Secure & Seamless Remote Device Management

Similar documents
Application Note: NTP server access via SiteManag-

Secomea LinkManager Mobile and Pro-face Remote HMI Setup Guide

Secomea Remote Device Management

Deployment Overview. Logging via SiteManager EasyTunnel Client

Upgrade Guide GateManager Version 5.x to 5.x

Application Note: NetOp Remote Control Agent

SiteManager Application Note Setting up an Agent for a custom USB device

Application Note EXOR UniOP etop HMI and Jmobile Studio

Application Note ABB PM583 PLC with Control Builder Plus

Secomea LinkManager Mobile and WAGO WebVisu-App Setup Guide

Application Note Using SiteManager as Web Proxy And/or Mail Relay Server

Application Note SEW Movitrac B and MOVITOOLS Motionstudio

Application Note DirectLogic/Koyo and DirectSOFT 5

Application Note IMO ismart SMT-Client software

Application Note EXOR UniOP etop HMI and Designer

LogTunnel Deployment Guide

GateManager 5 Customer and License Administration

Secomea GateManager BASIC Guide Learning Secomea Remote Access

Application Note: Split Public Addresses between WAN and DMZ

Getting Started GateManager5 PREMIUM Domain Administration

Getting Started GateManager5 PREMIUM Domain Administration

Learning Secomea Remote Access (Using SiteManager Embedded for Windows)

Configuring SMS Gateways on GateManager

TrustGate Identify the ToS bits

GateManager Server model 9250 Installation STEP 1 for the IT department

Application Note How to use Quality of Service

GateManager server model 8250 Installation STEP 0 Preparing the LINUX installation

Application Note: Working with SiteManager SMS and Alerts

GateManager Server model 8250 / 9250 Installation STEP 2 for the GateManager Server Administrator

New in Secomea Release 7.3

SiteManager. Secure High-Availability Remote Access to Industrial Devices. Remote Management - SiteManager and 3229

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.1

SUPPORT MATRIX. Comtrade OMi Management Pack for Citrix

White paper. April Security

SUPPORT MATRIX. HYCU OMi Management Pack for Citrix

Copyright NeoAccel Inc. SSL VPN-Plus TM. NeoAccel Management Console: Firewall version 2.3

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.2

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.4

Echidna Concepts Guide

StoneGate IPsec VPN Client Release Notes for Version 4.2.0

One Identity Defender 5.9. Product Overview

Silver Peak EC-V and Microsoft Azure Deployment Guide

HG658d Home Gateway. User Guide HUAWEI TECHNOLOGIES CO., LTD.

HG658 Home Gateway. User Guide HUAWEI TECHNOLOGIES CO., LTD.

Symantec Protection Center Getting Started Guide. Version 2.0

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Five Key Considerations When Implementing Secure Remote Access to Your IIoT Machines. Blanch Huang Product Manager

StoneGate FW/VPN. Hardware Requirements for Version 5.2.0

Tisio CE Release Notes

Stonesoft Management Center. Release Notes for Version 5.6.1

Polycom RealPresence Resource Manager System, Virtual Edition

Partner Information. Integration Overview. Remote Access Integration Architecture

Terms of Use. Changes. General Use.

WatchGuard XTMv Setup Guide

Installation and Configuration Guide

User s Manual for H4S & NetPoint 2.2

SUNDE. User s Manual for NetPoint2.2 & H4S USER MANUAL FOR NETPOINT2.2 AND H4S 1

SafeNet Authentication Client

PROService REMOTE SERVICE APPLICATION. Frequently asked questions

Polycom RealPresence Access Director System, Virtual Edition

Integrating Riverbed SD-WAN with Palo Alto Networks GlobalProtect Cloud Service

SafeNet Authentication Service

Installation and Configuration Guide

RE866 Interface User Guide

SonicWall Global VPN Client Getting Started Guide

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

MSM320, MSM410, MSM422, MSM430,

SafeNet Authentication Client

Tofino CMP Installation & Upgrade Guide Tofino CMP Version Tofino Firmware Version 1.7.0

Polycom RealConnect for Microsoft Teams

Blue Coat ProxySG First Steps Transparent Proxy Deployments SGOS 6.7

SafeNet Authentication Service

x10data Smart Client 7.0 for Windows Mobile Installation Guide

IBM UrbanCode Cloud Services Security Version 3.0 Revised 12/16/2016. IBM UrbanCode Cloud Services Security

StoneGate SSL VPN. Release Notes for Version 1.4.5

Cisco TelePresence Video Communication Server Basic Configuration (Single VCS Control)

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Network Security Guide. Network Security Guide UD07965B

Made in U.S.A. 1

RSA Two Factor Authentication

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

StoneGate SSL VPN. Release Notes for Version 1.5.0

Aimetis Symphony Mobile Bridge. 2.7 Installation Guide

SonicWall Mobile Connect ios 5.0.0

x10data Smart Client 6.5 for Windows Mobile Installation Guide

SafeNet Authentication Service

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

SafeNet Authentication Service

ESS Utility Android App User Guide

Cisco Meeting Management

QUICK START GUIDE. SMS 2500iX Appliance.

Network Video Recorder Security Guide

SafeNet Authentication Service

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Edimax Pro NMS Quick Installation Guide

H3C SecBlade SSL VPN Card

Quick Installation Guide

Transcription:

White Paper Secure & Seamless Remote Device Management Table of Contents 1. The purpose of this document 2 2. What is a SiteManager? 2 3. Typical Installation 3 4. How is Security ensured in the Production Facility? 4 5. How is Security ensured in the Office Network? 5 6. How is Security ensured by us? 5 7. Why choose Remote Service? 6 8. Appendix 1 Information sheet 7 9. Notices 8 Secure & Seamless Remote Device Management

1. The purpose of this document In today s globalized and competitive 24/7 world, getting the maximum out of your production facilities has a direct impact on the bottom line. A key feature is to keep your machines running continuously and with optimal performance and quality. As your machine builder, we offer more than just machines and technologies we also provide the service to maximize uptime and product quality. Our Remote Service can improve uptime and convenience without changing network security procedures or machine operations. For remote service and support, we use Secomea s state-of-art Remote Device Management (RDM) solution, allowing us to provide previously unattainable levels of uptime through high-speed and secure communication for service and maintenance. Security is priority number one in this solution. Both security for you as our customer and security for us as your machine builder and service provider. Our Remote Service is your gateway to a global network of service specialists from us. Figure 1: Your insurance for secure and seamless remote support when needed is based on a SiteManager at each production plant. This document describes the set-up using the SiteManager 3000 series, but is not limited to this series only. 2. What is a SiteManager? A SiteManager is the part of the Secomea Remote Device Management Solution that is placed locally at your production facility for monitoring the equipment and for providing the access path to the central surveillance server (GateManager). The SiteManager is not a VPN router where security depends on configuration and maintenance, but an intelligent communication unit specifically designed to accommodate the requirement for secure remote access for the industrial- and automation industry without risks and complexity. The SiteManager 3000 represent the off-the shelf series of Secomea Site- Manager hardware appliances that are specifically designed for deploying in production facilities where uptime is important. Secure & Seamless Remote Device Management Page 2 of 8

1 2 3 Figure 2 Connections on the front of the SiteManager Position Description 1 - SERIAL Serial Interface (RS232 socket v.24/v.28) 2 DEV 1-4 Switch with 4 Ethernet ports (RJ45, 10/100 Mbit/s) 3 - UPLINK Ethernet port (RJ45, 10/100 Mbit/s) Table 1 Technological Features of the SiteManager 3. Typical Installation The SiteManager 3000 appliance is a standard component in our all machines where the typical installation is illustrated in figure 3 below. Secure & Seamless Remote Device Management Page 3 of 8

Figure 3 Typical SiteManager 3000 series appliance installation 4. How is Security ensured in the Production Facility? First of all, any remote access to / from the SiteManager is controlled by you. This can be enabled / disabled on demand via a local web interface or simply by unplugging the SiteManager. Secondly, the SiteManager is by default closed for any access to any equipment on your production network that you have not specifically allowed it to access. Once configured by you or us in agreement with you, the Site- Manager can establish access to only the specified equipment. The SiteManager can enable remote access a specific machine or all its associated components using the network ports (DEV1-4), either based on specific IP addresses or entire subnets. Additional the Serial port can be used for connecting a device that does not have native network support, and SiteManager intelligently bridges IP to RS232. Extraordinarily the SiteManager can be configured to also allow access only to specific IP addresses on the Uplink subnet (the dotted green in figure 3). The SiteManager makes an encrypted connection using the network port (UPLINK) to the GateManager server located outside the production network. The IP address of the SiteManager itself is in principle irrelevant, since all access is administered intelligently by the GateManager. Once remote access to the SiteManager is granted for the GateManager, authorized personal from us can administer it and grant access for relevant Field Engineer/Service Engineer accounts. These accounts are easily ad- Secure & Seamless Remote Device Management Page 4 of 8

ministered through the GateManager administration console, which is based on the same principles used for secure web banking solutions. The LinkManager software client, used by our Field Engineer/Service Engineer to obtain access to the industrial equipment through the SiteManager, uses the same web banking access principles. The Gatemanager will ensure that the LinkManager only allow access to the SiteManagers and associated equipment that the Engineer s account provides access to. When the connection is established to your plant, the local SiteManager furthermore logs activity any time the Engineer actually uses a connection. The log can then be viewed in the local web interface of the SiteManager, or centrally on the Gatemanger. 5. How is Security ensured in the Office Network? It is important not to compromise corporate firewall security policy. When using the office network for accessing the internet, the connection from the SiteManager to the GateManager has to go through your Corporate Firewall. This is done using one of the ports 80/443/11444, with or without a proxy firewall, depending on what your IT department requires. The port only needs to be opened for outbound traffic. In most cases no changes are needed in your corporate firewall, because there is already a suitably configured port available. I.e. if the network allows you to browse the Internet, the SiteManager will be able to establish its secure connection also. It is also important not to be or become, even unintentionally, a threat on the office network. The SiteManager has a built-in stateful-inspection firewall configured to block all communication except authorized and encrypted data sent between the SiteManager and the GateManager. Furthermore the SiteManager is based on a hardened operating system, which prevents hostile persons or programs to from exploiting the connection. This neutralizes both internal and external threats. The actual connection between the SiteManager and the GateManager is encrypted using the strong AES standard. Each SiteManager is identified by a factory x.509 digital certificate. The solution fulfils all the security standards stipulated by the National Institute of Standards and Technology (http://www.nist.gov) for encryption and key negotiation. It has complete endto-end security, ensuring that no one - and nothing - can access equipment without permission. 6. How is Security ensured by us? End-to-end security is provided not only between the SiteManager in the production network and our head-quarter where the GateManager is installed, but all the way from our Field Engineers/Service Engineers using the LinkManager client software. Only authorized personal can access the GateManager, and each person is identified by both a factory x.509 digital certificate and password (two-factor security) similar to the authentication method used for web-banking. With the advanced role management module in the GateManager, any remote access by authorized personal is managed centrally. This includes controlling which SiteManagers / production networks a person have access to, A person no longer working within our company will have his certificate and account shut down instantly. Any activity is logged not only in your local SiteManager, but also centrally in the GateManager and on the PC of the LinkManager user. Secure & Seamless Remote Device Management Page 5 of 8

7. Why choose Remote Service? As your trusted supplier, you buy more from us than our machines and technologies you buy uptime and quality. Complex equipment and process lines within industrial automation are expensive. Optimal utilization is necessary to ensure profitability. Downtime scheduled or not is both costly and critical. Downtime can cause critical delays, missed deadlines and loss of future orders. Our Remote Service brings a new dimension to our existing service offering it now enables our global network of service specialists to make online remote diagnostics and resolve problems in real time and without delay. By not being depending on being on-site for doing traditional onsite services, it allow us to assign the best possible service specialist to assist for your specific need, regardless of location and time zones. Our Remote Service provides unparalleled security, and your corporate policies for network, communication and firewall is taken seriously. With the our Remote Service, security is priority number one security for you as our customer and security for us as your machine builder. Our Remote Service is your virtual onsite service specialist secure, at any time and no matter where in the world you are located. Secure & Seamless Remote Device Management Page 6 of 8

8. Appendix 1 Information sheet The purpose of this appendix is to list the ideal information needed before installation of the SiteManager will take place. Headlines in white are typically filled out by the customer / product plant before installation. Continent Country Customer Name Order no. System SiteManager Device Name IP address (DEV1 port) Subnet Mark (DEV1 port) Network specifications (UPLINK) DHCP Static IP address Subnet Mask Default Gateway PPPoE Internet Connection from inside and out (UPLINK) Port 80 Port 443 Port 11444 Web Proxy Port to be used ISP Username ISP Password IP address Username Password Expansion slot (UPLINK2) Only for SiteManager 2029 and 2129 for 3G(UMTS)/EDGE/GPRS SIM PIN code APN GateManager Parameters GateManager IP address GateManager Domain Token GateManager Appliance Name Secure & Seamless Remote Device Management Page 7 of 8

9. Notices Publication and copyright Secure & Seamless Remote Device Management version 4.2, April 2010. Copyright Secomea A/S 2008-2010. All rights reserved. You may download and print a copy for your own use. As a high-level administrator, you may use whatever you like from contents of this document to create your own instructions for deploying our products. Otherwise, no part of this document may be copied or reproduced in any way, without the written consent of Secomea A/S. We would appreciate getting a copy of the material you produce in order to make our own material better and if you give us permission to inspire other users. Trademarks GateManager, SiteManager and LinkManager are trademarks of Secomea A/S. Other trademarks are the property of their respective owners. Disclaimer Secomea A/S reserves the right to make changes to this document and to the products described herein without notice. The publication of this document does not represent a commitment on the part of Secomea A/S. Considerable effort has been made to ensure that this publication is free of inaccuracies and omissions but we can not guarantee that there are none. The following paragraph does not apply to any country or state where such provisions are inconsistent with local law: SECOMEA A/S PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE Secomea A/S shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this information. Secomea A/S Denmark CVR No. DK 31 36 60 38 E-mail: sales@secomea.com www.secomea.com Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback