Mobile App Deployment Architectures

IIS Web Server and Web Service Interface

The mobile app connects to Desigo CC through the Web Service Interface (WSI), and requires an IIS web server to be configured in the system:

System Description
System Description

 

System Configuration Variants

Local IIS Web Server Mobile App Deployments

You can run the IIS web server on the same computer as the Desigo CC server. However, this type of deployment is recommended only within a secure intranet, because the IIS web server is not isolated from the Desigo CC server. The following images show examples of local IIS deployments for both standalone and multi-client management platforms.

Local IIS Deployment on Intranet: All-in-One System Configuration
Local IIS Deployment on Intranet: All-in-One System Configuration

 

Local IIS Deployment on Intranet: Multi-Client System Configuration
Local IIS Deployment on Intranet: Multi-Client System Configuration

 

Local IIS Deployment on Internet (not recommended)
Local IIS Deployment on Internet (not recommended)

 

Remote IIS Web Server Mobile App Deployments

For internet deployments, it is recommended to run the IIS web server on a separate computer from the Desigo CC server. To ensure security, this computer should be isolated in a perimeter network (DMZ) and it should not be used as a Desigo CC installed client or FEP. The following images show examples of remote IIS deployments for both standalone and multi-client configurations.

 

Remote IIS Deployment on Internet: All-in-One System Configuration
Remote IIS Deployment on Internet: All-in-One System Configuration

 

Remote IIS Deployment on Internet: Multi-Client System Configuration
Remote IIS Deployment on Internet: Multi-Client System Configuration

 

Configuration Workflow for Deploying the Mobile App

For step-by-step instructions see Setup Checklist for Mobile App.

Security Certificate Requirements for Different System Configurations

 

Required in all configurations to connect to the mobile app

Certificate to secure communication between the IIS web server and the mobile app clients.

(This is the certificate you configure for the parent website of the WSI web application in the SMC)

If you use a:

  • Private CA host certificate (generated using SMC): the same root certificate that signed this private CA host certificate must also be installed on the mobile device.
  • Public (commercial) CA host certificate: nothing needs to be installed on the mobile device because the root of the certificate is automatically trusted.

NOTE: You cannot use a self-signed certificate to secure the communication between IIS and the mobile app.

 

Required in remote IIS configurations for mobile app support.

Certificate to secure communication between the IIS web server and the WSI on the Desigo CC Server

(This is the certificate configured in the WSI tab of the Project settings)

Not required for local IIS because IIS web server is on same computer as the Desigo CC Server.

With a remote IIS web server, this communication can be secured with the Desigo CC server’s private CA host certificate. The corresponding root certificate must be imported into the remote IIS web server computer.

 

Required only for Windows App Client support (not for mobile app)

Certificate to secure communication between the IIS web server and the CCom Port on the Desigo CC Server.

If you only want mobile app support (but no Windows App clients), you can set CCom Port Web communication to Disabled.

If you do also want Windows App client support:

  • With a local IIS, no certificates are needed because the IIS web server is on same computer as the Desigo CC Server. (In SMC, CCom Port settings Web communication is set to Local)
  • With a remote IIS, certificates are needed because the IIS web server is on a different computer (In SMC, CCom Port settingsWeb communication is set to Secured). Set the Desigo CC server CA host certificate, and make sure the corresponding root certificate is installed on the remote IIS web server.

 

Required only for multi-client systems

Certificates to secure the communication between the Desigo CC server and its installed clients/FEPs

In an all-in-one system, certificates are not required as there is only one computer. (In SMC client/server communication is set to Standalone)

In a multi-client system, require a host certificate for the server plus a host certificate for each client/FEP. (In SMC, client/server communication is set to Secured). All the computers must have the corresponding root certificate imported.
NOTE: Communication can also be set to Unsecured, but only in an intranet setting.