Bucher NetService remote access
The internet based remote access enabled efficient support in case of problems, which can not be resolved by the customer himself. An internet based solution can cope with the growing data streams and features a secured, fast access and excellent stability if the customer provides a stable internet access. This solution does not have the limitations regarding band width and connection stability given by using an analog modem connection.
The control cabinets will be connected via Ethernet cables to a router with a VPN firewall in a centralized control room. All applicable control systems will be connected to this router. Alternatively routers can be used which will be installed in the control cabinets of the machines.
Concept and security
Using the internet as transport medium requires a well thought-out concept to maintain maximum security. In cooperating with a specialist for internet based remote access solutions Bucher built up the concept as described here below. In a support case the Bucher technicians and the router of the customer establish a VPN tunnel to the respective gateway each.
- Our technician builds up the tunnel upon request (only possible by manual initiation).
- The routers initiate the tunnel automatically as soon as they are powered and connected to the internet.
These gateways are directly linked, therefore granting safe traffic between technician and router at the customer’s site. Every router has a unique virtual IP address for identification.
It is only visible in the local area of the protected net (the net with the control system to be supported).
The routers use state-of-the-art security for data encryption of a specialized, worldwide active supplier of safe IT-solutions. Bucher uses a safe connection (SSL-VPN, single-password, token) to connect the support-gateway.
Every router on site is encrypted by IPsec and a unique certificate to ensure proper identification during build-up of the VPN tunnel to the gateway. Using a gateway allows Bucher to fully control the access permissions for remote access to the respective control units. The gateway concept also allows blocking any unsecured incoming traffic on the router on site.
Only an outgoing VPN tunnel is build-up!