In the past months we have been addressing the topic remote access and enhanced our product range with appropriate innovative solutions.
Due to the increasing risks and threats on the internet online security has become a prominent issue. The direct VNC connection offered so far was secured by several mechanisms, providing maximum security
However, when it comes to IT security, it is no longer state of the art, which is why we will from now on rely on the products from SECOMEA, a market-leader in the field of secure industrial remote access, with their user-friendly functionality and first-class security.
SECOMEA provides the first remote access solution in the world with Security Certificate (BSI Basic protection catalogue, IEC 62443-3-3, IEC62443-4-2 Draft). It is used by large engineering firms and system integrators everywhere, and it meets the stringent requirements of the most suspicious network administrators.
In addition, our supplier B&R provides us with modified products adapted to the controller to ensure a safe and secure communication between the CHP controller and the router.
Strictly speaking, the SECOMEA solution is not a standard VPN remote access. SECOMEA developed the concept of Secure-Link-Services, with an on-demand dynamic access to specified remote devices. So contrary to classical VPN solutions the SECOMEA system does not permit access to the entire VPN network, but only to specified IP addresses, e.g. the PLC controller.
The solution consists of a controller unit (SiteManager) in the CHP switching cabinet and a web or Windows based client (LinkManager) for the customer or service technician.
These two components are linked through the cloud-based M2M communications server (GateManager). As soon as the connection has been established, the controller can be accessed as usual with the VNC viewer. Any retrofitting of existing system is possible without problems.
The smartblock cloud is perfectly integrated into this system.
Essentially, the smartblock cloud consists of several, intentionally separate and isolated components, which means that the architecture of the private cloud consists of several virtual servers for the collection, storage, visualization, securing, demonstration and testing of data.
A further component is the SiteManager hosted in the virtual private cloud, which is connected through an encoded log tunnel with the GateManager. Through the GateManager a secured connection with individual CHP SiteManagers and retrieve data, without influence on other connections, e.g. communication between users (LiinkManagers) to the CHP (SiteManager) All data is also saved permanently in the database integrated into the private cloud.
The visualization of the smartblock cloud itself is possible only via a web browser, which has an interface to the private cloud (and therefore also to the database) and a secure interface to the internet. A secure connection (https) is established to the web server, which will, after authorization and authentication, retrieve data from the database. Any direct connection to the SiteManager respectively the encoded security network, which would present a potential hazard, is not possible.
This is the link to the cloud: