Observe proven processes and improve available methods
A dedicated solution for Field Engineers
- at the office, at home, or on the road
Traditional remote access is based on dial-up modems which is managed though an excel sheet with phone numbers and different setting for individual customers - which is time consuming and error phrone, as well as being practically impossible to reclaim when a field engineer leaves your company. The LinkManager technology is based on a revolutionary dynamic communication technology (patent pending) which automatically adapts itself to all updates from the central GateManager. If a new customer domain is created or new equipment is added (e.g. af new PLC), this will automatically appear in the LinkManager, and then access to the device is just a mouse click away.
Security for your customers
One of the biggest barriers for enabling remote support over the internet is the security concerns raised by the customer (end-user).
Therefore, the SiteManager components have been designed with this in mind. The SiteManager has a local web interface which enables the customer to control remote access, local access rights, and view the local system log.
On top of this, state-of-the-art security standards are built in, such as authentication using x.509 digital certificate, confidentiality using strong AES encryption up to 256-bit, and a stateful inspection firewall, which dynamically adapts itself so only the absolutely necessary traffic is allowed to pass through.
Firewall friendly communication
All communication is initiated by the SiteManager/LinkManager to the GateManager, meaning from the inside and out. With the unique ability to use port as 80 (http) / 443 (https) means that no changes in the customer firewalls are required.
Wireless or wired communication
A SiteManager can utilize multiple communication methods at the customer production site.
The uplink port supports communicating through the customer LAN (Local Area Network) or it can be connected directly to the Internet. If neither of these are applicable, it also has the possibility for wireless communicating through GRPS/EDGE/3G.
Whatever communication method is used, the SiteManager does not require a public or fixed IP address, but can of course support this if required.
Avoiding local IP conflicts
The IP address range on the industrial equipment (PLC, HMI, SCADA) it often the same at each production site. Due to these IP address conflicts, using traditional VPN solutions for remote service access often causes major challenges in complex configuration and maintenance.
With the Remote Device Management solution from Secomea, all such IP address conflicts are automatically and transparently handled by the LinkManager, meaning that you can maintain the same IP address ranges, which often already are used in the analog modem setup.
Leverage on Internet technologies while maintaining full security
The challenge
As more and more industrial equipment is based on LAN technology, more and more equipment from different vendors is attached directly or indirectly to corporate networks.
Naturally, having all sorts of 3rd party equipment and associated control software attached to a corporate network raises concerns with the IT department, and they will want to separate the production environment from the administrative networks, to eliminate the risk of e.g. viruses spreading from or into production networks.
Unfortunately, this separation is seldom possible, as adminstrative processes often need up-to-date information about production status, volume produced, free capacity, downtime, etc.
So we need technology to do the separation, and only allow the needed traffic to flow between the administrative domain and the production domain.
Passive Security
The traditional answer to the separation is by traffic inspection and filtering, where you still allow anyone in the administrative network to communicate with any of the devices in the production environment (and vice versa), but apply various checks to see that the traffic itself obeys certain rules, for example that you only send "well-formed" commands to a PLC, or a PLC only delivers "well-formed" reports to a database server.
However, even a well-formed PLC command may cause great damage. For example, the traffic inspection device cannot know just by looking at the format of the command, whether a "reset PLC" command is from a legal source, or from some malicious origin.
That is why we call this kind of separation passive security.
Active Security
Secomea's answer to the separation challange is based on active security.
With active security, only traffic originating from or destined for trusted and authorized users will ever pass between a device in the production environment and a PC or server in the administrative domain.
Remote Access Security
Since the Active Security approach is also based on Secomea's GateManager, LinkManager and SiteManager components, opening up the production site for secure remote management is trivial
Make VPN Firewall deployment easy, for both ens-users and IT people
EasyTunnel - VPN made easy
Secomea's unique EasyTunnel technology makes setting up a VPN infrastructure easy.
Everything is configured in a few simple steps on the central TrustGate VPN concentrator, so all other TrustGates just need to know the IP address of the central TrustGate.
Traffic-shaping for excellent VoIP performance
All TrustGates support Quality of Service (QoS) Classification and come pre-configured with settings that give excellent VoIP performance, even at slower Internet speeds.
Firewall administration - made easy
All TrustGates have very flexible firewall capabilities which can easily be managed through the web-based graphical user interface.
The firewall includes support for organizing firewall rules into sub-chains, and the firewall log summary feature can provide a quick overview of all traffic through the firewall.
Smooth centralised administration
Secomea's solutions are developed with security, flexibility and business logic in mind.
The centralised administration is done using the GateManager – service and support portal.
It provides the overview of all TrustGate solutions, tunnel status and even takes care of the daily maintenance such as scheduled back-up, audit log etc.