Secure remote maintenance and access to production infrastructure and machines
Remote maintenance requires flexible, highly available and secure access to machines and systems. This includes securing connections as well as protective measures against potentially compromised networks and end devices. During remote maintenance, identifying target systems can pose a challenge if networks are configured identically.
NCP components allow direct communication up to the correct destination through unique temporary IP addresses and authentication data of the gateways and clients (hardware or software-based). A clear remote maintenance concept and risk assessment are essential for remote maintenance solutions in the highly automated IIoT environment.
It must be clarified in advance which machines, systems and controls need remote access at all. Security must have the highest priority right from the start. Unauthorized access can have negative consequences right up to catastrophic failure of the entire production process. Remote maintenance should also be based on the principle of minimum privilege.
Granularity is critical for a secure solution. For example, remote maintenance systems must ensure that only the affected, authenticated machine can establish an encrypted connection for service by an authorized technician during a limited period of time. Connections must only be established from inside the production network. Remote technicians are therefore only granted access to a specific system requiring maintenance at any given point in time.
The remote gateway can be installed and used directly on systems, machines or dedicated upstream hardware components. However, it can also function as a (virtual) adapter and aggregate and transmit data from other devices (sensors, cameras, etc.), encrypting data if necessary. The central gateway receives the encrypted machine data from the remote gateway and transmits it to further processing systems such as edge devices or cloud platforms.
NCP has developed software components for secure data exchange for several Industrial Internet of Things (IIoT) scenarios. Several components at strategic points in the infrastructure work together to help companies to gain control and encrypt data securely:
- a remote gateway for the secure communication of systems, machines or systems
- a gateway for secure connection of the remote gateways
- a management system for administration, monitoring and integration into existing infrastructures
This ensures data integrity and authenticity required for cutting-edge applications such as AI, Big Data or Machine Learning. The high scalability of the solution ensures that additional encrypted tunnels can be set up for secure data communication, for example streaming live video to monitor machines from the control room. In this way, applications can be clearly separated.