Secure remote maintenance of production equipment

(13/06/2007)

The maintenance of machines and plants by local service technicians, particularly at far away international locations, entails a high degree of travel, time and expense – which can quickly add up to 50% or more of the total costs for such work orders. For companies that need to change configurations of their machines frequently, or run systems that require service checks several times a year the tele-service approach can represent significant cost savings.

Remote maintenance of production equipment, or remote tele-service, is more cost effective than on-site maintenance. With the ever-increasing networking of machines and the availability of Internet access in this environment, interest has also grown in utilising this inexpensive, more broadband infrastructure for teleservice applications, instead of traditional modem connections.

To enjoy all the benefits, companies need to protect service connections to their production systems, encrypt the data transferred and work with a centralized management application. A secure VPN solution in conjunction with a web-portal can do the trick, explains Andreas Beierer of Innominate.

As an increasing number of enterprises are outsourcing configuration and maintenance services to external providers, the question of security is also gaining importance. Worms and viruses unconsciously transferred from a service worker’s notebook or via external access to system controls can cause hours of costly production downtime.

More frequent sources of failure are human errors: simply by getting the IP address of the target machine wrong, a false service configuration could be uploaded to a machine, causing a malfunction, or a complete shut down.

Modem dial-up connections for remote diagnosis or tele-maintenance are slow and unprotected. Moreover, they often pose problems for IT security and do not provide sufficient stability and bandwidth. In addition, the availability of analogue telephone circuits within industrial environments as well as the compatibility of modems with modern plants is on the decline.

High-speed Internet broadband connections enable technicians to transfer large service files, including software and data uploads, up to several hundred Megabytes in size. And Web-based services are relatively simple to install and easy to use.

However, as connectivity between office or service networks and production networks increases, due to the spread of IP and Ethernet into production environments, risks are especially high. If any machine can be accessed easily, it makes the whole network vulnerable to attack. Therefore, protected connections are essential.

The combination of virtual private network (VPN) and firewall technologies in security appliances which are both easy to configure and unproblematic to operate makes this possible. One example of a highly efficient Internet-based solution is mGuard Tele Service for secure remote service and maintenance of individual machines or complete production facilities. This concept, developed by Innominate Security Technologies,is based on innovative outgoing VPN connections from the operator network system to the teleservice center and conflict-free virtual addressing.

The solution allows for the encryption of connections with Virtual Private Network (VPN) technology. This way, data can be transmitted through standard IPsec connections – or optionally tunnelled via the HTTP(S) and proxy server.

This type of solution can be used via a central technician gateway or service portal that acts as an intermediary and isolates the service technician’s laptop or PC from the production network. This means that the technician can access the service portal via any Internet connection but has no direct connection to the machine or system.

Instead of establishing an incoming connection from an external technician, an outgoing connection is established from the machine. This is significantly easier to handle and equally safe to administer - and it ensures that there is no infringement of any security policies that the company might have in place.

Device attached appliances can protect individual machines or machine groups. The complete platform works independently and devices can be integrated in any multi-vendor environment without having to change existing system configurations. To ensure the cost-effective scalability of an Internet-based teleservice solution to hundreds or even thousands of connected systems, the ability to conduct comprehensive appliance management from a central platform is indispensable.

The template-based approach of the Innominate Device Manager (IDM) enables the configuration of a large number of remote maintenance systems. When creating the template, the joint settings for many devices are compiled and integrated. This way, the roll-out of widely distributed installations with thousands of remote maintenance appliances can be conducted quickly, conveniently and without broad security know-how in the field. The ease of operation and installation reduces the total cost of ownership for the IT infrastructure, as well as operating costs.

High availability levels and fast connections are substantial arguments for an Internet-based solution – if the highest security standards are applied. It clears the way to add state-of-the-art web technologies like Voice over IP or the streaming of image and video data via broadband to tele-service offerings. A camera installed within the production hall could, for example, stream live on-site data to the remote technician, literally opening completely new perspectives to manufacturing companies and their service partners.

For more details on protecting industrial networks, contact Innominate Security Technologies AG, tel: +49.30. 6392 3300, fax: +49.30.6392-3307, Albert-Einstein-Str. 14, D-12489 Berlin, Germany, Web: www.innominate.com

Related topics:  IT Network and Computer Security   Remote Monitoring and Surveillance   Security market sectors 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources