With the advent of the Internet and the ability to use remote connectivity to access automation sites, the flexibility to link, monitor and make changes to control systems has never been easier.
However, many end users are still reluctant to allow remote monitoring and control of their sites by third parties. This is due to uncertainty about both security of data and network resilience. With the spread of malware and viruses into the industrial network environment, the plant manager has every reason to worry about security.
So how do users achieve the best of both flexibility and security? The answer is Secomea (Secure Communication Made Easy). Secomea is a suite of tools that combine to create a secure remote linking system for monitoring and control connections.
System description
SiteManager
SiteManager is an off-the-shelf component in the Secomea Industrial Communications Solution program that in combination with Secomea’s GateManager and LinkManager ensures unified, uninterrupted and secure access to remote devices.
It is a robust DIN mountable appliance that is installed in the machine control panel and provides remote access to all the industrial equipment in the panel via Ethernet, serial or USB connection.
The SiteManager establishes access to the Internet through the firewall of the existing wired network infrastructure, or wirelessly via the built-in 3G/GPRS modem. It allows on-demand connection to any Ethernet device while overcoming any potential routing or IP conflict issues. Additionally, SiteManager features static VPN power by the unique Secomea EasyTunnel concept.
GateManager
GateManager is enabled for easy, centralised configuration, backup, monitoring and access for remote service and maintenance of Secomea SiteManager and industrial devices. It is available both as a hosted service and as a stand-alone software package.
LinkManager
The LinkManager is a one-step installation Windows application that runs on the support engineer’s PC. Working with GateManager, it provides secure on-demand access to remote devices through the SiteManagers. Once connected, it makes the remote device appear to the field engineer as if the Windows PC was connected directly to the device. So with LinkManager, any remote device is just a few mouse clicks away.
Security and remote access
The SiteManager solutions use state-of-the-art security standards. This includes a built-in inspection firewall, authentications using x.509 digital certificate and encryption using the strong AES standard with up to 256 bit.
The end user network security is priority number one. With the SiteManager and the security standard that this includes, it is important that the user does not need to compromise their own corporate security standards. Therefore all communication is encrypted, even when using port 80 from the inside and out.
The SiteManager has a local web-server, which enables any remote access and access rights to be controlled locally. On top of this, all traffic through the SiteManager is logged, stored and available in the SiteManager itself.
Avoid all the hassle with equipment requiring different ports. All traffic is encapsulated in e.g. port 80. With the SiteManager’s preconfigured built-in agents for all major PLC/HMI/servo manufacturers, it is as easy as it sounds. SiteManager has built-in preconfigured agents for remote PC using VNC and RDP. In addition to this, it is possible to customise an agent for other requirements.
The Remote Device Management solution supports VoIP and video. Designed agents are available in the SiteManagers as an easy option for adding new services and possibilities to remote service and support.
The SiteManager can be offered with a built-in 3G/GPRS modem for connecting to the Internet. This feature is useful in cases where no wired infrastructure exists for connecting to the Internet. In addition the SiteManager supports a Wake-on-SMS that prevents consuming data traffic charges when in idle mode.
By connecting the wired uplink and the 3G/GRPS uplink, the SiteManager can perform fail-over and thereby ensure maximum uptime. By prioritising the wired uplink, it will automatically fail-back to the wired connection, thus reducing consumption of 3G/GPRS data charges.
The SiteManager supports the unique Secomea EasyTunnel VPN concept: enabling the EasyTunnel Client allows enrolment in a VPN network controlled by a TrustGate concentrator. EasyTunnel works like ordinary IPSec VPN, but without the need for juggling certificates or keys. Simply enter the serial number of the SiteManager and it is instantly enrolled in the VPN network.
The SiteManager’s serial port operates as a true SMS modem via the AT command set, and supports both outgoing SMSs generated e.g. by a PLC, as well as incoming SMS queuing that a PLC can scan for. Additionally the Ethernet port supports the SMS syntax typically used in Siemens and CoDeSys code blocks for sending SMS messages from a PLC.
For more information contact Bob Petrie, Throughput Technologies, +27 (0)11 705 2497, [email protected], www.throughput.co.za
| Tel: | +27 11 705 2497 |
| Email: | [email protected] |
| www: | www.throughput.co.za |
| Articles: | More information and articles about Throughput Technologies |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version