Innominate: safe and secure remote maintenance

Innominate: safe and secure remote maintenance. Remote maintenance is much more cost effective then on-site maintenance. However, to enjoy all the benefits, companies need to protect service connections to their production systems. A secure VPN solution in conjunction with a web-portal can do the trick, explains Andreas Beierer of Innominate.

The benefits of efficient tele service maintenance for industrial enterprises are obvious. On-site customer service delivered through service technicians is time consuming and cost intensive. Travel costs alone can amount to 30 % of the overall service costs. So in particular companies that need to change configurations of their machines frequently or run systems that require service checks several times a year can save significant amounts of money.

As an increasing number of enterprises are outsourcing configuration and maintenance services to external providers, the question of security is also gaining importance. Worms and viruses unconsciously transferred from a service worker’s notebook or via external access to system controls can cause hours of costly production downtime. More frequent sources of failure are human errors: simply by getting the IP address of the target machine wrong, a false service configuration could be uploaded to a machine, causing a malfunction or a complete shut down.

Modem dial-up connections for remote diagnosis or remote maintenance are slow and unprotected. High-speed Internet broadband connections enable technicians to transfer large service files including software and data uploads up to several hundred megabytes in size. And web-based services are relatively simple to install and easy to use. However, as connectivity between office or service networks and production networks increases, due to the spread of IP and Ethernet into production environments, risks are especially high.

If any machine can be accessed easily, it makes the whole network vulnerable to attack. Therefore, protected connections are essential. One example for a highly efficient Internet- based solution is mGuard Tele Service for secure remote service and maintenance of individual machines or complete production facilities.

This concept, developed by Innominate Security Technologies, consists of a secure infrastructure deploying mGuard hardware security appliances. The solution allows for an encryption of connections with Virtual Private Network (VPN) technology. This way, data can be transmitted through standard IPsec connections – or optionally tunnelled via the HTTP(S) and proxy server.

This type of solution can be used via a central technician gateway or service portal that acts as an intermediary and isolates the service technician’s laptop or PC from the production network. This means that the technician can access the service portal via any Internet connection but has no direct connection to the machine or system. Instead of establishing an incoming connection on request from an external technician, an outgoing connection is established from the machine.

This is significantly easier to handle and equally safe to administer – and it makes sure not to infringe any security policies the company might have. Distributed security appliances can protect individual machines or machine groups. The complete platform works independently and devices can be integrated in any multi-vendor environment without having to change existing system configurations.

The template-based approach of the mGuard Device Manager enables the configuration of a large number of remote maintenance systems. When creating the template, the joint settings for many devices are compiled and integrated. This way, the roll-out of widely distributed installations with thousands of remote maintenance appliances can be conducted quickly, conveniently and without broad security know-how in the field.

The ease of operation and installation reduces the total cost of ownership for the IT infrastructure, as well as operating costs. High availability levels and fast connections are substantial arguments for an Internet-based solution – if the highest security standards are applied. It clears the way to add state-of-the-art web technologies like Voice over IP or the streaming of image and video data via broadband to offerings.

A camera installed within the production line could, for example, stream live on-site data to the remote technician, literally opening completely new perspectives to manufacturing companies and their service partners.

Companies should definitely consider the option.

Contact:

Innominate Security Technologies AG,
Berlin, Germany
Tel.: +49 30 6392 3300
Fax: +49 30 6392 3307
contact@innominate.com
www.innominate.com