“Remote access made easy through ProSoft Connect”

 

For manufacturers, machine up-time is directly proportional to profitable operation.

As machines and production processes become more complex, the need to provide expert technicians with remote access to industrial control equipment is more important than ever.

Typical scenario for Remote access problem

It’s 5 PM on Friday, when the phone rings with news that the PLC on your plant’s Plate Mill just went down.

The plant technical team is stumped and the PLC vendor’s service engineer won’t arrive until Monday.

The plant manager is on the other end of the phone line, asking you to somehow let the vendor access the PLC System to resolve the problem remotely.

Otherwise, he’ll need to idle the plant through the weekend, costing your company tens of thousands of dollars in lost revenue and wages.

This scenario is a frequent occurrence in today’s world of automated manufacturing.

At the same time, horror stories of corporate data breaches – including breaches due to outside contractor access mechanisms – raise the stakes for enterprise security professionals.

With production quotas and profitability targets to meet, simply saying “no” to Remote access is not an option for most companies.

Remote access vs security and personnel safety

But before handing out a guest account on your corporate VPN or setting up a remote desktop connection to a production line PC, let’s consider the security and personnel safety factors associated with remote access to machine networks.

To begin with, consider these three key zones:

  1. Machine Zone – this includes the machine control equipment, the network that interconnects that equipment, and possibly remote access modules. Multiple machine zones within a plant make up the plant zone.
  2. Enterprise Zone – this includes the enterprise core network, business assets like servers and applications, Internet access, and firewalls.
  3. Outside Zone – this includes the remote user, cloud connectivity service, and communications infrastructure like the Internet and cellular networks.

Remote access network security challenges

Each of these zones presents unique network security requirements and challenges.

Understanding the challenges in each zone will help the enterprise network engineer determine the best solution that balances the production team’s need for fast remote support,

  1. The safety manager’s need to ensure personnel safety, and
  2. The enterprise network team’s need to safeguard the company’s data and information systems.

 

Remote access solutions

There are two common ways to provide remote access to the Machine Zone –

  1. a PC with a remote access desktop connection and
  2. a dedicated remote access gateway.

For enterprise network engineers, it’s tempting to connect a PC to the machine network and set up a remote desktop connection as this is a common practice in the Enterprise Zone for troubleshooting user PCs. However, this is not the best path in the Machine Zone for several reasons.

First, a PC in the Machine Zone provides a highly capable platform for launching cyber-attacks against the machine and up into the Enterprise Zone.

Second, PCs typically have a full featured operating system, including many components that have nothing to do with the basic goal of providing remote access to the machine. Over time, vulnerabilities in these OS components come to light, creating the need to regularly update the PC or risk exposing both the machine and the enterprise to attack. Worse, the PC used for remote access desktop is often supplied by the machine builder or system integrator, and may not be under the plant IT department’s standard update and virus protection routine.

Finally, programming and troubleshooting industrial control equipment requires specific software packages, which are often quite expensive to license.

Installing a PC on the machine for remote access requires purchasing licenses for all the necessary software, and adds to the list of installed software that the enterprise network team must monitor and update.

The better solution for access to the machine network is to use a purpose-built remote access gateway, like the ProSoft Technology ICX35-HWC cellular LTE and PLX35-NB2 wired network gateways. These devices plug in to the local machine network on one side and an Internet accessible wired or cellular wide area network on the other side.

                                               

 https://www.prosoft-technology.com/Products/Industrial-Wireless/Intelligent-Cellular/Industrial-Cellular-Gateway-ICX35-HWC 

                                                                                                                                                                                                                ICX35-HWC-A/E

  https://www.prosoft-technology.com/content/search?btn_search_go.x=15&btn_search_go.y=6&SearchText=plx35-nb2                                                                                                                                                                                                                                                   PLX35-NB2

Because the gateway is designed specifically for secure remote machine access, it does not have all the capabilities of a PC and thus does not provide a platform for attacks against the enterprise zone.

The ports on the PLX35-NB2 are logically separate and do not allow routing of traffic from the machine network port to the wide area network port2.

Unlike with the remote desktop approach, the remote access user cannot route back through the PLX35-NB2 to reach assets on the enterprise network.

Both gateways can integrate into the machine controller program, such that remote access is inhibited by the machine controller whenever the machine is in a state where remote access would be unsafe.

Both gateways use outbound-only connections to the secure ProSoft Connect service and only after the gateway has been activated in the Connect service through a two-factor activation process.

ProSoft Connect requires a second form of authentication for a remote user when attempting to access the machine.

Unlike the full operating system on a remote desktop PC, the firmware on the ProSoft remote access gateways is regularly subjected to extensive penetration testing and regular ongoing vulnerability evaluations by a third-party cyber security consulting firm.

The gateways were tested using industry standard penetration testing software tools.

In addition, ProSoft contracts a cyber security consultant, Independent Security Evaluators, to perform regular evaluation of both gateways and the ProSoft Connect service looking for vulnerabilities.

The ProSoft gateways have been hardened to withstand would-be hackers; before using a PC for remote access, consider whether it has been and will be subjected to the same rigorous testing.

ProSoft Connect

ProSoft Connect helps users make the most of the Industrial Internet of Things. It is a secure, cloud[1]native platform that allows you to monitor connected industrial automation devices from anywhere in the world.

ProSoft Connect supports ProSoft Technology’s ICX35-HWC Industrial Cellular Gateway and PLX35-NB2 Wired Network Bridge.

There is no extra charge associated with standard ProSoft Connect features. Subscription-based Power User Plans provide expanded capability for users who need to do more with Connect.

The ProSoft Connect platform is extremely secure. It does not require user-installed software, a component in other systems that hackers can exploit. Instead, two-factor authenticated users access the service through a Web browser on any computer. Industry-standard HTTPS access ensures that your connection stays secure.

The ProSoft Connect service runs on Amazon Web Services, utilizing state-of-the-art cloud security technology. In addition, ProSoft Connect uses both certificates and one-time use keys to authenticate the gateways you add to the platform. This reduces the possibility of rogue gateways, compared to when only one type of authentication is used. With these precautions, you can be sure that your devices and communications network are kept private. ProSoft uses on-going third-party white hat testing on the cloud service and gateway products to ensure the entire system stays secure.

Thanks to ProSoft Technology (www.prosoft-technology ) for designing such a robust gateways for Remote access.

Conclusion

I hope I have given brief idea of Remote access in my blog to you. And I wish you like it. Pls offer your feedback and suggestion. I would love to answer your queries, if any.

Thank you.

List of related articles

6 Tips on how to generate high quality leads by Ayaz Shaikh

Understanding Marketing-2 by Gurunath Joldapkekar

Facebook Lead Ads by Digital Deepak

Financial Planning for beginners by CA Sumit

Fundamentals of Digital Marketing by M R Chirag

Digital Marketing for beginners by Vineet Kumar

What is Digital Marketing? by Santosh Prajapati

Advantages of e-Commerce to business by Riddhi

What is Niche? by Sumit

Niche-steps to find profitable niche by Harika

Tips to earn 1,00,00,000 (1 Crore) by Omnish Adoja