Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Scalable Secure Remote Access Solutions

1,199 views

Published on

Enable remote support groups and partners to monitor, manage and configure plant-wide automation equipment and machinery via secure remote access. This presentation and demonstration highlight a range of solutions recommended by Rockwell Automation and Cisco for scalable secure remote access. This includes detailing best practices to balance the remote access needs of industrial applications with the secure access policies and requirements of IT. Viewing the Design Considerations for Securing EtherNet/IP Networks presentation is recommended.

Published in: Technology, Business
  • Be the first to comment

Scalable Secure Remote Access Solutions

  1. 1. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Scalable Secure Remote Access Solutions Sal Conti - Product Manager Shawn Boike – Sr. Application Engineer April 2014
  2. 2. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 2 Agenda Customer Impact Secure Remote Access Demonstration Scalable Solutions
  3. 3. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Customer Impact You’re most likely dealing with leaner budgets and staffs, an aging work force, remote locations and employees trying to keep pace with ever-changing technology. Wouldn’t it be great to enable the best qualified engineer to have visibility and access to every site? Virtual Support EngineerTM provides you secure remote access to your sites while providing you valuable information on the health of your assets and systems. If you choose to support your systems, Virtual Support Engineer provides you valuable information while enables you to securely access your systems. If you would rather have Rockwell Automation experts provide the support for you, Virtual Support Engineer connects knowledgeable resources to prevent or optimize your production, in addition to offering support during unexpected failures. All while giving you total visibility and control over who has access, what they have access to and what information they can see. If you’re looking to optimize your operations, improve employee efficiency and increase productivity, Virtual Support Engineer from Rockwell Automation is your answer.
  4. 4. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. The Modern Enterprise 4  The Modern Enterprise  Connected Enterprise  Technology Convergence  Automation and IT Technology  Global Enterprise  Global Partners  Modern Issues  Aging Infrastructure / Workforce  Control System Complexity  Competency  Connectivity  Heightened Security  The Need to Increase Productivity
  5. 5. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Cost of Downtime 5  $20B = cost of unscheduled down time  89% of unplanned downtime is completely random, and unpredictable.  8% is spent figuring out if there is a real problem,  21% is spent diagnosing the problem,  47% is spent scrambling to get the resources to fix the problem.  That’s 76% of the time before the fixing even starts! Rockwell Automation’s Remote Monitoring and Diagnostics can help resolve issues faster, eliminate unneeded maintenance activity and get you back up and running faster!
  6. 6. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Value Statement  Reduce total cost of downtime  Highly-skilled engineers respond quickly to an unplanned downtime event and savings are realized by a fast, organized response. In most cases even the problem resolution can be identified in less time than it takes for a typical internal response. – Internal response times typically run between 30 – 60 minutes – Large investment in time prior to seeking outside help  Reduce downtime  Dramatic reduction in duration of unplanned downtime  Warnings are passed to engineers who can analyze and provide recommendations to reduce or prevent unplanned downtime events.
  7. 7. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 7 Agenda Customer Impact Secure Remote Access Demonstration Scalable Solutions
  8. 8. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Secure Remote Access Defining “Good – Better – Best” Good – Virtual Support Engineer Standard  Outbound Only Communication(443 & 80)  User Authentication  Remote Access Audit Trail  End-User Control (On/Off) Better – Virtual Support Engineer Enhanced  Outbound Only Communication (443)  Secure Socket Layer  Certification  Fingerprint  Limit access by User and/or IP address  User Authentication  Remote Access Audit Trail  Remote Access Notification  Remote Access Surveillance / Recording  Complete End-User control Best – Virtual Support Engineer Enhanced +CPwE  Virtual Support Engineer Enhanced Features  Rockwell Automation / Cisco Reference Architecture Compliant
  9. 9. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Virtual Support Engineer Standard Good Security 9 Level 3 Level 2 Level 1 Level 0 FactoryTalk® Application Server FactoryTalk Directory Engineering Workstation FactoryTalk Client Operator Interface FactoryTalk Client Engineering Workstation Operator Interface Batch Control Discrete Control Drive Control Continuous Process Control Safety Control Sensors Drives Actuators Robots Industrial Security Zone Cell/Area Zone Firewall Basic Control Process VSE- Remote Access Virtual Support Engineer Standard • Good Security • Alarm on PLC Tags • Reports and Dashboards Good Security • User Authentication • Access to entire network • End-User Control (Grant / Deny) • Does Not Limit Device Access • Not compatible with Virtual Support Engineer monitoring Services Service Center
  10. 10. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Virtual Support Engineer Standard Secure Remote Access  User Authentication  No Network Isolation  Access log in Virtual Support Engineer Service Center  No Audit Log  No Surveillance  Remote access limits set by network architecture.
  11. 11. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Virtual Support Engineer Enhanced Better Security 11 Level 3 Level 2 Level 1 Level 0 FactoryTalk Application Server FactoryTalk Directory Engineering Workstation VSE- Remote Access Client FactoryTalk Client Operator Interface FactoryTalk Client Engineering Workstation Operator Interface Batch Control Discrete Control Drive Control Continuous Process Control Safety Control Sensors Drives Actuators Robots Industrial Security Zone Cell/Area Zone Firewall Site Operations and Control Area Supervisory Control Basic Control Process VSE- Remote Access Virtual Support Engineer Standard • Good Security • Alarm on PLC Tags • Reports and Dashboards Good Security • User Authentication • Access to entire network • End-User Control (Grant / Deny) • Does Not Limit Device Access • Not compatible with Virtual Support Engineer monitoring Services Virtual Support Engineer Enhanced • Better Security • Alarm on any Ethernet Device • Reports and Dashboards Better Security • Multiple Security Levels • Limits Remote Access • Limits Data Flow • Complete End-User Control • Compatible with Virtual Support Engineer Monitoring Services Internet
  12. 12. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Virtual Support Engineer Enhanced Multiple Security Levels Virtual Support Engineer: Continuously polling the Comm Server from inside firewall using HTTPS on Port 443 to 2-3 specific IP addresses. – Data is compressed, encapsulated, encrypted – No possibility of VPN bleed or fake connections – A secure multipurpose tunnel to your sites Cert. Cert. Cert. Cert. Finger Print Finger Print Finger Print Finger PrintFinger PrintFinger Print 12
  13. 13. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Virtual Support Engineer Multiple Security Levels 13 Customer Site PrepaidApplication DACDatabase TelepathServer SMSC Network Device Other Site Server Internet Only rules approved by site are installed. Each system’s passwords can be set and managed locally by the Site Administrator. Site Administrator can control the data collection username / password Authentication for access by Site Administrator Site Administrator can control the data flow Firewall remains intact. Only Port 443 used Audit Trail Every action can be approved or denied by the Site Administrator
  14. 14. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Virtual Support Engineer Standard Secure Remote Access  User Authentication  End user manages access requests  Grand / Deny  Device Access Control  Data Flow  Remote Access  Remote Access Notification and Control  Remote Access Surveillance  Network Isolation through Virtual Support Engineer configuration  Audit log  Access  Surveillance Video
  15. 15. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. FactoryTalk Asset Centre Rockwell Automation VSE + FactoryTalk Asset Centre 15 Level 3 Level 2 Level 1 Level 0 FactoryTalk Application Server FactoryTalk Directory Factory Talk Asset Centre VSE- Remote Access Client FactoryTalk Client Operator Interface FactoryTalk Client Engineering Workstation Operator Interface Batch Control Discrete Control Drive Control Continuous Process Control Safety Control Sensors Drives Actuators Robots Industrial Security Zone Cell/Area Zone Firewall Site Operations and Control Area Supervisory Control Basic Control Process Internet
  16. 16. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. FactoryTalk Asset Centre Rockwell Automation VSE + FactoryTalk Asset Centre  Authentication through VSE and FTAC  Network Isolation through FTAC configuration  Audit log in FTAC  Access  Changes  Compare  Audit Log in Virtual Support Engineer Service Center  Surveillance Video OEM configured with their own folder structure. Isolating access and view of entire network. Complete Audit Log of OEM Activity.
  17. 17. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Virtual Engineer Enhanced + CPwE Best Security 17 Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Virtual Support Engineer - Remote Desktop Gateway Patch Management AV Server Application Mirror Web Services Operations Application Server Enterprise Network Site Business Planning and Logistics NetworkE-Mail, Intranet, etc. FactoryTalk Application Server FactoryTalk Directory Engineering Workstation VSE- Remote Access Client FactoryTalk Client Operator Interface FactoryTalk Client Engineering Workstation Operator Interface Batch Control Discrete Control Drive Control Continuous Process Control Safety Control Sensors Drives Actuators Robots Enterprise Security Zone Industrial DMZ Industrial Security Zone Cell/Area Zone Web E-Mail CIP Firewall Firewall Site Operations and Control Area Supervisory Control Basic Control Process Logical Model – Industrial Automation and Control System (IACS) Converged Multi-discipline Industrial Network No Direct Traffic Flow between Enterprise and Industrial Zone Virtual Support Engineer • Remote Access • Monitor and Alarm Mgmt. • Maintenance Tools
  18. 18. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 18 Agenda Customer Impact Secure Remote Access Demonstration Secure Remote Access
  19. 19. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Secure Remote Access  Virtual Support Engineer End User Control  Secure Vendor Access  Remote Access History  End User Options  Site Administrator Access  Site Administration Access Control  Device Access Control  Data Flow Control  Remote Access Notification and Control  Remote Access Surveillance 19 Virtual Support Engineer Secure Remote Access Demonstration.
  20. 20. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 20 Agenda Customer Impact Secure Remote Access Demonstration Scalable Solutions
  21. 21. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 21 Virtual Support Engineer Scalable Solutions Remote Monitoring and Diagnostics Virtual Support Engineer Virtual Support Engineer Managed Services Standard • Tags and alarms • Reporting/Dashboards Enhanced • Tags and Alarms • Reporting/Dashboards • Advanced Security Features • CPwE Network Security Framework Secure Remote Access • Vendor access • End user access Asset Health Support • Network Infrastructure • Virtualization • MV Drives • PLCs • LV Drives (coming soon) • MCCs (coming soon) • PlantPAx (coming soon) System/Process Health • Drive systems • Control systems Dashboards & Reporting
  22. 22. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 22 Virtual Support Engineer Comparison Matrix Virtual Support Engineer Virtual Support Engineer Standard Virtual Support Engineer Enhanced Virtual Support Engineer CPwE Rockwell Automation support – 24x7x365 English support and 8-5 local language support X X X Remote Access X X X Outbound only communication to create remote access X X X Outbound Port 443 Only X X Outbound Port 443 and Outbound Port 80 X Alarming on tags X X X Alarming on PLC tag based devices X X X Alarming on any Rockwell Automation and EtherNet/IP device X X Email and Text message alarm notifications X X X Cellular option available X X X Supports Modbus TCP and RTU devices X Supports third party controllers X Customizable Secure Remote Access and Device Alarming X X Reporting/Dashboards X X X Security Layers Remote Access Log X X X Ability to create user roles and groups X X X SSL encryption X X Security Certificate Registration X X Security Fingerprint Certification X X Recording of Remote Desktop Sessions X X End-user access control rules End-user grant/deny access X X X End-user device access control X X End-user data collection control X X End-user data flow control X X Network Security Framework Complies to the CPwE framework X
  23. 23. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. We care what you think!  On the mobile app: 1. Locate session using Schedule or Agenda Builder 2. Click on the thumbs up icon on the lower right corner of the session detail 3. Complete survey 4. Click the Submit Form button 23 Please take a couple minutes to complete a quick session survey to tell us how we’re doing. 2 3 4 1 Thank you!!
  24. 24. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. www.rsteched.com Follow RSTechED on Facebook & Twitter. Connect with us on LinkedIn. PUBLIC INFORMATION Thank You

×