General Data Protection Regulation (GDPR) - Industrial Edge Documentation

Overview
Industrial Edge Hub
Industrial Edge Hub
- Setup
- Operation
  Operation
  - Sign Up
  - Log in and sign out
  - Home
  - Application Provisioning
    Application Provisioning
    
    Hub to Hub transfer
  - Product Management
    Product Management
    
    Overview
  - Library
    Library
    
    Library
    
    Copying an app to IEM instances
    
    Purchasing an app
  - License Management
    License Management
    
    Overview
    
    Purchased licenses
  - IEM Instances
    IEM Instances
    
    IEM Instances
    
    Managing IEM instances
  - Download Software
  - User Management
    User Management
    
    Overview
    
    Inviting a new user
    
    Managing user roles
    
    User roles
  - Hub Settings
    Hub Settings
    
    Overview
    
    Renaming hub display names
  - Notification Settings
  - Switching hub
  - Cancelling an IE Hub Subscription
  - Customer Feedback
Industrial Edge Management
Industrial Edge Management
- IEM Overview
- Setup and operate
  Setup and operate
  - IEM Virtual
    IEM Virtual
    
    Setup
    Setup
    
    General requirements
    
    Setup steps
    
    Download the OVA Package
    
    Deploy the Virtual Machine
    Deploy the Virtual Machine
    
    VMware Workstation
    
    VMware ESXi Server
    
    Provision the IEM Virtual
    
    Operation
    Operation
    
    Network configuration via console
    
    Service & maintenance
    Service & maintenance
    
    Overview
    
    Login
    
    UI
    
    Download log files
    
    Security considerations
  - IEM Cloud
    IEM Cloud
    
    Setup
    Setup
    
    Creating the IEM Cloud Instance
    
    Revealing the initial user passwords
    
    Operation
    Operation
    
    Update
    
    Delete
  - IEM Pro
    IEM Pro
    
    Introduction
    Introduction
    
    Overview
    
    Architecture
    
    General Requirements
    
    Setup
    Setup
    
    Setup Cluster
    Setup Cluster
    
    Using kOps
    Using kOps
    
    Introduction
    
    Prerequisites
    
    Creating pro Cluster
    
    Adjusting created Security Groups
    
    Using minikube
    
    Using Docker Desktop
    
    Using K3s
    
    Using openshift
    
    Deploying IEM Pro
    
    Extensions
    Extensions
    
    Logging & Monitoring
    
    Device Catalog
    
    Uninstalling IEM Pro
    
    Operation
    Operation
    
    Proxy Settings
    
    TLS Certificate
    
    IE Gateway
    
    Monitoring
    
    Planning capacity
    
    Backup & Restore
    Backup & Restore
    
    Industrial Edge Management
    
    Provisioning CLI
    Provisioning CLI
    
    Overview
    
    Installation
    
    Selecting an IEM Pro Instance
    
    Configuration Input
    
    Importing and Exporting Configuration
    
    Configuration Files
    
    Configuration Stored in Cluster
    
    Interaction with Helm CLI
    
    Configure Service Mesh
  - IEM OS (deprecated)
    IEM OS (deprecated)
    
    Setup
    Setup
    
    Setup steps
    
    Downloading the Industrial Edge Management OS
    
    Creating an IEM instance and downloading the configuration file
    
    VMware Workstation
    VMware Workstation
    
    Creating the VM
    
    Configuring the VM
    
    Installing the Industrial Edge Management OS
    
    Oracle VirtualBox
    Oracle VirtualBox
    
    Creating the VM
    
    Configuring the VM
    
    Installing the Industrial Edge Management OS
    
    VMware ESXi
    VMware ESXi
    
    Creating and configuring the VM
    
    Installing the Industrial Edge Management OS
    
    Configuring the Industrial Edge Management
    
    Activating & Installing the Industrial Edge Management
    Activating & Installing the Industrial Edge Management
    
    Activating the Industrial Edge Management
    
    Installing the Industrial Edge Management
    
    Settings
    Settings
    
    Settings
    
    Editing network settings
    
    Setting up a proxy server
    
    Configuring the Docker network
    
    Downloading system logs
    
    Adding an NTP server
    
    Certificate requirements
    
    Installing configurators
    
    Adding a relay server
    
    Operation
    Operation
    
    Overview
    
    Sign up
    
    Log in
    
    Reset password
    
    Home
    Home
    
    Home
    
    User profile
    
    Storage Manager service
    
    Catalog
    
    Statistics
    
    My User Groups
    My User Groups
    
    Overview
    
    Creating and editing an user group
    
    Roles
    
    Adding apps
    
    Inviting members
    
    Removing apps
    
    Settings
    Settings
    
    Settings
    
    Alerts
    
    Configuration
    
    Connectivity
    
    Storage
    Storage
    
    Storage
    
    Adding additional storage to the IEM
    Adding additional storage to the IEM
    
    IEM
    
    Oracle
    
    VMWare
    
    VMWare esxi
    
    System
    System
    
    System
    
    Adding and editing NTP servers
    
    Members
    
    Backup and restore
    Backup and restore
    
    Creating a backup of the IEM OS
    Creating a backup of the IEM OS
    
    via VM Workstation
    
    via Oracle
    
    Restoring the IEM OS from a backup
    Restoring the IEM OS from a backup
    
    via VM Workstation
    
    via Oracle
    
    Industrial Edge Management Services
    Industrial Edge Management Services
    
    Overview
    
    Service to Backup & Restore Edge Devices
    Service to Backup & Restore Edge Devices
    
    Overview
    
    Installation
    
    Update
    
    Configuration
    Configuration
    
    Configuration
    
    Storage size
    
    Monitoring service
    
    Backup devices
    
    Restore devices
    
    Compatibility
- Utilize
  Utilize
  - Launchpad
  - Navigation
    Navigation
    
    Top navigation
    
    Sign up & Navigation (Previous design)
    Sign up & Navigation (Previous design)
    
    Sign up
    
    Log in and sign out
    
    Reset password
    
    Home page
    
    Certificate Management
    Certificate Management
    
    Types of certificates
    
    Overview
    
    Communication relations
    
    Secure connections to the IEM
    Secure connections to the IEM
    
    Overview
    
    Importing certificates to the internet browser
    
    Alerts
    
    User profile
    
    Navigation
  - Homepage
    Homepage
    
    Discover a new experience
  - Applications
    Applications
    
    Management Applications
    
    Pre-Provisioned Applications
    
    Device Applications
    
    Install Device Applications
    
    Catalog (Previous design)
    Catalog (Previous design)
    
    Overview
    
    Importing Edge Apps
    
    Installing an app from the catalog
    
    My Installed Apps (Previous design)
    My Installed Apps (Previous design)
    
    Overview
    
    Managing an app
    
    Scheduling an app job
  - Devices
    Devices
    
    Device overview
    
    Device onboarding
    Device onboarding
    
    Overview
    
    Device configuration
    
    Device onboarding
    
    Device configuration (legacy user interface)
    Device configuration (legacy user interface)
    
    Creating the Edge Device configuration file
    
    New Edge Device - Parameters
    
    Layer 2 network access
    
    Configuring a Layer 2 network access
    
    Settings
    Settings
    
    Editing network and Layer 2 network access settings
    
    Setting up a proxy server
    
    Configuring the Docker network
    
    Downloading logs
    
    Adding an NTP Server
    
    Secure Connection
    
    Device details
    Device details
    
    Details
    
    Settings
    Settings
    
    Memory limit check
    
    Certificate
    
    Streaming logs
    
    Logging
    Logging
    
    Overview
    
    Editing log settings
    
    Device logs
    
    Application logs
    
    Backup & Restore
    Backup & Restore
    
    Configuration
    
    Backup devices
    
    Restore devices
    
    Compatibility
    
    Monitoring Service
    
    Identity federation
    Identity federation
    
    Configuration
    
    Known Issues
    
    Edge Devices (Previous design)
    Edge Devices (Previous design)
    
    Overview
    
    Managing labels
    
    Checking statistics
    
    Removing an Edge Device
    
    Adding tags
    
    Downloading IEM CA certificate
    
    Managing logs
    
    Importing certificates
    
    Enabling and disabling remote access
    
    Storing an Edge Device state
    
    Restoring an Edge Device state
    
    Edge Device system commands
    Edge Device system commands
    
    Edge Device system commands
    
    Updating an Edge Device
    
    Storing multiple Edge Device states
    
    Restoring IED states of multiple Edge Devices
  - Data Connection
    Data Connection
    
    Overview
    
    Apps for Data Connection
    
    UI of Data Connections
  - App Projects (Previous design)
    App Projects (Previous design)
    
    Overview
    
    Authorized Apps
    Authorized Apps
    
    Overview
    
    Joining other projects
    
    Creating a project
    
    Editing a project
    
    Creating an app
    Creating an app
    
    Creating an app
    
    Creating an app - Parameters
    
    Assigning labels
    
    Enabling the external configurator
    
    App details
    
    App configurations
    App configurations
    
    Creating configurations
    
    Available app configurations
    
    Versioned configuration files
    
    Template based configurations
    
    File upload configurations
    
    Add configuration to app - Parameters
    
    IE Application Configuration Service
    IE Application Configuration Service
    
    Overview
    
    Installing the IE App Configuration Service manually
    
    Integration of the IE Acs compatible app configurations
    
    Downloading and checking app configuration
    
    Installing an app from my projects
    Installing an app from my projects
    
    Installing an app from my projects
    
    Installing an app via the IE ACS
    
    Updating an app configuration via the IE ACS
    
    Privileged and network mode
    
    Updating Edge Apps via the IE App Publisher
    Updating Edge Apps via the IE App Publisher
    
    Updating an Edge App
    
    Importing an Edge App to the IE App Publisher
    
    Uploading an Edge App to the IEM
  - User Management (Previous design)
    User Management (Previous design)
    
    My User Groups
    My User Groups
    
    Overview
    
    Creating and editing an user group
    
    Roles
    
    Adding apps
    
    Inviting members
    
    Removing apps
    
    My Admin Groups
    My Admin Groups
    
    Overview
    
    Creating and editing an admin group
    
    Roles
    
    Adding an Edge Device
    
    Inviting Members
    
    Joining other groups
    
    Removing and checking Edge Devices
  - Job status (Previous design)
    Job status (Previous design)
    
    Overview
  - Admin Management
    Admin Management
    
    Overview
    
    Dashboard
    
    Edge Devices
    Edge Devices
    
    Edge Devices
    
    Downloading logs
    
    Submitted apps
    Submitted apps
    
    Submitted apps
    
    Unpublishing apps
    
    Deleting apps
    
    Registered Users
    Registered Users
    
    Registered Users
    
    Transfer IEM access
    
    Manage Roles
    Manage Roles
    
    Manage Roles
    
    Creating a role
    
    My Admin Groups
    My Admin Groups
    
    My Admin Groups
    
    Creating an admin group
    
    Inviting members to an admin group
    
    Settings
    
    Security
    
    Device Catalog
    
    Licenses
    Licenses
    
    License Management in IEM Virtual / Pro / Cloud
    
    License Management in IEM OS (deprecated)
    License Management in IEM OS (deprecated)
    
    IE Licensing Service
    
    Creating and sending license report to IE Hub
    
    Installing the IE Licensing Service
  - Platform settings
  - Identity and Access Management
    Identity and Access Management
    
    Overview of IAM
    
    Authorization concept
    
    User management
    
    Security
    
    Adding identity provider
    
    Clients
    
    Guides
    Guides
    
    Verify users email address
    
    Known issues
    
    Technical overview
    
    Known issues
    
    Best practices
Industrial Edge Device
Industrial Edge Device
- Setup and operate
  Setup and operate
- Utilize
  Utilize
  - Apps
  - Management
  - Statistics
  - Certificate Management
    Certificate Management
    
    Overview
    
    Manage IED Gateway Certificates
    
    Manage Certificate Trust Store
  - App Developer Mode
    App Developer Mode
    
    Overview
    
    Advanced View
  - Identity And Access Management
    Identity And Access Management
    
    Roles
  - My User Groups
    My User Groups
    
    Overview
    
    Creating and editing a group
    
    Roles
    
    Adding apps
    
    Inviting users
    
    Inviting registered Users
  - Catalog
  - Settings
    Settings
    
    Configuration
    
    Connectivity
    Connectivity
    
    Network and Layer 2 network access
    
    Proxy settings
    
    Docker network settings
    
    Registered ports
    
    System
    System
    
    System
    
    Enabling app developer mode
    
    Members
    
    Registered users
    
    Logging & Monitoring
    Logging & Monitoring
    
    Overview
    
    Stream based Logging
    Stream based Logging
    
    Metrics Service overview
    
    Destination
    Destination
    
    Management
    
    Specs
    
    Examples
    
    Creating metrics configuration
    
    Export & Import configuration
    
    Global Settings & Limitations
    
    Metrics data
    
    Prometheus Support
    
    File based Logging
    
    Resource Manager
  - Edge Device Notifications
  - Storage manager service
  - Audit Event
Security
Security
- General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
  Table of contents
- System Overview
- Certificates
- Operational environment - Example
- Contacted domain names
- IP protocols and ports
- Industrial Edge components - Security measures
  Industrial Edge components - Security measures
- Setup guidelines and recommendations
  Setup guidelines and recommendations
  - Setup guidelines and recommendations
  - General recommendations
  - Network security and segmentation
  - Identity and access management
  - Secure channels and encryption
  - Security logging and monitoring
  - Backup and restore
  - Attack Surface Reduction
  - Patch management
    Patch management
    
    Overview
    
    Information on updates
    
    Patch management
  - Malware protection
  - Secure app development
  - App security
Updates & Migrations
Updates & Migrations
- Overview
- Updating the IEM Pro
- Updating the IEM Virtual
- Updating the IEM Cloud
- Updating the IEM OS (end-of-life)
  Updating the IEM OS (end-of-life)
- Updating Configurators (end-of-life)
- Updating Device Applications
- Updating Edge Devices
- Relocating Edge Devices
- Migrate to Management Apps
Support

Siemens adheres to the principles of data protection, in particular the principles of data minimization (Privacy by Design).

For this product, Industrial Edge, this means:

Personal data¶

The product processes and stores the following personal data:

First name and last name (Sign up)
Email address
Passwords
Timestamp
Location data (time zone)
IP addresses
MAC addresses

If the customer links the data mentioned above to other data (e.g. shift plans) or if the customer saves personal information on the same medium (e.g. hard disk) and thus creates a personal reference, the customer has to ensure that the guidelines regarding data protection are observed.

Purposes¶

The data mentioned above is required for the following purposes:

Access protection and security measures (for example login, IP addresses)
Process synchronization and integrity (for example information about time zones, IP addresses)
Archiving system for traceability and verification of processes (for example access timestamps)
Message system for traceability and availability (for example e-mail notification)

Storage of the data is affected for a suitable purpose and is limited to what is strictly necessary, as the information is indispensable in order to identify the authorized operators.

Scope¶

Platform-related authentication data (login to the IED admin interface) is stored on the IEM system. The IEDs do NOT contain any related login information as every IED requires a permanently established connection to the IEM to work properly. However, the IEA providers are responsible for additional, app-related data and their protection.

Data protection¶

The above data will not be stored anonymously or pseudonymized, as the purpose (identification of the operating personnel) cannot be achieved otherwise. The data will be used only within the product and will not be automatically passed on to third parties or unauthorized persons.

The above data is secured by adequate encryption technologies. The customer must ensure the access protection as part of his process configuration.

Industrial Security¶

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks.

In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept.

Siemens’ products and solutions constitute one element of such a concept.

Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmentation) are in place.

For additional information on industrial security measures that may be implemented, please visit.

Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed at.

Deletion policy¶

This product does not provide an automated deletion of the data mentioned above.

Cookies¶

Regarding cookies, please refer to the Siemens cookie guidelines.