Using a Remote Backend with Encryption

This feature provides encrypted communication between the NGA manager and the backend. To use a remote backend with encryption, proceed as follows:
  • Install WinCC OA on the remote machine.
    Note: You need the installation even though a project is not running on the remote machine.
  • On the System Management > Database > Database Engineering > Backend tab , delete the content of the Execution file and select the Execution Type Out-Off-Proc.
  • Generate two encryption key files via the encryption panel. Open the panel via System Management > Database > Database Engineering > Backend tab > General Settings > Basic Configuration > Encryption Certificate .
  • Click in the "Encryption Certificate" field. For the description of the Encryption Certificate field, see chapter Basic Configuration ->Encryption Certificate
    Figure 1. Encryption Certificate
    Figure 2. Encryption Certificate
CAUTION: Create the encryption key files on the same operating system on which you use them!
Note: The encryption can only be used for the Execution Type Out-Off-Proc
Two files are generated, one for the frontend (NGA manager) and one for the backend in the wincc_oa_path/config directory. NOTE that you should save the files in a secure location!
  • On the remote machine start the backend manually by passing the location of the backend encryption key file. Execute the following command in the wincc_oa_path/bin directory:
    NGAinfluxBackend.exe "frontend_address":"port" [encryption_key_path]
for example:
NGAPostgreSQLBackend.exe 192.168.8.6:50200 D:/WinCC_OA_Projects/NGA_proj/config/zmq_backend_PostgreSQL.key
NGAinfluxBackend.exe 192.168.8.6:50200 D:/WinCC_OA_Projects/NGA_proj/config/zmq_backend_InfluxDB.key
Note: If the Execution Type is changed back to In-Proc, delete the internal NGA data points.