TYPES OF INDUSTRIAL VPN ROUTERS FOR REMOTE ACCESS
What to consider before deploying the device in your industrial network.
Industrial VPN routers, also known as IoT gateways, offer a wide range of features covering a plethora of different use-cases. Learn about the different types of VPN routers and IoT gateways and what to consider before deploying such a device in your industrial network.
SIMPLE DATA ACQUISITION DEVICES
Despite being categorized as gateways, these are seldom used for VPN connectivity, although the platform may offer IPSec- or SSL-VPN capability. In their simplest form they are based on MQTT subscriber/publisher principles for sending simple messages, such as status and event values.
For price sensitive use cases, a popular choice is the Raspberry Pi, and similar open single board computers.Such devices may not have a high degree of security, so are often used with equipment and data considered to be of low risk if compromised. The devices are typically based on Open Source platforms, such as Linux, which by itself could be an open door for hackers to exploit. Many such devices are also equipped with broadband connectivity, which may bypass the applied security measures of a site. Enabling VPN Routing on these devices should therefore be carefully considered.
Encrypted connection between engineers and devices
The Secomea SiteManager Software version is able to run on platforms where VPN connections are established inside out, and only standard Web ports are used. All encrypted connections are terminated at the central GateManager Access Management Server, establishing the link between engineers and devices dynamically through an encrypted connection.
EDGE COMPUTING DEVICES
At a higher level you will find more advanced gateways that not only collect and send data to a cloud, but also process the data beforehand. This may be basic aggregation of data, such as summarizing and sending an average or a peak value, but could include more complex tasks, such as machine learning, where the device gives instructions to other equipment at the site.
Combine data collection with VPN connectivity
Microsoft Azure IoT and Amazon AWS IoT Greengrass are examples of cloud controlled software components that require a suitable hardware gateway as a host, typically this would be a Windows or Linux based platform with a Docker daemon. Yet, such edge gateways are typically not combined with VPN connectivity, but could be by installing the Windows or Linux version of SiteManager Software. Depending on the applied network segmentation, you should carefully consider if this may violate your IT policies.
STATIC VPN ROUTERS
Most devices in this category are intended as routers for VPN connections between two static end-points. These may be part of the industrial IT infrastructure, and may even be incorporated in the industrial firewall. Typically, the VPN Router may not necessarily have industrial grading, and may sit in a server room rather than a machine cabinet. Popular brands for industrial automation control system (IACS) networks are Cisco, Fortinet and Palo Alto.
Static connection limited to only a single port and IP address
If using low-cost single board computers, or dedicated IPC platforms from e.g. Advantech or Lanner, you may consider embedding the Secomea SiteManager Software into the platform with Secomea’s LogTunnel enabled. LogTunnel allows you to configure both unidirectional and bidirectional static connections which can be limited to only a single port and IP address. This will prevent undesired traffic between the end-points.
REMOTE MAINTENANCE VPN ROUTERS
In this category, we find devices such as the Secomea hardware SiteManager that are designed for industrial automation environments and used in a wide range of industries such as the food and beverage, packaging as well as in pharmaceutical and medical applications.
The typical requirements for these devices are:
- Must be industrial graded
- Must have both Ethernet and Wireless option
- Must do dynamic VPN for different external partners
- Should preferably be able to do data acquisition
- Must be centrally fleet managed
Meet all the requirements for secure remote maintenance
Several hardware platforms are available on the market, but only a few meet all the requirements for secure remote maintenance. For those that do, it is essential that they are well integrated and easy to install.
The Secomea SiteManager Hardware meets all these requirements.
All-IN-ONE INDUSTRIAL VPN ROUTER
The Secomea VPN Router is designed for industrial environments and meets all the requirements of a secure remote maintenance, offering a turn-key solution that is easy to use while ensuring the highest level of security. SiteManager not only allows you to establish a secure VPN connection to your machines. It is also a powerful data collection and aggregation device, empowering you to collect data from multiple machines and send that data to different cloud solutions for further analysis.
INDUSTRIAL VPN GATEWAY FOR HMI AND PLC REMOTE ACCESS
As plant floors are becoming more connected and complex, the demand for remote support for PLC’s and other associated peripherals such as HMI’s increases. Secomea’s SiteManager is the ideal industrial VPN gateway for securely accessing your industrial equipment remotely to view and control interfaces, troubleshoot equipment and install updates.
The VPN gateway is available as a robust, industrial, graded DIN-mountable device or as software which can be easily installed on Windows or Linux computers, HMIs, IPCs, or other computer platforms.
INSIDE SECOMEA
RESOURCES
CONTACT
Secomea Headquarters
Copenhagen, Denmark
+45 88 70 86 50
info@secomea.com
Find addresses here
