Enabling Communication with Remote Clients and Reinforcing Security

Overview

This topic describes the steps that you need to perform on the computer acting as Control Expert server when you want to connect a remote Control Expert client.

NOTE: Schneider Electric strongly recommends strengthening communication security between the system server and the client.

Configuring the Listening IP Address by Using the Server Configuration Tool

To manage and restrict client access to the Control Expert server, proceed as follows:

Step	Action
1	Run as administrator the Server Configuration tool on the computer acting as Control Expert server by executing the following command: Start > Programs > EcoStruxure Control Expert > Server Configuration .
2	In the Listening Connections section, select the Listening IP address value from the list and click Apply: 127.0.0.1 (Local connection): The server does not allow connections from remote Control Expert clients. (Default value) 0.0.0.0 (All connections): The server allows connections from any Control Expert client. Network adapters of the system server computer: The server only allows connections from Control Expert clients that are on the same network as the adapter.

Step

Action

Run as administrator the Server Configuration tool on the computer acting as Control Expert server by executing the following command:

Start > Programs > EcoStruxure Control Expert > Server Configuration .

In the Listening Connections section, select the Listening IP address value from the list and click Apply:

127.0.0.1 (Local connection): The server does not allow connections from remote Control Expert clients. (Default value)
0.0.0.0 (All connections): The server allows connections from any Control Expert client.
Network adapters of the system server computer: The server only allows connections from Control Expert clients that are on the same network as the adapter.

Strengthening Communication Security

The following procedure applicable to Windows Defender is provided as example only. Your operating system and application may have different requirements or procedures.

To set-up a communication with improved security, proceed as follows:

Step	Action
1	Open Windows Defender Firewall with Advanced Security (wf.msc) using the Microsoft Management Console (mmc.exe).
2	Click Inbound Rules in the left pane. In the Action pane, click New rule… . Result: The New Inbound Rule Wizard opens.
3	In the New Inbound Rule Wizard : In the step Rule Type select Custom and click Next . The step Program opens. Select This program path:, set`C:\Program Files (x86)\Schneider Electric\Control Expert X\Server\SE.Automation.SystemManager.exe` (where X is the version that is installed) and click Next. The step Protocols and Ports opens: Set Protocol Type to TCP , Set Local Port to Specific Ports, and enter `19950-19952` to port range. Click Next. The step Scope opens. Leave the settings as they are and click Next. The step Action opens. Select Allow the connection if it is secure and click Next. The step Users opens. Leave the settings as they are and click Next. The step Computers opens. For Authorized computers select Only allow connections from these computers and add authorized computer names. Click Next. The step Profile opens. Select Domain , clear Private , and clear Public . Click Next . The step Name opens. In the Name box enter `SystemManager`, and in the Description box enter `TCP rules`. Click Finish.
4	In the Inbound Rules pane select then, copy and paste the `SystemManager` rule.
5	Select the pasted `SystemManager` rule and click Properties. In the General tab, change the description from `TCP rules` to `UDP rules`. In the Protocols and Ports tab: Set Protocols Type to UDP, Set Local Port to Specific Ports and enter `19950` as port range. Click OK to close the Properties window.
6	Close the Microsoft Management Console .