Secure High-Availability Remote Access to Industrial … · WCDM/UMTS: 850/900/1900/2100 MHz...
Transcript of Secure High-Availability Remote Access to Industrial … · WCDM/UMTS: 850/900/1900/2100 MHz...
• TheSiteManager™itselfanditsmoni-toreddevicesareallcentrallymanagedandaccessiblefromtheGateManagerserver.
• Built-inserial,USBandEthernetaccessagentsformostPLC,HMIandServovendorsinthemarket,aswellasagenttemplatesforvideo,voice,PCandScadasystems(includingoptionalsupportforSiemensPPIandMPI)
• Built-inSetupAssistantforintuitivefirsttimenetworksetup.
• AutomaticdiscoveryofEthernetandUSBdevicesforeasysingleclickcon-figuration
• Allconfiguration,firmwareandfeatureupgradesaredoneremotelythroughanintuitivewebGUIaccessiblelocallyorviatheGateManager.
• Firewallfriendlycommunication,-usesstandardwebprotocols,andonlyinside-out.
• NorequirementforpublicorfixedIPaddress.SiteManagerisbydefaultDHCPenabled.Noneedtore-configurethePLCwithgatewayaddressetc.
• Canoperateascarrierofalarms,emailalertsetc.betweendevicesandcentralloggingserversovertheInternet.
• Built-infirewall,AESandx.509cer-tificatesforandsecuritycertifiedinaccordancewithleadingstandardsmethodologiesspecifiedbyNIST,ISA/IEC,BSIandISECOM.
• User-configurableemailalertsforstatusmonitoringandconfigurableI/Oportsforcustomalarms.
• 3G/GPRSinternetaccessviaintegratedmodule
• WiFisupportviaexternalUSBadapter,configurableforeitherClientmode(Internetaccess)orAPmode(devicesaccess)
• AutomaticfailoverbetweenEthernet,WiFiandBroadbandforuninterruptedinternetaccess.
• IncludesSecomeaEasyTunnelClientsupportforallowingeasyenrollmentinastandardVPNnetwork.
• LogTunnelsupportallowingstatictunnelconnetionstoacentralSCADAsystem,whichoperatesconcurrentlywithotherservicessuchason-demandaccessandVPN.
• Uniquebuilt-introubleshootingfunction-alityforautomaticdiscoveryofnetwork-ingconflictsandconfigurationissues.
RemoteManagement-SiteManager™1139and3339
Secure High-AvailabilityRemote Access toIndustrialDevices
OPTIONAL
SiteManager™isanoff-the-shelfcomponentintheSecomeaIndustrialCommunicationsSolutionprogramthat incombinationwithSecomea’sGateManager™ and LinkManager™ ensures unified, uninterrupted andsecureaccesstoremotedevices.
SiteManager™ is security certified according to the highest industrystandardsof the industry,performedby the independentsecurityor-ganisation ProtectEM GmbH in Germany in close cooperation with theDeggendorfInstituteofTechnology.
TheSiteManager™ 1139and3339arerobustDINmountableappliancesthatinstallsinthemachinecontrolpanel,andprovidesremoteaccessforon-demandservicingandprogrammingofequipment,concurrentlywithstaticconnectionsformonitoringandlogging.
TheSiteManager™1139and3339provideremoteaccesstoalltypesofindustrialequipmentviaEthernet,-Serial-orUSB,usingtheequipment’snativeprotocols(e.g.Modbus,PROFINET,EtherCAT;EtherNet/IPetc.)
TheSiteManager™1139and3339establishaccesstotheInternetthroughthefirewalloftheexistingwirednetworkinfrastructure,orwirelesslybytheintegrated3G/GPRSmodem.
AdditionallytheSiteManagersupportsSecomeaLogTunnelinbothClientand Master mode. LogTunnel allows you by drag’n’drop to establish acomplete static infrastructure for linking a central SCADA system toremotedevicesindependentofIPsubnets,firewallsetc.
PLC HMI PC Cam
GateManager™ Enabled GateManager™ enabled for easy, centralized configuration, backup,monitoringandaccessforremoteserviceandmaintenanceofSecomeaSiteManagerandindustrialdevices.TheGateManagerisavailablebothasahostedserviceandasastand-alonesoftwarepackage.
LinkManager™ Enabled The LinkManager is a one-step installation Windows application thatrunsonthesupportengineerPC.WorkingwithGateManager™itpro-videssecureon-demandaccess toremoteSerial, IPorUSBdevicesthroughtheSiteManagers.Onceconnected, itmakestheremotede-viceappeartothefieldengineerasiftheWindowsPCwasconnecteddirectlytothedevice.SowithLinkManager,anyremotedeviceisjustafewmouseclicksaway.
LinkManager™ Mobile Enabled The LinkManager Mobile is designed for accessing your devices viaatablet,mobilephoneorPCwithoutneeding installationofsoftware.LinkManagerMobileallowsaccesstodevicesusingWebbrowser,VNC/RDPRemoteDesktopclientsandselectediOSandAndroidRemoteHMIapps.
Static Device/Server Relays connections TheSiteManagerallowsStaticrelaystoaGateManagerenablingacen-tralserverorSCADAsystemtomonitordevicesreal-time,ortoallowdevicestopushstatusupdatesbacktothecentralserver.
Configurable Routing/Forwarding rules TheSiteManagercanbeconfiguredtoportforwardorrouteconnec-tionsbetweenitsUplinkandDevicenetworkports.ItcanevenbeusedassecureInternetrouterviaanintegratedWebproxy.
Optional EasyTunnel™ VPN supportTheSiteManagersupportstheuniqueSecomeaEasyTunnelVPNcon-cept. Enabling the included EasyTunnel Client in the SiteManager, willallowenrollmentinaVPNnetworkcontrolledbyaTrustGateconcen-trator.EasyTunnelworkslikeordinaryIPSecVPN,butwithouttheneedforjugglingcertificatesorkeys.SimplyentertheserialnumberoftheSiteManager,anditisinstantlyenrolledintheVPNnetwork.
State-of-the-Art SecurityTheSiteManagersolutionsareusingstate-of-the-artsecuritystand-ards. This includes a built-in stateful Inspection Firewall, authentica-tionsusingx.509digitalcertificateandencryptionusingthestrongAESstandardwithupto256-bit.TheentiresolutionisSecuritycertifiedac-cordingtothemostcurrentstandardsoftheindustry.
Firewall FriendlyTheend-usernetworksecurityisprioritynumber1.WiththeSiteMan-agerandthesecuritystandardthatthisincludes,it isimportantthatend-user do not need to compromise their own corporate securitystandards.Thereforeallcommunicationisencrypted,evenwhenusingport80fromtheinsideandout.
Local Access Management and loggingTheSiteManagerallowslocaladministeredaccessmanagementviaitsWebGUIordigitalports,inadditiontothecentraluseraccessmanage-ment.Ontopofthis,alluserconnectionsmadetotheSiteManageranditsconnecteddevicesareloggedcentrallyontheGateManager.
Drivers for any type deviceTheSiteManagerhasbuilt-inpreconfigureddrivers“agents”forremoteaccessinganytypeofdevicesuchasPLCs,HMis,IPCs,Robots,Servos,etc. Inaddition to this, it ispossible tocustomizeanagent forotherrequirements regardlessof it beingSerial, Ethernet,WiFi orUSBat-tached.
WiFi operation in both Client and Access Point modeApplyingtheSecomeaUSBWiFiadaptertotheSiteManagerwillauto-maticallyenableWiFiClientmode,andtheSiteManagerwillbeabletoaccesstheInternetviaalocalaccesspoint.OptionallytheWiFimodulecanbeconfiguredasAccessPointforprovidingremoteaccesstoWiFiclientenableddevicesatthelocation
3G/GPRS Wake-on-SMSWhenconnectedviabroadbandtheSiteManagercanbeconfiguredtoentersleepmode,topreventconsumingdatatrafficchargeswhenidle.SimplysendanSMStotheSiteManageranditwillbeinstantlyavailable.
Fail-over / Fail-back (Wired / Wireless)WhenenablingboththewiredandWirelessUplink(broadbandorop-tionalWiFi),theSiteManagercanperformfail-overandtherebyensuremaximumuptime.Byprioritizingthewireduplink,theSiteManagerwillautomatically fail-back to the wired connection, thus reducing con-sumptionofbroadbanddatacharges.
Flexible Alert notification systemAnySiteManagercanbeusedasgatewayforalertsgeneratedbylocaldevicesviaEthernet,Serialordigitalinputtriggers,orbytheGateMan-agermonitoringstatusoftheSiteManagerandlocaldevices.AlertsareadministeredbythecentralGateManagerfromwheretheycanbesentasSMSorEmail.Inadditionallgeneratedalertarecentrallylogged.
True SMS Gateway - via Serial and EthernetTheserialportofSiteManager1139and3339operatesasatrueSMSmodem via the AT command set, and supports both outgoing SMSesgenerated e.g. by a PLC, as well as incoming SMS queing that a PLCcanscanfor.AdditionallytheEthernetportsupportstheSMSsyntaxtypicallyused inSiemensandCoDeSyscodeblocksforsendingSMSmessagesfromaPLC.
RemoteManagement-SiteManager™1139and3339
Unique Specifications
Partnumbers Description
30211 SiteManager1139including5DeviceAgents
30212 SiteManager3339including25DeviceAgents
27250 SecomeaWiFiUSBadapterwithSMAadapterforoperationwithWiFi
Doc rev. 2017-10-18
Electrical Characteristics
• 536MhzARMCortexA5CPU
• Input12-24V/DC,viascrewterminals.
• NetworkInterfaces:2x10/100Mbit Ethernet(UPLINK,DEV1,)–RJ45connection
• 2xUSB2.0fullspeed(Host)
• 1xRS232DB9Serialportwithfullflowcontrol
• Powerconsumption:max5Wexcl.anyoptionalUSBdevice.s(Calculatewithatotalof8Wincl.USBdevices)
• 2xdigitalinputports
• 1xoutputrelay(max0,5A),1xdigitalout-putopendrain(max0,2A)
• IntegratedquadbandHSPA+broadbandmodemsupportingthefrequencies:WCDM/UMTS:850/900/1900/2100MHzEDGE/GPRS:850/900/1800/1900MHz
• 3G/GPRSstandardpolarityfemaleSMAconnector.
Regulations
• CE,RCMCompliant
• FCC47cfrpart15,CANICES-3(A)/NMB-3(A)
• ULListed(file#E358541,ITE4ZP8),IECCBcertified(DK-30193-A2-UL)
Physical Charateristics
• Operatingtemperature:-25°-+55C°,5to95%RH
• Dimensions,unpacked:107(H)x32(W)x97(D)mm,500g
• DINmountbracket.
• AluminiumChassis
• 2-yearsWarranty
Networking Capabilities
• ChoiceofUplink(WAN)Internetaccess:-Ethernet,-WiFi(IEEE802.11b/g/n)viaUSBAdapter-3G/GPRS
• ChoiceofUplinkIP-assignmentmode:DHCPclient,PPPoEclient,manual/static
• TelnettoSerialrouting(rfc2217).SiemensMPI/PPIissupportedviaanadapter
• DHCPserveronDeviceLANbyEthernetorasaccesspointviaexternalWiFiUSBadapter.
• USBportforremoteaccessingUSBena-bleddevices(directlyorviaUSBhub)
• SecomeaLogTunnelsupportforeasysetupofremoteSCADAlogginginfra-structure
• EasyTunnel™supportforenablingVPNviaSecomeaTrustGate
• SupportforremoteaccessbyanyUDP/TCPbasedprotocol
Monitoring and Logging Features
• SystemlogwithSystemWatchdog
• AutomaticeventloggingonGateMan-ager™
• AlertnotificationsgeneratedbySiteMan-agerorGateManagerandsentasemailorSMSlocallyorcentralizedfromtheGateManager
• Bi-directionalSMSGatewaysupportviaSerialATcommandsandUDP/TCPscriptcommands
• Unique built-in trouble shooting function-ality for automatic discovery of network-ing conflicts and configuration issues.
Configuration and Management
• ApplianceLauncherforeasyinitialcon-tactandconnectiontoGateManager™
• ConfigurationandmaintenanceofSiteManager™viabrowser(HTTPS/SSL-localorremotefromGateManager™)
• IncludesaSetupAssistantWizardforguidedconfigurationviatheWebGUI
• Easyconfigurationwithpre-definedconfigurationusingaUSBstick
• Configurationbackupmanagement(viaGateManager™)includingscheduledbackupandfasthardwarereplacement(coldbackup)
• Configurationexportandimport(XML)
• Pre-definedDeviceAgentsforeasysetupofaccesstoallPCs,webdevicesandallcommonPLCsandHMIs.
• Unique device scanning feature for au-tomatic detection of IP and USB devices and configuration with a single click.
LED Signaling and I/Os
• 4LEDsforsignallingPower,Status,3G/GPRSstatusandLinkManagerconnection.
• DigitalInputportforsiteoperatorcontrolofremoteaccess
• DigitalorRelayoutputforsignallingactiveLinkManagerconnections,andGateMan-agerconnectionstatus.
• ConfigurabledigitalinputportforcustomEmail/SMSalerttriggering
• OutputportforcustomtogglingfromtheSiteManagerGUI
RemoteManagement-SiteManager™1139and3339
Technical Specifications
Secomea A/S - Denmark-www.secomea.com