parameters are passed as plain text in SQL Statement, the "injection" could be possible. Against this we use the .NET API where parameters are added to a list, making it impossible to code injection.
Security External Validation
Regularly the platform is accessed by Veracode, or third-party companies, on penetration testing report, gap analysis, and various other topics.
Any issues that would prevent a 100% approval are corrected.In this section...
| Page Tree | ||||
|---|---|---|---|---|
|