Secure remote service benefits
30 June 2015
For OEMs, offering secure remote service capabiltites for equipment can offer cost-saving benefits for all, as one equipment manufacturer has discovered.
ZIPPE Industrieanlagen is an equipment manufacturer that provides systems for the glass industry in 75 countries, a major challenge for service provision. The company has been using remote services for the past 20 years which enables them to react quickly when system errors occur, and to provide an additional range of services. New technologies have helped the company to make the service more powerful and secure.
Currently, the company uses remote services for 200 installations in 75 countries. Every new plant is now equipped with mGuard remote services infrastructure by Innominate. This technology facilitates remote maintenance via broadband and secure IP/VPN (virtual private network) connections.
Thorsten Zimpel, head of process control system at ZIPPE Industrieanlagen GmbH, explains why remote services are of such major importance. He said: "Real-time problem diagnosis and problem solving is becoming increasingly important, because spontaneous, unpredictable errors cannot be ruled out in such complex systems. The customer often finds it difficult to carry out a quick, targeted problem analysis and to introduce and implement the necessary troubleshooting measures." The solution allows the company to have specialists that provide worldwide support for the commissioning of every system from the company headquarters in Germany.
The use of broadband connections has opened new possibilities for remote services. During the warranty period, the performance of ZIPPE systems are continuously optimised via remote services and even after the warranty period has expired, online access can be used to resolve errors or provide additional maintenance and services. "Remote services mean that we can employ less staff on-site, while also expanding our service offering. In case of more distant system locations, the investment in the technical components already pays for itself after only one saved trip," said Zimpel.
Improved system performance
Modern ZIPPE systems, such as fully automatic glass batch production systems, are controlled and monitored by automation devices, weighing and dosing computers, as well as networked control systems. The automation systems take over the control of cyclic processes and accurate dosing and weighing of raw materials. The control system includes the visualisation of the system with manual control, the monitoring and reporting system, data entry, recipe handling, reporting, and production data archiving.
The control system provides numerous adjustment screws to fine-tune these complex systems for optimum performance. Remote services make it possible to retrieve statistical functions which are used to control product quality. The analysis of this data will indicate whether the scales are still within the tolerance range, dispensing services and dispensing times become visible, and operating protocols provide an insight into the control of the system.
Many customers request the assistance of ZIPPE technicians with the correct interpretation of the data and the resulting measures to be derived from it. They remotely configure and optimise all relevant parts of the system, as well as the software modules used to plan and organise maintenance. However, before service technicians are able to access the system online, an important security feature of the mGuard technology comes into play - the customer must first use a hardware switch to enable any online access.
Protecting the network
The basic package of the remote services solution includes a VPN-enabled Ethernet router with IPsec (IP security protocol) encryption, a configurable firewall and the VPN hardware switch. After online access has been enabled via the hardware switch, a VPN tunnel that is safe from eavesdropping and manipulation is established between the customer-side system and the service technician at ZIPPE, using hardware based encryption. In addition, the firewall ensures that the systems are isolated from the customer's network.
"We have been convinced by the security concept provided by the Innominate remote services solution,” said Zimpel. “It is designed for the industrial environment, administration is relatively easy and we can integrate the DIN rail-mountable metal housings into our control cabinets."
Having the ability to also integrate the secure remote services technology into existing systems without ‘default gateway or standard gateway’ was important to ZIPPE. The ‘Remote VPN NAT’ function is used to map the entire data traffic, which travels over the VPN, on the local network via the configured address. As a result, a default gateway is not required.
The company is now planning to provide its remote services for its legacy systems in the near future thanks to an additional feature of the mGuard Firmware. Up until now, plant operators have refused access to legacy systems running Windows NT or Windows 95 for security reasons. mGuard CIFS Integrity Monitoring, an optional mGuard Firmware module, provides an industrial-strength alternative to antivirus software with its CIFS Integrity Monitoring module which provides older versions of Windows such as Windows 98 with an industrial-strength alternative to antivirus protection, without a constant supply of current virus patterns.
mGuard also facilitates an external virus scan on drives of systems that are located ‘behind’ mGuard, which cannot otherwise be reached from the outside, for example, industrial PCs in production cells, and cannot use antivirus software that is installed locally.
Contact Details and Archive...
Most Viewed Articles...