1 year ago

WORLD OF INDUSTRIES - Industrial Automation 3/2017

  • Text
  • Industrial
  • Automation
WORLD OF INDUSTRIES - Industrial Automation 3/2017

Working with security

Working with security and ease in industrial remote access networks To further increase the availability of ever-complex facilities, companies are more and more often relying on industrial remote access solutions, which enable a quick response and intervention by qualified personnel from anywhere in the world. The following describes how industrial customers can satisfy these requirements. INDUSTRIAL COMMUNICATION Production sites of companies are nowadays spread worldwide. Besides economic interests to produce industrial products locally, low production and wage costs at other locations play an important role. Depending on importance and need, local sites differ in their size, but always have one thing in common - they must be productive. High availability and low downtimes are thus imperative. Particularly in the case of smaller sites or companies without their own specialized maintenance department, trained service personnel is often not available on-site. To nevertheless ensure a high availability of the production plants and at the same time save costs associated with expensive on-site service calls, quick and competent support via remote access is required. Whereas slow, analog dial-up connections were resorted to in the past decade, the remote maintenance of distributed facilities is now carried out by means of IP-based communication, which not only is quick and reliable, but also secured. Whether over DSL lines, mobile phone networks, or private lines - the IP-based communication is becoming the standard of remote access networks of the future. Author: Jens Geider, Product Manager, Ralf Hueber, Product Manager and Manfred Wolf, Marketing Manager, Siemens AG, Germany With the rapid development towards the digital factory, the requirements for secured, quick, and highly available connections to globally distributed production plants go along with qualified service personnel. As a global player in industrial automation, Siemens is meeting these challenges and not only offers suitable industrial routers tailored to the needs of automation specialists, but also a corresponding management platform for the easy management of remote access networks. Central management of endpoints One of the most important requirements for remote maintenance is: it has to be easy to handle. Only the desire for security is even greater. However, one does not exclude the other - on the contrary: only if the configuration of standardized security measures such as firewalls and virtual private networks (VPNs) is simple and convenient, will the required security mechanisms be properly set and utilized. In the past, machine builders were faced with having to configure and manage a large number of point-to-point connections. In part, lists and separate virtual machines had to be maintained for the many different endpoints, customers, and machines. Not infrequently, relevant security aspects fell by the wayside. A central WORLD OF INDUSTRIES – INDUSTRIAL AUTOMATION 3/2017

In the Web-based management of Sinema Remote Connect, new devices and their configurations can be easily and conveniently set up management platform bundles the respective settings and groups at a central location and furthermore enables an intuitive configuration and management of the worldwide access points. It is therefore always clearly recognizable who has what communication relation with whom, and the necessary keys and certificates of the VPN tunnels are easy to manage and keep up-to-date. The same applies to log information, backups, and firmware updates of the routers - all is done centrally from this management platform. The networking of the facilities and users with each other through the central management platform takes place over the Internet via corresponding routers. Since it is currently the best available technology, only secured VPN connections are considered for this. Sinema Remote Connect from Siemens is such a management platform, which implements the easy configuration of networks, endpoints, and associated OpenVPN connections in a clear, modern user interface. One of the main benefits of Sinema Remote Connect is its delivery as a software appliance, which can either be run by the machine builders/OEMs themselves or trustworthy partners. As platform, either dedicated hardware or a corresponding virtual environment can be employed. Once installed, the Linux-based system provides a Web interface that can be accessed through common browsers. Easy, secured remote access is crucial A secured connection to the machines and plants in the field has been set up. Globally operating service technicians now need to receive secured access to the machines and plants relevant to them. The objective here is to enable a secured, but also easy remote access. For this, the clearly structured management of the different authorizations from a central location provides many options to reduce the effort - and thus ultimately the response times for remote access requests. Besides the already mentioned management of the terminal devices, Sinema Remote Connect also enables the management of different users, who can be just as conveniently set up and managed through the Web interface of the server as the devices. In the user management, the individual users can be assigned to corresponding groups, and their rights for the communication relations be specified. This ensures that only authorized users have access to the corresponding endpoints. The access by the users takes place easily and securely via an OpenVPN client. The most convenient solution for this is the Sinema Remote Connect client, which is included in the delivery scope of the basic package. This enables an easy, Open-VPN-secured access to the Sinema Remote Connect server. By transmitting the corresponding rights, the respective endpoints are available to the users for convenient selection. The special highlight here is the phone book function, which through activation of 1:1 Network Address Translation (NAT) offers a very convenient solution for a secured connection to series machines. What to do, in the case of a malfunction? For a high availability of machines and plants, the continuous reachability of the components is very important as well. The Scalance routers meet the highest industrial requirements with regard to ruggedness, reliability, and security. Thanks to the intuitive and easy usability, quick troubleshooting in the case of a malfunction is possible by skilled employees without in-depth IT knowledge. One option available in the case of a malfunction is the easy device replacement. This is supported by the Key-Plug, a licensing and storage medium, which in addition to the auto-configuration interface and connection to the Sinema Remote Connect server also provides for the backup of the current device configuration. Should the Scalance industrial router fail, the on-site maintenance technician only needs to replace the device and insert the Key-Plug - following the start of the new Scalance device, the full functionality will be available again. Easy, transparent, secure The decentralization of production plants and the fast as well as secured access to them remain important steps for companies to protect and gain market shares in light of the global competition. As a result, the demand for remote access scenarios with ever-increasing performance will only continue to grow. Photographs: Siemens AG About Siemens Siemens is a global powerhouse focusing on the areas of electrification, automation and digitalization. One of the world’s largest producers of energy- efficient, resource-saving technologies, Siemens is a leading supplier of efficient power generation and power transmission solutions and a pioneer in infrastructure solutions as well as automation, drive and software solutions for industry. The company has around 351,000 employees in more than 200 countries. In fiscal 2016, they generated revenues of € 79.6 billion. WORLD OF INDUSTRIES – INDUSTRIAL AUTOMATION 3/2017


WORLD OF INDUSTRIES - Industrial Automation 1/2017
WORLD OF INDUSTRIES - Industrial Automation 2/2017
WORLD OF INDUSTRIES - Industrial Automation 3/2017
WORLD OF INDUSTRIES - Industrial Automation 4/2017
WORLD OF INDUSTRIES - Industrial Automation 5/2017