REMOTE CONNECTION FOR TROUBLESHOOTING AND DATA ANALYSIS
We provide solutions or services that can also support customers remotely.
Not only because it is possible to provide a timely service, but also to guarantee and improve the continuity of service process delivery.
For this reason, OCME has decided to strengthen its remote assistance service.
This allows us to have total control of VPN connections and to guarantee maximum security and transparency to the end customer.
The solution is uniquely designed for the Automation Industry, certified to the highest global cybersecurity standards from both an IT requirement and a corporate policy perspective.
It is a VPN client software installed on remote service engineer laptop. This is the application used by remote service engineer to connect to the GateManager Server
GateManager is the central hub of the remote service solution, which contains the Machine Pool Management service.
GateManager checks access rights before establishing the connection between technician and the SiteManager.
User accounts, authorization settings and machines are all managed by the GateManager server.
SiteManager is the device responsible to connect a machine (Single Machine) or machines network (Multiple Machines) to the public network and it is installed in the machine’s electrical cabinet or in the Network Cabinet respectively. It can reach all the machine’s devices on which remote maintenance is necessary such as PLC, HMI, ROBOTS, etc.
A minimum of 2Mbps network download/upload throughput is required
to ensure a smooth remote service session.
Remote maintenance with a throughput less than the minimum requested could be possible but the remote maintenance would be much less effective and last longer than necessary or, in the worst case, not be possible.
Authentication by certificate and password
As an OPTION you can have two-factor authentication (2FA) via SMS.
Transparency of remote assistance activities for the customer.
The customer is created a Domain Observer account that allows him to verify who, when and why (who intervenes is obliged to specify a reason code) a remote assistance has been made.
Selectivity of remote assistance
Remote access to OCME machines in a plant is by machine type. For example, only Ocme's packer technicians can perform remote maintenance on Packer machines. The same applies to remote maintenance of third party machines supplied by Ocme, which is done by vendor. The remote service technician can only connect to their company's machines.
Remote assistance activities control by the customer
The customer, both in case of remote assistance of a single machine and in case of remote assistance of a plant, can enable the remote assistance. The remote assistance is enabled through the machine HMI (in case of single machine remote assistance) or through the key selector of the remote assistance keyboard of the Networks Cabinet in case of plant remote assistance. In addition, the customer or on the HMI of the machine or on the remote assistance buttons of the network cabinet, has the indication that a remote assistance is in progress.
VPN networks, firewalls and certificate-based authentication ensure maximum security for the Secure Remote Maintenance (SRM) connection. Protection is provided against man-in-the-middle and denial-of-service attacks (DoS/DDoS attacks).
Components and Software for the remote access passed the Security Concept Audit based on BSI (German federal office for information security), ISA 99, and IEC 62443 (IEC62443-3-3, IEC62443-4-2)certified according to IEC62443 standards.
ACCESS TO STAND-ALONE MACHINE or MULTIPLE MACHINES
When a remote service connection is required, an OCME remote service engineer launches the LinkManager application installed on his laptop and logs on to GateManager by a Web interface.
GateManager server establishes then a secure connection to the SiteManager device installed in the machine electrical cabinet at customer premises (see picture).
Only after successful authentication, a VPN connection is established allowing the remote service engineer to access the single machine or, with multiple machines, there are a selective access to remotly maintenance
REMOTE CONNECTIVITY FOR EQUIPMENT PERFORMANCE MONITORING
REMOTE CONNECTIVITY FOR TROUBLE-SHOOTING
PROGRAMMNG ACCORDING TO OMAC-PACKML PROTOCOL FOR COMUNICATION WITH CUTOMER LINE SUPERVISION SYSTEM
PROGRAMMNG ACCORDING TO WEIHENSTEPHAN PROTOCOL FOR COMUNICATION WITH CUTOMER LINE SUPERVISION SYSTEM