FactoryTalk System Services

FactoryTalk System Services
 provide the policy authority, certificate authority, identity services, and deployment services required to enforce security policies.

Databases

FactoryTalk System Services
 use CouchDB for the creation and maintenance of policy databases.
TIP:
FactoryTalk System Services
 depends on database services. Database services can take up to 2 minutes to start after the computer is restarted. During that time,
FactoryTalk Policy Manager
 will be unable to connect to
FactoryTalk System Services
.
During the
FactoryTalk System Services
 installation, CouchDB:
  • Installs automatically if not already installed.
  • Adds and configures the required administrative users and controls.
  • Creates policy databases.

Services

FactoryTalk Policy Manager
 uses these
FactoryTalk System Services
:
Authentication Service
Authenticates users and validates user resource requests. Validates user credentials against
FactoryTalk Directory
 and
FactoryTalk
 security policy settings to obtain privileges associated with the user.
Certificate Service
Issues and manages X.509v3 certificates for use within the
FactoryTalk
 system.
Deployment Service
Translates the security policy model defined using
FactoryTalk Policy Manager
 to
CIP
 and
OPC UA
 configurations that are delivered to endpoints. Protocols configurations are deployed independently.
Diagnostics Service
Makes
FactoryTalk
 audit and diagnostic logs available as a web service.
Policy Service
Builds and manages network trust models and define security policy for
CIP
 and
OPC UA
 endpoints.
Differential deployment
Enables deployment of changes in the security policy model only to the affected devices, instead of deploying the model to all devices.
Support for
CIP Security
 Proxy devices
Uses proxy devices to secure communications to and from devices that do not have
CIP Security
 capabilities.
Backup and restore
Preserves and restores the security policy models in case of a system failure.
Security eventing
Sends eventing configuration to devices and stores events from
FactoryTalk Policy Manager
 and
FactoryTalk System Services
 as Syslog messages.
DTLS timeout
Configures the devices to close their DTLS sessions after a specified period of inactivity.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal