Every company wants to simplify its business costs and increase revenue but, often, the different applications or solutions available are expensive, vulnerable and too complicated to implement in-house.
In the past, remote support for industrial equipment was quite simple. You needed a dial-up modem in each machine, and to connect to it, you just dialed the number and you were online. Today, the Internet gives us higher-speed access, but also introduces new challenges like routing, IP addresses, firewalls, virtual private networks (VPNs), NAT and Subnets. Threats like malware, cyber-attacks and viruses, as well as the need for regulatory compliance, are pushing companies to secure their assets and automation and control processes, so industrial remote communication must run through a secure path.
All of these requirements can guide a company to implement a VPN to securely communicate to its remote machines. But behind every solution, there is a complex universe with different needs, including servers, data centers, network layout, bandwidth, space at the office, power requirements and IT conversations most engineers will want to avoid.
A mesh of requirements like these may involve a team of experts to install, configure, maintain and execute. Multiply this by hundreds of end customers at install sites around the world, and you can understand why large companies make progress by merging engineers’ need for a VPN with their own technical support team to create a specific solution that fits their goal. But smaller companies seeking the same VPN solution may not stand a chance.
Access to industrial equipment does not have to be difficult, insecure or expensive. Small- to medium-size businesses are finding that cloud-based services, such as Gmail, Dropbox or even disaster recovery programs, can simplify their processes and increase revenue. Small companies do not need to invest a lot of time or money to maintain these cloud-based services. Instead of managing a solution by yourself, a central data center can do it for you, making deployment faster and less expensive.
A VPN is one such service available through the cloud today. It offers OEMs, machine builders and system integrators a highly secure, easy and web-based method for instant remote support to any machine and production plant around the world. There is no need for in-house VPN servers, no need for a technical team, and no need to maintain or upgrade systems. By connecting to a VPN cloud service, you will just need an authenticated login and a pre-configured VPN (done by cloud administrators especially for you). You can personalize your machines, remote locations and service technicians, then just click and connect. These capabilities are changing the way companies think about VPNs, not just for IT applications, but also for industrial ones.
VPN via Secure Cloud
Implementing and operating an industry-standard VPN can be a complex task. For small to medium-size companies, or those with very specialized machines, it is almost impossible to run a reliable and efficient in-house remote service solution at a reasonable cost — yet the companies’ continued success requires it. OEMs and machine builders are looking for a cost-effective, easy, manageable and reliable remote communication solution. Essentially, the VPN service provider becomes the user’s IT department for its VPN needs. Setup takes place in a few easy steps when the configuration is provided. The cloud-based VPN offers technicians simple, accelerated support to remote machines and processes. At the same time, it enables them to make a fast evolution into newer projects.
The cloud-based VPN is based on fundamental pillars that depend on proper operation: the hardware/software platform and infrastructure. Servers housed in a modern data center with monitoring done 24 hours a day, seven days a week, 365 days a year, will ensure maximum reliability to support your end customers. A central VPN forms a powerful infrastructure in the cloud, securely interconnecting the service staff with industrial machinery via the Internet. To guarantee confidentiality, authenticity and integrity of all information and data transmitted between the user and the industrial system, look for the strongest security standards available — IPsec VPN technology using AES-256 encryption.
A cloud-based VPN is based on a multiuser architecture. An account manager for an OEM or other business will register via a website. After registration, the account manager will gain all the access to that unique account and will be able to add more support personnel by name, email address and password. Managers can even restrict what these technicians can do online, that is, define each individual just as a user or as another administrator able to create and set up new machines. Account managers can also customize the look and feel of the machines. They can organize them by state, project number, end customer’s name, etc. They can also identify almost every aspect of each specific machine, such as name, brand, parts, date it shipped and more.
After registration and personalization, the account manager can enroll new machines. The enrollment process consists of a set of questions that provide information that the VPN cloud administrators need to provide the account manager with a unique VPN configuration. This ensures that the data and tunnels will be isolated, encrypted and protected from others. The account manager can choose to receive the configuration for the specific machine via email or direct download from the cloud website.
To communicate to the industrial equipment, every OEM will have an exclusive two-factor authentication:
- A unique account ID, username and password combination to authenticate to the cloud website
- A unique X.509 private certificate security device or VPN software client that connects directly to the cloud-based VPN (The industrial equipment that needs the support will also connect to the cloud server with unique X.509 certificates.)
The user will log in, choose the machine and click on “start” to initiate the VPN connection. There are no firewalls to overcome, no routing to manage, no ports to open* — giving you total control of your equipment through the actual IP addresses. With very little effort from the account manager and end customer, the support team will be able to communicate with the industrial equipment securely through the cloud.
* Some IT departments block all sorts of traffic, including https, but this is very rare. And if an IT department forces traffic through a proxy server, some VPNs can be configured to communicate through that.
Benefits of a cloud-based VPN:
- Total control of remote locations and customer machines in just a few clicks
- IPsec VPN is an accepted and highly secure IT standard
- Reduced cost of travel while providing superior customer service
- 24/7 support and service to machines
- Ability to identify and solve complex problems remotely, provide program updates and ease commissioning of new equipment
- Revenue creation via warranty or extended service support
- Easy configuration provided by email, download or SD card
- Ability to maintain regular contact with machinery in the field
Many companies are turning to cloud-based services because of the lower personnel, hardware and installation costs. Cloud-based solutions are also more adaptable, secure and reliable than most in-house managed applications on the market. Users don’t have to become experts in new technology or perform upgrades to the solution. OEMs, machine builders and system integrators can give their end customers more secure and reliable support, which frees up time for other projects. Cloud-based services also reduce hardware costs, as most services will require a monthly or yearly subscription, rather than additional devices.
Industrial VPN cloud-based services are a simple idea, but they can have an enormous effect on day-to-day workload. Since these services do not require IT resources, they save the engineers conversation time with their internal technical department, so they can focus on other important projects, like customer expansion and deployment of more industrial equipment.
Mariam Gallegos is product marketing specialist for networking and security at Phoenix Contact USA.