Using a Remote Backend with Encryption

This feature provides encrypted communication between the NGA manager and the backend. To use a remote backend with encryption, proceed as follows:

Install WinCC OA on the remote machine.
Note: You need the installation even though a project is not running on the remote machine.
On the System Management > Database > Database Engineering > Backend tab , delete the content of the Execution file and select the Execution Type Out-Off-Proc.
Generate two encryption key files via the encryption panel. Open the panel via System Management > Database > Database Engineering > Backend tab > General Settings > Basic Configuration > Encryption Certificate .
Click in the "Encryption Certificate" field. For the description of the Encryption Certificate field, see chapter Basic Configuration ->Encryption Certificate
Figure 1. Encryption Certificate

CAUTION: Create the encryption key files on the same operating system on which you use them!

Note: The encryption can only be used for the Execution Type Out-Off-Proc

Two files are generated, one for the frontend (NGA manager) and one for the backend in the wincc_oa_path/config directory. NOTE that you should save the files in a secure location!

On the remote machine start the backend manually by passing the location of the backend encryption key file. Execute the following command in the wincc_oa_path/bin directory:
```
NGAinfluxBackend.exe "frontend_address":"port" [encryption_key_path]
```

for example:

NGAinfluxBackend.exe 192.168.8.6:50200 D:/WinCC_OA_Projects/NGA_proj/config/zmq_backend_InfluxDB.key

Note: If the Execution Type is changed back to In-Proc, delete the internal NGA data points.