Engineering Standard

SAES-Z-010 26 June 2014

Process Automation Networks
Document Responsibility: Process Control Standards Committee

Saudi Aramco DeskTop Standards

Table of Contents

1 Scope............................................................. 2
2 Conflicts and Deviations................................. 4
3 References..................................................... 4
4 Definitions....................................................... 6
5 Process Automation Network Design............. 8
6 Wiring System.............................................. 12
7 PAN Router and Switch Access and
Monitoring Design Requirements......... 12
8 Operating System and
Network Device Hardening................... 15
9 Centralized Patch Server............................. 15
10 Backup and Recovery.................................. 16
11 System Testing............................................. 16
12 Documentation............................................. 16

Previous Issue: 2 July 2013 Next Planned Update: 1 September 2017

Revised paragraphs are indicated in the right margin Page 1 of 17
Primary contacts: Abualsaud, Zakarya Aon +966-3-880-1358

Copyright©Saudi Aramco 2014. All rights reserved.

Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

1 Scope

1.1 This standard establishes the requirements for design, installation, configuration
and commissioning of Process Automation Networks (PANs), which shall
interface with plant DMZ (Demilitarized Zone) to communicate with the Saudi
Aramco Corporate Network or third party external networks. Process Automation
Network (PAN) is a plant wide network interconnecting Process Control Systems
(PCS) that provides an interface to the Corporate Network through plant DMZ.
A PAN does not include proprietary process control networks provided as part of
a vendor's standard process control system.

Parties involved in the commissioning of PANs are required to comply with this
standard.

1.2 The following standards are excluded from this standard:

1.2.1 The requirements and guidelines governing the engineering, design

and installation of Process Control Systems is covered in SAES-Z-001.

1.2.2 The requirements and guidelines governing the engineering, design and
installation of Supervisory Control and Data Acquisition (SCADA) is
covered in SAES-Z-004.

1.2.3 The requirement for engineering design, specification, installation,

configuration, commissioning and maintenance for FOUNDATION™
fieldbus based control systems are covered in SAES-J-904.

1.2.4 The procedural requirements and guidelines to govern minimum

mandatory Security for Process Control Systems and Networks are
covered in SAEP-99.

1.2.5 The requirement for governing the design, installation, configuration,

and commissioning of Saudi Aramco plant Demilitarized Zone (DMZ)
Architecture, which shall establish an intermediate network between the
Saudi Aramco Process Automation Network (PAN) and Saudi Aramco
Corporate Network is covered in SAES-T-566.
1.2.6 Figure 1 below further illustrates the division of responsibilities between
the relevant standards:

1.3 This entire standard may be attached to and made a part of purchase orders.

Page 2 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

Figure 1 - Standards Coordination Drawing

Page 3 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

2 Conflicts and Deviations

2.1 Any conflicts between this standard and other applicable Saudi Aramco
Materials System Specifications (SAMSSs), Engineering Standards (SAESs),
Engineering Procedures (SAEPs), Standard Drawings (SASDs), or other
Mandatory Saudi Aramco Engineering Requirements (MSAERs) shall be
resolved in writing by the Company or Buyer Representative through the
Chairman, Process Control Standards Committee, Process & Control Systems
Department, Dhahran.

2.2 Direct all requests to deviate from this standard in writing to the Company or
Buyer Representative, who shall follow internal company procedure SAEP-302
and forward such requests to the Manager, Process & Control Systems
Department of Saudi Aramco, Dhahran.

3 References

The selection of material and equipment and the design, construction, maintenance, and
repair of equipment and facilities covered by this standard shall comply with the latest
edition of the references listed below, unless otherwise noted.

3.1 Saudi Aramco References

Saudi Aramco Engineering Procedure

SAEP-99 Process Automation Networks & Systems Security
SAEP-302 Instructions for Obtaining a Waiver of a Mandatory
Saudi Aramco Engineering Requirement
SAEP-701 Plant Ethernet Network Test Procedure
SAEP-1630 Preparation of Integration Test Procedure Document
SAEP-1634 Factory Acceptance Test Plan
SAEP-1638 Site Acceptance Test Plan

Saudi Aramco Engineering Standards

SAES-J-902 Electrical Systems for Instrumentation
SAES-J-904 FOUNDATION™ fieldbus (FF) Systems
SAES-P-103 UPS and DC Systems
SAES-T-566 Plant Demilitarized Zone (DMZ) Architecture
SAES-Z-001 Process Control Systems

Page 4 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

SAES-Z-004 Supervisory Control and Data Acquisition (SCADA)

System

Saudi Aramco Materials System Specifications

23-SAMSS-010 Distributed Control Systems
23-SAMSS-020 Supervisory Control and Data Acquisition (SCADA)
Systems
23-SAMSS-030 Remote Terminal Unit
23-SAMSS-050 Terminal Management Systems
23-SAMSS-701 Industrial Ethernet Switch Specifications
23-SAMSS-072 Data Acquisition and Historization System (DAHS)
34-SAMSS-820 Instrument Control Cabinet - Indoor

Saudi Aramco Engineering Report

SAER-6123 Process Automation Networks Firewall Evaluation
Criteria

Saudi Aramco General Instructions

GI-0299.120 Sanitization and Disposal of Saudi Aramco Electronic
Storage Devices and Industry Codes and Standard
GI-0710.002 Classification of Sensitive Information

Corporate Policy
INT-7 Data Protection and Retention

Saudi Aramco Information Protection Manual (IPM)

IPSAG-007 Computer Accounts Security Standards & Guidelines

3.2 Industry Codes and Standards

Institute of Electrical and Electronics Engineers, Inc.

IEEE 802.3 Carrier Sense Multiple Access with Collision
Detection (CSMA/CD) Access Method and
Physical Layer Specifications

Page 5 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

4 Definitions

Backbone: A network configuration that connects various LANs together into an

integrated network. In a Plant-wide network, that part of the network whose primary
function is to forward data packets between the other smaller networks.
CoGen: Supplementary Power generation facilities, normally operated by a third party.
Demilitarized Zone (DMZ): A network installed as a “neutral zone” between two
networks with different security levels that require exchanging information. The DMZ
network prevents information and network traffic from passing directly between the two
networks; in Saudi Aramco’s case, between the Corporate Network and the PAN.

Firewall: A firewall is a set of related programs, located at a network gateway server

that protects the resources of a private network from users of other networks.
Human Machine Interface (HMI): The display, data entry devices and supporting
software to allow a user access to applications.
Interfaces: Software modules for collecting data from data sources or sending data to
other systems. Typical data sources are Distributed Control Systems (DCSs),
Programmable Logic Controllers (PLCs), OPC Servers, lab systems, and process
models. However, the data source could be as simple as a text file.
L3 Switch: A network device that joins multiple computers together at the network
protocol layer of the Open System Interconnection (OSI) model eliminating the need for
a router. L2 network switches operate at layer two (Data Link Layer) of the OSI model.
Local Area Network (LAN): A private data communications network, used for
transferring data among computers and peripherals devices; a data communications
network consisting of host computers or other equipment interconnected to terminal
devices, such as personal computers, often via twisted pair or coaxial cable.
Logical Separation: use of different Layer 3 network subnets or software running on
common hardware to separate two or more networks and systems.
Logs: Files or prints of information in chronological order.
OPC: OPC (originated from OLE for Process Control, now referred as open
connectivity via open standards) is a standard established by the OPC Foundation task
force to allow applications to access process data from the plant floor in a consistent
manner. Vendors of process devices provide OPC Servers, whose communications
interfaces comply with the specifications laid out by the task force (the OPC Standard),
and any client software that complies with that standard can communicate with any of
those servers without regard to hardware releases or upgrades. The connection between

Page 6 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

the client and the OPC Server is either through the Microsoft COM interface or through
OLE Automation, and the client accesses data from the data cache maintained by the
OPC Server or requests that the server read the device directly.
Physical Separation: use of different hardware to separate two or more networks and
systems.
Process Automation Network (PAN): is a plant wide network interconnecting Process
Control Systems (PCS) that provides an interface with plant DMZ to communicate with
the Corporate Network or third party external networks. A PAN does not include
proprietary process control networks provided as part of a vendor's standard process
control system.
Scan Node: Scan Nodes run interfaces. Interfaces get the data from the data sources
and send it to the plant historian servers. Each different data source needs an interface
that can interpret it.
Secured Node: A server or a workstation is located in a room with controlled physical
access. It is assigned with a fixed IP address and the remote desktop service is disabled;
however, remote desktop client can be enabled. Access to the room must be logged
with information such as, Name, Date, time of entry/exit and type of activity.
Server: A server is a dedicated un-manned data provider.
Virtual Private Network (VPN): A private communications network existing within a
shared or public network platform (i.e., the Internet).

Abbreviations:
CCTV - Closed Circuit Television
CSMA/CD - Carrier Sense Multiple Access / Collision Detection
DAHS - Data Acquisition and Historization System
DCS - Distributed Control Systems
DHCP - Dynamic Host Configuration Protocol
DMZ - Demilitarized Zone
DNS - Domain Name System
FTP - File Transfer Protocol
IP - Information Protocol
LAN - Local Area Network
OSI - Open Systems Interconnection
PAN - Process Automation Network

Page 7 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

SCADA - Supervisory Control and Data Acquisition

TCP - Transmission Control Protocol
UDP - User Datagram Protocol
UPS - Uninterruptable Power Supply
VLAN - Virtual LAN
VMS - Vibration Monitoring System
WiFi - Wireless Fidelity

5 Process Automation Network Design

5.1 The PAN shall be based on IEEE 802.3 CSMA/CD (Ethernet) standard.
The backbone shall be based on Layer 3 multi-protocol switches or routers.

5.2 Physical and Logical Separation

5.2.1 The network design shall provide physical and logical separation between
PAN and all other networks such as the Saudi Aramco Corporate Network
using SAES-T-566 standard, titled “Plant Demilitarized Zone (DMZ)
Architecture” standard.

5.2.2 Logical separation such as VLAN or Layer 3 network subnets is mandatory

for subsystems such as CCTV, telephone network connections in PAN.

5.2.3 Physical separation utilizing dedicated fiber strands is permitted outside

plant fence and shall include a service level agreement defining area of
responsibility for support and maintenance, including agreed response time.
Commentary Note:

Growth and future expansions shall be considered.

5.3 PAN can be used to integrate auxiliary systems on a single network such as
Emergency Shutdown Systems, Compressor Control Systems, Vibration
Monitoring Systems, etc., for the purpose of centralizing the engineering and
maintenance activities of the plant.

5.4 Remote Access

5.4.1 Remote control from Corporate Network or Internet even through the
plant firewall is not permitted.

5.4.2 Remote maintenance and engineering activities by Saudi Aramco personnel

through the firewall is permitted. The following conditions shall apply:

Page 8 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

5.4.2.1 The Engineering station must be in a room with controlled

physical access.

5.4.2.2 Remote access nodes shall be placed on the corporate network

or other PANs.

5.4.2.3 The remote engineering stations shall have terminal services

(Remote Desktop) disabled. The remote engineering stations
shall have static IP address assigned.

5.4.3 For remote vendor troubleshooting, the following shall be followed:

5.4.3.1 Manager approval is required prior to the establishment of the

connection unless a plant operation department and a vendor
establish a service contract, which includes a remote vendor
troubleshooting service.

5.4.3.2 User ID authentication shall be performed by Saudi Aramco

Information Technology (IT) active directory services.

5.4.3.3 Two factor authentications shall be used to verify vendor identity.

5.4.3.4 A Virtual Private Network shall be used for vendor remote

troubleshooting for communication between remote access nodes.

5.4.3.5 User ID authentication shall adhere to IT corporate policy.

5.5 PAN shall not be permitted to access the internet.

5.6 All TCP/IP addressing shall be obtained from Saudi Aramco IT Organization.

5.7 All nodes on the PAN shall be assigned static IP addresses.

5.8 Dynamic Host Configuration Protocol (DHCP) shall not be used on the PAN.

5.9 Plant Historian

Plant Historian is a plant-wide data repository which collects, archives, and

disseminates real-time plant information at extremely high speeds. It can be
cost-efficiently scaled to meet the demands of small, medium and large plants
equally. It can read all types of process data, and is the ideal solution to have all
key parameters of all types of manufacturing operations.

Historian System Architecture: The architecture basically consists of three

components which are the corporate PI server, local PI server, and local PI scan
node. The corporate PI server is located on the corporate network (CN), where
reading and collecting data through PI-to-PI interfaces from one or more DMZ

Page 9 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

local PI server(s). The DMZ local PI server is reading and collecting data from
the PI scan node located in PAN through the Plant-DMZ firewall. The PI Scan
node will be interfaced to the Plant Process Automation Systems to get real time
data and the Server which is called Data Collector will let captured process data
to be stored in time-series database with accurate time stamping and send it to
the local DMZ PI server.
 Corporate Plant Historian Server(s) shall be on Corporate Network (CN) and
it shall be Saudi Aramco standard (IT) server hardware.
 Corporate Plant Historian shall be accessed within the plant using Corporate
Network.
 Local PI server and PI Interface Server, which has PI-to-Pi interface on the DMZ.

 PI-to-PI Interface shall transfer data between two PI Servers that are
separated by a DMZ and Firewalls.

 PI-to-PI Interface Server should be on the DMZ and it shall be Saudi

Aramco standard (IT) server hardware.
 PI Scan node server shall be on Process Automation Network (PAN) and it
shall be Saudi Aramco standard (IT) server hardware.
 PI Scan Node server shall be configured to buffer maximum amount of process
data in case of disconnection in communication between PAN and DMZ.
 Network traffic between local Plant Historian and Scan node shall be
through the plant DMZ firewall.
 Port TCP 5450 must be enabled at the firewall, to open the communication
between the Corporate Plant Historian Server and Local Plant Historian
Server/PI-to-PI Interface Server located in the DMZ.
 Data sources (PLCs/DCS/SCADA, etc.) shall be configured by industry
standard OPC interface and avoid vendor specific interfaces as far as possible.
 Use one Scan node to install both OPC Server (provided by data source
vendor) and OPC Client (provided by plant historian vendor). This will
eliminate the COM/DCOM issues.

In case of multiple OPC Servers, it is recommended to use a single OPC client

(scan node). Multiple scan nodes can also be used in case of load balancing or
any compatibility issues. Tunneller software can be used in this situation to
eliminate COM/DCOM issues.

Page 10 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

5.10 A PAN sample architecture diagram is illustrated in Figure 2.

Figure 2 - A PAN Sample Architecture Diagram

Page 11 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

6 Wiring System

6.1 Fiber Optic patch panels shall be installed in a cabinet.

6.2 PAN routers and switches shall be installed in a cabinet.

6.3 Fiber Optic Cable routed to another cabinet shall be run in Polyethylene
Corrugated Loom Tubing or flexible conduit at a minimum.

6.4 Corrugated Loom Tubing or flexible conduit is not required inside cabinets.

6.5 PAN cabling shall conform to “The Data Link” requirements in SAES-J-902
(Electrical Systems for Instrumentation).

6.6 PAN cabinets shall be designed in accordance with Saudi Aramco Materials
System Specification 34-SAMSS-820 without affecting the accessibility and
safety.

6.7 UPS/Battery capability and software implemented to provide for a controlled

shutdown of services in PAN components shall be configured according to
SAES-P-103, “UPS and DC Systems.”

7 PAN Router and Switch Access and Monitoring Design Requirements

7.1 PAN Router and Switch Administration

7.1.1 Management of passwords, User IDs and User Role privileges of servers
and workstations shall be done via a central server connected to the PCS
system.

7.1.2 User Accounts

7.1.2.1 Each User should be assigned a unique User ID.

7.1.2.2 All GUEST user accounts shall be disabled on the system.

7.1.2.3 Where applicable, all individual User IDs formats should

conform to corporate guidelines as highlighted in Section
11.1.1.3.6 “USER ID CONSTRUCTION” in IPSAG-007.

7.1.3 User Account Passwords

7.1.3.1 Every User ID shall have an individual password.

7.1.3.2 The system shall be configured to require a minimum password

length of eight characters.

Page 12 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

7.1.3.3 Passwords shall be transmitted and stored in encrypted format.

7.1.3.4 The system shall be configured to enforce password

uniqueness. A minimum of three unique passwords must be
entered before a password can be re-used.

7.1.3.5 Password Construction

The system shall be configured to enforce password complexity

rules. Easy guessable passwords must be avoided at all times.
As a minimum a password must be constructed and contained at
least two of the following four characteristics:
 Lower case characters a-x
 Upper case characters A-Z
 Digits 0-9
 Punctuation characters, e.g., ! @ # $ % ^ & *, etc.

7.1.4 The system should be configured to require passwords to be reset for all
User IDs every six months.

7.1.5 The system should issue a password expiration notification to the user at
least 10 days prior to password expiry date.

7.1.6 Passwords shall be masked on the screen while being entered.

7.1.7 In order to change user account passwords, users should always be required
to provide both their old and new passwords, if supported by the system.

7.1.8 PAN router and switch passwords shall be changed prior to commissioning.

7.1.9 PAN routers and switches should monitor and record all failed login
attempts.

7.2 System Access

7.2.1 System Login scripts, if any, shall be configured to prevent a user

bypassing them.

7.2.2 Repeated login failures shall be logged with the location, date, time and
user account used.

7.2.3 At login time, every user should be given information reflecting the last
login time and date, if supported by the system or application. This will
allow unauthorized system usage to be detected.

Page 13 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

7.3 Using wireless technologies such as ISA 100.11a and WiFi in the Process
Automation Network or to extend the PAN are permitted with prior approval
from P&CSD Manager.

7.4 PAN equipment that contains data storage shall be sanitized in compliance with
GI-0299.120, when disposed of.

7.5 Monitoring and Review

7.5.1 The PAN shall be configured for the monitoring and recording of:
 Unexpected users logged on the system.
 Users from unexpected hosts logged on.
 Users logged on at unexpected times.
 Login failures.
 Logins from unknown hosts.
 Failed access to system files.
 Changes to the system date and/or time.
 System reboots and shutdowns.
 Use of remote console facility.
 Integrity of system security files.
 Users without passwords.
 Users with passwords similar to their login names.
 Users with passwords of fewer than six characters.
 Users who are not required to change their passwords every 120 days.
 Users who are not required to use unique passwords.
 Inappropriate accesses to system files.

7.5.2 PAN switches and routers shall be configured to capture all related
events to detect performance and availability related problems.
This must be a vendor approved solution.

7.5.2.1 The events below should be captured:

 System alarms and failures
 CPU utilization
 Memory utilization
 IO rates (i.e., physical and buffer) and device utilization
 Network utilization (e.g., transaction rates, error and retry
rates)

Page 14 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

Capturing processes (if not all, at least unexpected ones) should

also be required to detect and/or root cause any malware.

7.5.2.2 Vendor approved 3rd party computer hardware monitoring

software or appliance may be used to manage hardware
performance monitoring parameters.

7.5.3 Retention and archival of security audit logs shall be developed in

accordance with Corporate Data Protection and Retention INT-7 policy.
The retention period for audit logs shall be set for 3 months as a
minimum.

7.5.4 Captured information classified as “Sensitive”, as defined in

GI-0710.002, shall be adequately safeguarded.

7.6 Physical Access

7.6.1 The PAN hardware components such as cables, switches, routers and
modems are vulnerable to vandalism and electronic eavesdropping and
shall be physically secured.

7.6.2 Physical access to these components shall be restricted to those persons

authorized for administrative access.

8 Operating System and Network Device Hardening

8.1 PAN equipment shall be deployed with vendor latest supported security
hardened operating system.

8.2 The secure configuration baselines shall be thoroughly tested by the vendor.
The vendor shall enable the PAN administrators to support and administrate the
PAN equipment after deployment and commissioning.

8.3 PAN equipment with unused physical ports/interfaces shall be disabled prior to
commissioning.

9 Centralized Patch Server

A centralized patch server shall be located on the PAN or DMZ to distribute operating
systems’ security patches, antivirus updates, and vendor application software to stations
located on PAN or DMZ. This centralized server shall be used for stations connected to
the PAN, which are part of other systems such as PCS or emergency shutdown systems.

Page 15 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

10 Backup and Recovery

A complete backup of PAN switches, routers, and PAN systems configuration shall be
developed for new installations or upgrades of PAN equipment. This includes:

10.1 All necessary operating system and configuration files.

10.2 The backup is tested and verified.

10.3 Multiple copies of the backup are made.

10.4 One copy shall be stored in a secure onsite location and the other copy shall be
maintained at a secure off-site location.

11 System Testing

11.1 Testing shall address all Plant components, networking and interfaces to
external systems and to legacy applications/system. Formal testing shall
minimally comprise Factory Acceptance Test (FAT) per SAEP-1634, Site
Acceptance Tests (SAT) per SAEP-1638, Performance Acceptance Tests (PAT),
and Preparation of Integration Test Procedure Document SAEP-1630.

11.2 Comprehensive test plans and test specifications such as SAEP-701 “Plant Ethernet
Network Test Procedure” shall be followed for all plant platforms, networking,
applications, integration components, interfaces to external systems and legacy
applications/systems, and any additional technology content of the project.

12 Documentation

Comprehensive documentation shall be provided to ensure that the PAN is installed and
configured in a consistent manner. It shall include detailed layouts of TCP/IP addressing
schemes and all other network protocols used in the system. The documentation shall
also include physical locations of systems components like routers, and switches.
The following shall be made available:

12.1 Standard vendor manuals and catalogs shall be provided in CD-ROM or other
electronic media. Formats should be in PDF or HTML.

12.2 Equipment configuration data bases in Microsoft Excel, Access or Intools.

12.3 Final project specific documents in two signed hard copies plus two (2) sets of
CD-ROM in Microsoft Word.

12.4 A plant network drawings layout showing the PAN logical and physical design
and its interconnection to the Corporate Network.

Page 16 of 17
Document Responsibility: Process Control Standards Committee SAES-Z-010
Issue Date: 26 June 2014
Next Planned Update: 1 September 2017 Process Automation Networks

12.5 A PAN System Architectural Drawing(s) provides a complete and detailed

overall interconnection methodology for all PAN equipment and components.

12.6 All PAN software shall be authentic, supported, and up to date with security
patches, fixes or other revisions. Software licenses, activation keys and, where
available, offline backup media shall be provided as part of the equipment
documentation.

Revision Summary
1 September 2012 Major revision to include value engineering study’s comments and recommendations.
2 July 2013 Minor revision to reflect the new DMZ requirements in Plant Demilitarized Zone (DMZ)
Architecture Requirements.
26 June 2014 Editorial revision to change the primary contact from Plant Networks Unit

Page 17 of 17