HMS Industrial IoT Blog

Stay up to date with the latest technical developments and trends within industrial communication and IoT.

ケーススタディ

産業用通信および IIoT のソリューションプロバイダーである HMS が、お客様のビジネス向上にどのような役割を果たしているのかをご確認ください

Browse Through the Media Library

A compilation of whitepapers, ebooks, podcasts, videos and imagery focused on industrial communication

Industrial IoT Blog

Stay up to date with the latest technical developments and trends within industrial communication and IoT

Media Library from HMS Networks

Spotlight: Secure Remote Access for Industrial Machines Ebook. Get your free copy to learn the business benefits of remote access

The Newsroom

Latest News: Industrial network market shares 2019 according to HMS

HMS Hub™ - ハードウェアとソフトウェアの接点

HMS Hub - 新たにリリースされた Anybus Edge システム内で産業用データをつなげる新しいソリューション

Realizing the factory of the future with 5G

Safer, flexible and more efficient manufacturing systems will be possible thanks to the ultra-low-latency and reliability of 5G connectivity. Learn how HMS can help.

産業用通信に No. 1 の選択を

産業用通信および IIoT を実現する製品の独立系リーディングサプライヤー

IIoT の実現

HMS は産業機器と IoT ソフトウェアをつなぎ、IT と OT の間をスムーズに橋渡しします

産業用システム向けセキュリティソリューション

HMS の先進的なセキュリティ機能はデータとシステムを保護するだけでなく、IoT システムを守るベストプラクティスを明らかにします

ビッグデータによるビジネス改善

コスト削減、効率向上、より的確な決断を可能にするビッグデータの活用に、HMS のソリューションがお役に立ちます

TechTalks from HMS Networks

Stay up to date on the latest trends in the world of automation and IoT. Learn from HMS' industry experts in the TechTalks webinar series.

最高レベルの製品は先端技術による製造環境から

HMS は、最新設備を導入した世界中の拠点でお客様からのご要望に応える製品を製造しています

サステナビリティが意味すること

HMS のビジョンは、より生産性が高く持続的な世界のために産業用機器の通信を可能にすることであり、会社としての成長や収益性を目指すだけでなく、環境や社会に対する責任も担っています

テクノロジーの最先端で働いてみませんか?

近年急成長を遂げている HMS では、500 名以上のスタッフが 世界中に広がる 15 か国で 働き、同じ企業価値を共有しています

HMS Solution Partner Program

Leverage your automation and IoT software expertise on HMS industrial connectivity hardware and turn industrial data to end customer value

HMS の最新ニュース

世界各国の HMS に関する最新情報をお届けします

HMS が提供するワールドクラスソリューション

HMS の 3 つの製品ブランド、Anybus、Ixxat、Ewon による産業用通信や IIoT に最適なワールドクラスのソリューションをご紹介

Connecting Devices™

産業用機器の通信を実現する HMS は、その技術によって何百万台ものロボットやエンジン、ドライブ製品、発電機など、ビジネスに不可欠な設備を接続しています

Handling the Challenges of Servicing Automated Warehouses

by Jason Block | 6 17, 2019

 

logistics-warehouse-automated  

 

Sign up for our TechTalk to learn how to service your automated warehouse from anywhere:

Webinar Registration

 

Within 6-10 years, the use of automation and robotics is expected to be adopted in some form by over 80% of logistics providers, either in support of manufacturing operations or in support of retail and e-commerce.

These consist of complex system such as Automated Storage and Retrieval Systems, Robotic Cells, Autonomous Guided Vehicles and Conveyors among others. While delivering tremendous improvements in efficiency and cost savings, these systems require service personnel with specialized knowledge to maximize availability of these systems. Additionally, many of these systems may be provided by differing suppliers requiring service availability from multiple organizations. This can be very challenging when coordinating on-site service, so it is critical to support remote service models.

From the perspective of the supply logistics provider, their processes are core components of their intellectual property so being able to support remote service models can be a concern as it is often viewed as exposing their intellectual property to outside parties.

It will be an ongoing challenge to maximize the availability of these systems while addressing security.

 

Current Solutions and Challenges

There are several ways that remote service can be addressed. These include site-supported VPN connections, Remote Desktop applications, internet routers and cloud-supported Remote Access appliances.

With site-supported VPN, local IT staff manage user authentication and access management for remote service resources in addition to managing access to specific LAN segments based on the user. This has the benefit of giving the end user maximum control over access to their systems by outside resources but can present challenges in terms of availability for service personnel as VPN access may not be in an always-on state and may require manual handling to enable. This means that access for service personnel is often dependent on the availability of IT personnel. Additionally, changes to the machine IP address structure may require reconfiguration of the VPN. Supporting VPNs can require significant IT resources and if not properly managed may expose the broader network to vulnerabilities.

With Remote Desktop applications, the service person would connect to a PC onsite hosting the software applications needed to service a piece of equipment. This is manageable when dealing with single vendors supporting the entire system but can become very challenging with multiple support teams needing connectivity. Each vendor would essentially need their own PC supporting their toolchain of software applications for the machinery they support. This can be cumbersome to support and expensive from a software licensing perspective.

Internet routers/modems that support connectivity outside the facility’s IT network can be useful and reasonably inexpensive if the machine network is well isolated. A common example would be a cellular hotspot. The challenge with these devices is that if the machinery is part of a broader LAN, the larger network may be exposed creating vulnerabilities. This is often forbidden by IT personnel for long-term installations but may be used in times of critical downtime when access is needed.

Lastly, there is the cloud-managed remote access appliance. This typically consists of a hardware router installed in the machine that uses a cloud-based broker to manage the VPN connection. The router normally initiates an outbound-only connection to the broker either through the facility’s IT network or through an external network while the broker authenticates the user (service person) then connects the system for service. This is beneficial for the machine provider as it allows them to create connections when service is needed helping to maximize availability of the machine. The key challenge with these solutions is convincing IT personnel that these systems are providing the appropriate level of security needed to protect their assets and intellectual property. The closing section will help to address these challenges.

 

cloud-remote

 

Evaluating Cloud-Based Remote Access

There are numerous things to consider when evaluating cloud-based remote access solutions. These include how much control for remote access is afforded the end user versus the machine builder, how data is encrypted, how exposed is the plant network, and how users are authenticated and managed. It is also important to consider how remote access suppliers safeguard their own systems from a security perspective.

It is critical to provide some level of control for the machine owner as to when remote access is available. It could be a significant safety issue if the machine is not properly locked out/tagged out before the machine is serviced by remote personnel. To address this, it is important to have some capability for the router to be hardware disabled from initiating a connection. This would normally be addressed by using a physical input on the device that enables or disables remote connectivity and would require onsite personnel to switch the machine into a service mode.

Encryption processes are also key when looking at remote access solutions. Since the system involves a remote access appliance, VPN broker and end user, it is important that the entire pathway be encrypted. It is important to determine how data is encrypted between the appliance and cloud broker (ex. TLS/SSL), how certificates are handled and how data is encrypted between user and cloud broker (ex. SSL).

Legitimate suppliers for remote access solutions will be very transparent in providing this information.

 

"Another concern is how exposed is the plant network when creating a remote connection."

 

Another concern is how exposed is the plant network when creating a remote connection. This can be addressed in a couple of ways. First is to address how the appliance connects to the broker. Many solutions accomplish this by creating outbound-only connections typically through secure HTTP ports such as 443 or through UDP ports such as 1194. This means that the facility’s firewall does not need to be compromised through the creation of an open inbound port thus removing a vulnerability. Secondly, the remote access appliance can provide LAN segregation which means that the user servicing the system only sees the local LAN of that piece of machinery. The broader LAN is isolated from the user.

Another important aspect is the ability to manage user rights and access. With cloud-based systems, it is important the machine owner can assume the management of the users and apply their password policies and access rights. Additionally, they may want to apply two-factor authentication where the user must supply a dynamically changing authorization code delivered to a personal device (ex. cell phone) in addition to their standard user credentials. It is critical that cloud-based systems support these features to satisfy the security needs of customers.

Lastly, it is important that suppliers of remote access solutions enact processes to secure their cloud-based infrastructure. This can involve developing processes that are certified to ISO27001 to verify that best practices are in place. Additionally, it is critical that routine penetration testing be performed by white-hat organizations of hackers to expose any vulnerabilities that need to be addressed. Most important of all is transparency. When evaluating solutions for remote service, the ability to provide open, accurate information on how the systems function is key.

 

Learn more on how to manage remote access and ensure security with our whitepaper:

Essentials of remote machine access Whitepaper

 

You are not allowed to post comments.

Upcoming Events

Tradeshows and Events

See what events and trade shows HMS will be attending to have a look at our latest technology and speak to one of our experts.
Customer Testimonials

Case Studies

Our customers speak for us when it comes to the quality and dedication we give to them, see all of our success stories.
Explore our Media Collection

Media Library

Browse through the videos, podcasts, imagery, whitepapers, and ebooks created by HMS Networks
View our extensive selection

Industrial IoT Blog

Stay up to date with the latest technical developments and trends within industrial communication and IoT