Starting in Windchill 12.0.2 we need allow PTC to connect with our Windchill servers or request an exemption.
I'm sure we've all got intellectual property and commercial or security sensitive data stored in our systems.
What are the risks and mitigations of opening up the connection so PTC can collect the licence data?
You have to allow PTC to collect that data, it is not mandatory.
I have 3 Windchill systems, one is not even connected to the internet so PTC can have no access to it.
There are licensing configurations that will allow you to keep the data out of PTC's hands.
What are those licensing configurations? We've converted to leased licenses. Is this what you are referring to? Trick is getting your security group to trust the phone home services. I know if we look at the data is a big nothing burger but this is a tough group to convince. If they have the choice to trust or close a vector of attack, they will close it. They should at least allow customers to put safety checks in place to prevent data leaks. Putting my black hat on, if bad actors were able to worm their way into PTC development, they could insert code to change what gets outputted. With no opportunity to block it, data is gone. "This place is an X-File, wrapped in a cover-up and deep-fried in paranoid conspiracy! There will be zero contact with the outside world"
I will be implementing 12.0.2 next year an a system that PTC cannot get reports from, yet they have to allow me to run as we have paid for these licenses. This has been discussed before. There is a method for setting up a local 'check' that does not talk to PTC servers for license verifictaion.