2. Network

In order to protect the  system, it is recommended that the machines within the Control Zone and Execution Zone are placed behind firewalls. For further information how this setup is done, see Communications through Firewalls in 4. Network Security in the System Administration Guide.

The internal protocol RCP and HTTP are used for communication between pico instances in . It is recommended that both RCP and HTTP are encrypted with TLS, with or without authentication. For further information about how to set up encryption, see 4.2 RCP Encryption and 4.3 HTTP Encryption in 4. Network Security in the System Administrator's Guide.

Users that have the relevant permissions can login to the Platform or EC/ECSAs via the Web Interface using HTTP or HTTPS. The credential and permissions for the Platform Web Interface are configured in the Access Controller in the Desktop.

The default user mzadmin, can login to Execution Context Web Interface and the password must be set in the Execution Context property ec.httpd.password. This property should be changed to the encrypted form. For more information about how to encrypt the password, see encryptpassword in 2.1 Always Available in the 3. Command Line Tool.

Pico instances such as EC/ECSAs and SCs can be started remotely from the Platform Container via SSH. Remote access is disabled by default but can be enabled via the mzsh commando topo. For further information about enabling remote access to Execution Containers, see 2.2 Remote Access to Containers in the System Administrator's Guide.