Advances in the embedded management capabilities of today’s’ automation and process control equipment, along with the adoption of Industrial Ethernet as the standard for SCADA inter-device and inter-vendor communications provides plant managersa means to improve productivity and increase uptime by leveraging either a centralized or distributed resource pool to monitor and service plant network segments remotely.
Remote-based management capabilities also create the opportunity for plant managers to take advantage of 3rd-party services offerings, and leverage additional product expertise if required to assist in troubleshooting or preventative maintenance.
However, the remote access advantages of a “networked” plant environment does introduce security risks, as opening up production and process control networks segments to other segments, the corporate network, and possibly the Internet exposes them to the same virus and security threats that corporate IT departments have been facing for years.
ComBrio Virtual Service Infrastructure (VSI) provides the only purpose-built solution that fully addresses the needs of a plant manager that requires remote access to automation devices located within dispersed automation networks, while still meeting the requirements for:
- Simplified Connection Management
- Security
- Accountability
- 3rd-Party Control
Simplified Connection Management
As a more efficient alternative to internal VPN connections, VSI eliminates the complexity of having to open ports across firewalls, build specialized DMZ’s, and/or create manual Access Control Lists (ACL) in order to limit remote service technician’s access rights to automation network segments. VSI simplifies connection administration by automating the setup and removal of all rules required to connect authorized technicians to the specific devices they have rights to manage.
Security
The security features of VSI assure plant managers that they are meeting all existing corporate security practices.A VSIgateway located on the automation networkacts as a DMZ by performing the secure bridge function between the automation network and remote support expertise, thus locking down communications to include specific devices and authorized support personnel.
Additionally, all VSI remote sessions are encrypted connections assuring security and integrity of the data transport while eliminating security risks to other elements within the automation network.
Accountability
VSI addresses the accountability limitations found with VPNs and dial-up solutions by maintaining a complete and detailed audit trail of all remote sessions that include the who, what, when and duration of all remote connections.
3rd-Party Access Control
In addition to meeting internal needs for remote access, VSI also provides the ability to extend simplicity, security, accountability and control to 3rd-party partners. This allows plant managers to take advantage of 3rd-party services and maintain security policies and internal practices for remote access, all with a single homogenous solution.
The use of ComBrio’s VSI solution in Ethernet-enabled automation networks, enables plant managers to improve operational efficiencies and utilize remote services with minimal investment in infrastructure and applications, while still meeting the corporate requirements for security, accountability and control.
