General Information on Configuring MySQL Connections

Overview

This chapter provides information on how to configure a connection to a MySQL database.

MySQL Software Components

The following SQL components are required to establish a connection to a MySQL database:

SQL server (not supplied by Schneider Electric):
- MySQL 5.1 and later versions
SQL client (not supplied by Schneider Electric)
- MySQL Workbench
MySQL database created with the SQL client

Supported Data Types

The following data types are supported for MySQL:

Category	Data types
Integer	TINYINT SMALLINT MEDIUMINT INT BIGINT BIT
Real	FLOAT DOUBLE DECIMAL
Text	CHAR VARCHAR TINYTEXT TEXT
Temporal	DATE TIME YEAR DATETIME TIMESTAMP
Other	ENUM SET

Considerations Concerning Cybersecurity for MySQL Connections

For MySQL connections, consider the following:

Secured connections over TLS (Transport Layer Security) / SSL (Secure Socket Layer) are supported between the SQL Gateway and the MySQL database. If you configure these connections properly, the database may be located outside your industrial network.
Windows authentication is not supported.
Communication should only be performed inside your industrial network, isolated from other networks inside your company and from the Internet.

NOTE: Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.

WARNING
	UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION Evaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network. Limit the number of devices connected to a network to the minimum necessary. Isolate your industrial network from other networks inside your company. Protect any network against unintended access by using firewalls, VPN, or other, proven security measures. Monitor activities within your systems. Prevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions. Prepare a recovery plan including backup of your system and process information. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION

Evaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network.
Limit the number of devices connected to a network to the minimum necessary.
Isolate your industrial network from other networks inside your company.
Protect any network against unintended access by using firewalls, VPN, or other, proven security measures.
Monitor activities within your systems.
Prevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions.
Prepare a recovery plan including backup of your system and process information.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

For more information on organizational measures and rules covering access to infrastructures, refer to ISO/IEC 27000 series, Common Criteria for Information Technology Security Evaluation, ISO/IEC 15408, IEC 62351, ISA/IEC 62443, NIST Cybersecurity Framework, Information Security Forum - Standard of Good Practice for Information Security.