Secure High-Availability Remote Access to Industrial Devices...WiFi operation in both Client and...
3
• The SiteManager™ itself and its moni- tored devices are all centrally managed and accessible from the GateManager server. • Built-in serial, USB and Ethernet access agents for most PLC, HMI and Servo vendors in the market, as well as agent templates for video, voice, PC and Scada systems (including optional support for Siemens PPI and MPI) • Built-in Setup Assistant for intuitive first time network setup. • Automatic discovery of Ethernet and USB devices for easy single click con- figuration • All configuration, firmware and feature upgrades are done remotely through an intuitive web GUI accessible locally or via the GateManager. • Firewall friendly communication,- uses standard web protocols, and only inside-out. • No requirement for public or fixed IP ad- dress. SiteManager is by default DHCP enabled. No need to re-configure the PLC with gateway address etc. • Can operate as carrier of alarms, email alerts etc. between devices and central logging servers over the Internet. • Built-in firewall, AES and x.509 cer- tificatesfor and security certified in accordance with leading standards methodologies specified by NIST, ISA/IEC, BSI and ISECOM. • User-configurable email alerts for status monitoring and configurable I/O ports for custom alarms. • 4G/3G/GPRS internet access via exter- nal USB adapter. • WiFi support via Integrated module or via external USB adapter, configurable for either Client mode (Internet access) or AP mode (devices access) • Automatic failover between Ethernet, WiFi and Broadband for uninterrupted internet access. • Includes Secomea EasyTunnel Client support for allowing easy enrollment in a standard VPN network. • LogTunnel support allowing static tunnel connetions to a central SCADA system, which operates concurrently with other services such as on-demand access and VPN. • Unique built-in trouble shooting func- tionality for automatic discovery of networking conflicts and configuration issues. Remote Management - SiteManager™ 1149 and 3349 Secure High-Availability Remote Access to Industrial Devices OPTIONAL SiteManager™ is an off-the-shelf component in the Secomea Industrial Communications Solution program that in combination with Secomea’s GateManager™ and LinkManager™ ensures unified, uninterrupted and secure access to remote devices. SiteManager™ is security certified according to the highest industry standards of the industry, performed by the independent security or- ganisation ProtectEM GmbH in Germany in close cooperation with the Deggendorf Institute of Technology. The SiteManager™ 1149 and 3349 are robust DIN mountable appliances that installs in the machine control panel, and provides remote access for on-demand servicing and programming of equipment, concurrently with static connections for monitoring and logging. The SiteManager™ 1149 and 3349 provide remote access to all types of industrial equipment via Ethernet,- Serial- or USB, using the equipment’s native protocols (e.g. Modbus, PROFINET, EtherCAT; EtherNet/IP etc.). The SiteManager™ 1149 and 3349 establish access to the Internet through the firewall of the existing wired network infrastructure, or wirelessly by the integrated WiFi option. Additionally the SiteManager supports Secomea LogTunnel in both Client and Master mode. LogTunnel allows you by drag’n’drop to establish a complete static infrastructure for linking a central SCADA system to remote devices independent of IP subnets, firewalls etc.
Transcript of Secure High-Availability Remote Access to Industrial Devices...WiFi operation in both Client and...
• TheSiteManager™itselfanditsmoni-toreddevicesareallcentrallymanagedandaccessiblefromtheGateManagerserver.
• Built-inserial,USBandEthernetaccessagentsformostPLC,HMIandServovendorsinthemarket,aswellasagenttemplatesforvideo,voice,PCandScadasystems(includingoptionalsupportforSiemensPPIandMPI)
• Built-inSetupAssistantforintuitivefirsttimenetworksetup.
• AutomaticdiscoveryofEthernetandUSBdevicesforeasysingleclickcon-figuration
• Allconfiguration,firmwareandfeatureupgradesaredoneremotelythroughanintuitivewebGUIaccessiblelocallyorviatheGateManager.
• Firewallfriendlycommunication,-usesstandardwebprotocols,andonlyinside-out.
• NorequirementforpublicorfixedIPad-dress.SiteManagerisbydefaultDHCPenabled.Noneedtore-configurethePLCwithgatewayaddressetc.
• Canoperateascarrierofalarms,emailalertsetc.betweendevicesandcentralloggingserversovertheInternet.
• Built-infirewall,AESandx.509cer-tificatesforandsecuritycertifiedinaccordancewithleadingstandardsmethodologiesspecifiedbyNIST,ISA/IEC,BSIandISECOM.
• User-configurableemailalertsforstatusmonitoringandconfigurableI/Oportsforcustomalarms.
• 4G/3G/GPRSinternetaccessviaexter-nalUSBadapter.
• WiFisupportviaIntegratedmoduleorviaexternalUSBadapter,configurableforeitherClientmode(Internetaccess)orAPmode(devicesaccess)
• AutomaticfailoverbetweenEthernet,WiFiandBroadbandforuninterruptedinternetaccess.
• IncludesSecomeaEasyTunnelClientsupportforallowingeasyenrollmentinastandardVPNnetwork.
• LogTunnelsupportallowingstatictunnelconnetionstoacentralSCADAsystem,whichoperatesconcurrentlywithotherservicessuchason-demandaccessandVPN.
• Uniquebuilt-introubleshootingfunc-tionalityforautomaticdiscoveryofnetworkingconflictsandconfigurationissues.
RemoteManagement-SiteManager™1149and3349
Secure High-AvailabilityRemote Access to IndustrialDevices
OPTIONAL
SiteManager™isanoff-the-shelfcomponentintheSecomeaIndustrialCommunicationsSolutionprogramthat incombinationwithSecomea’sGateManager™ and LinkManager™ ensures unified, uninterrupted andsecureaccesstoremotedevices.
SiteManager™ is security certified according to the highest industrystandardsof the industry,performedby the independentsecurityor-ganisation ProtectEM GmbH in Germany in close cooperation with theDeggendorfInstituteofTechnology.
TheSiteManager™ 1149and3349arerobustDINmountableappliancesthatinstallsinthemachinecontrolpanel,andprovidesremoteaccessforon-demandservicingandprogrammingofequipment,concurrentlywithstaticconnectionsformonitoringandlogging.
TheSiteManager™1149and3349provideremoteaccesstoalltypesofindustrialequipmentviaEthernet,-Serial-orUSB,usingtheequipment’snativeprotocols(e.g.Modbus,PROFINET,EtherCAT;EtherNet/IPetc.).
TheSiteManager™1149and3349establishaccesstotheInternetthroughthefirewalloftheexistingwirednetworkinfrastructure,orwirelesslybytheintegratedWiFioption.
AdditionallytheSiteManagersupportsSecomeaLogTunnelinbothClient
and Master mode. LogTunnel allows you by drag’n’drop to establish a
complete static infrastructure for linking a central SCADA system to
remotedevicesindependentofIPsubnets,firewallsetc.
PLC HMI PC Cam
GateManager™ Enabled GateManager™ enabled for easy, centralized configuration, backup,monitoringandaccessforremoteserviceandmaintenanceofSecomeaSiteManagerandindustrialdevices.TheGateManagerisavailablebothasahostedserviceandasastand-alonesoftwarepackage.
LinkManager™ Enabled The LinkManager is a one-step installation Windows application thatrunsonthesupportengineerPC.WorkingwithGateManager™itpro-videssecureon-demandaccess toremoteSerial, IPorUSBdevicesthroughtheSiteManagers.Onceconnected, itmakestheremotede-viceappeartothefieldengineerasiftheWindowsPCwasconnecteddirectlytothedevice.SowithLinkManager,anyremotedeviceisjustafewmouseclicksaway.
LinkManager™ Mobile Enabled The LinkManager Mobile is designed for accessing your devices viaatablet,mobilephoneorPCwithoutneeding installationofsoftware.LinkManagerMobileallowsaccesstodevicesusingWebbrowser,VNC/RDPRemoteDesktopclientsandselectediOSandAndroidRemoteHMIapps.
Static Device/Server Relays connections TheSiteManagerallowsStaticrelaystoaGateManagerenablingacen-tralserverorSCADAsystemtomonitordevicesreal-time,ortoallowdevicestopushstatusupdatesbacktothecentralserver.
Configurable Routing/Forwarding rules TheSiteManagercanbeconfiguredtoportforwardorrouteconnec-tionsbetweenitsUplinkandDevicenetworkports.ItcanevenbeusedassecureInternetrouterviaanintegratedWebproxy.
Optional EasyTunnel™ VPN supportTheSiteManagersupportstheuniqueSecomeaEasyTunnelVPNcon-cept. Enabling the included EasyTunnel Client in the SiteManager, willallowenrollmentinaVPNnetworkcontrolledbyaTrustGateconcen-trator.EasyTunnelworkslikeordinaryIPSecVPN,butwithouttheneedforjugglingcertificatesorkeys.SimplyentertheserialnumberoftheSiteManager,anditisinstantlyenrolledintheVPNnetwork.
State-of-the-Art SecurityTheSiteManagersolutionsareusingstate-of-the-artsecuritystand-ards. This includes a built-in stateful Inspection Firewall, authentica-tionsusingx.509digitalcertificateandencryptionusingthestrongAESstandardwithupto256-bit.TheentiresolutionisSecuritycertifiedac-cordingtothemostcurrentstandardsoftheindustry.
Firewall FriendlyTheend-usernetworksecurityisprioritynumber1.WiththeSiteMan-agerandthesecuritystandardthatthisincludes,it isimportantthatend-user do not need to compromise their own corporate securitystandards.Thereforeallcommunicationisencrypted,evenwhenusingport80fromtheinsideandout.
Local Access Management and loggingTheSiteManagerallowslocaladministeredaccessmanagementviaitsWebGUIordigitalports,inadditiontothecentraluseraccessmanage-ment.Ontopofthis,alluserconnectionsmadetotheSiteManageranditsconnecteddevicesareloggedcentrallyontheGateManager.
Drivers for any type deviceTheSiteManagerhasbuilt-inpreconfigureddrivers“agents”forremoteaccessinganytypeofdevicesuchasPLCs,HMis,IPCs,Robots,Servos,etc. Inaddition to this, it ispossible tocustomizeanagent forotherrequirements regardlessof it beingSerial, Ethernet,WiFi orUSBat-tached.
WiFi operation in both Client and Access Point modeTheSiteManager1149and3349featureabuilt-inWiFimodule,whichcanbeused foraccessing the Internetviaa localaccesspoint.Applyingan external USB adapter will allow operation as an access point forprovidingremoteaccesstoWiFiclientenableddevicesatthelocation.
4G/3G/GPRS Option with Wake-on-SMSTheSiteManager1149and3349featureanoptionalUSBportforattach-inga4G/3G/GPRSadapterforconnectingtotheInternet.Thisfeatureisusefulincaseswherenolocalinfrastructureexistsforconnectingtothe Internet. InadditiontheSiteManagersupportsaWake-on-SMSthatpreventconsumingdatatrafficchargeswheninidlemode.
Fail-over / Fail-back (Wired / Wireless)When enabling both the wired and wireless Uplink (WiFi or optionalbroadbandmodem),theSiteManagercanperformfail-overandthere-byensuremaximumuptime.Byprioritizingthewireduplink,theSite-Managerwillautomaticallyfail-backtothewiredconnection,thusre-ducingconsumptionofbroadbanddatacharges.
Flexible Alert notification systemAnySiteManagercanbeusedasgatewayforalertsgeneratedbylocaldevicesviaEthernet,Serialordigital input triggers,by theGateMan-agermonitoringstatusoftheSiteManagerandlocaldevices.AlertsareadministeredbythecentralGateManagerfromwheretheycanbesentasSMSorEmail.Inadditionallgeneratedalertarecentrallylogged.
RemoteManagement-SiteManager™1149and3349
Unique Specifications
Partnumbers Description
30102 SiteManager1149including5DeviceAgents
30103 SiteManager3349including25DeviceAgents
27250 SecomeaWiFiUSBadapterwithSMAadapter(foroperationasAccessPoint)
Doc rev. 2017-10-18
Electrical Characteristics
• 536MhzARMCortexA5CPU
• Input12-24V/DC,viascrewterminals
• NetworkInterfaces:2x10/100Mbit Ethernet(UPLINK,DEV1,)–RJ45connection
• 2xUSB2.0fullspeed(Host)
• 1xRS232DB9Serialportwithfullflowcontrol
• Powerconsumption:max3Wexcl.anyoptionalUSBdevice.s(Calculatewithatotalof8Wincl.USBdevices)
• 2xdigitalinputports
• 1xoutputrelay(max0,5A),1xdigitaloutputopendrain(max0,2A)
• Integrated2.4GHzWiFimoduleforCli-entmode,IEEE802.11b/g/n(APmoderequieresexternalWiFiUSBadapterinstalled)
• WiFiantennaconnector,RP-SMAFemale
Regulations
• CE,RCMCompliant
• FCC47cfrpart15,CANICES-3(A)/NMB-3(A)
• ULListed(file#E358541,ITE4ZP8),IECCBcertified(DK-30193-A2-UL)
• Japan:[R]209-J00061,[T]D160018007
Physical Charateristics
• Operatingtemperature:-25°-+60C°,5to95%RH
• Dimensions,unpacked:107(H)x32(W)x97(D)mm,500g
• DINmountbracket
• AluminiumChassis
• 2-yearsWarranty
Networking Capabilities
• ChoiceofUplink(WAN)Internetaccess:-Ethernet-WiFi-Optional3G/4G/GPRSUSBmodem
• ChoiceofUplinkIP-assignmentmode:DHCPclient,PPPoEclient,manual/static
• TelnettoSerialrouting(rfc2217).SiemensMPI/PPIissupportedviaanadapter
• DHCPserveronDeviceLANbyEthernetorasWiFiaccesspointviaexternalUSBadapter.
• USBportforremoteaccessingUSBena-bleddevices(directlyorviaUSBhub)
• SecomeaLogTunnelsupportforeasysetupofremoteSCADAlogginginfra-structure
• EasyTunnel™supportforenablingVPNviaSecomeaTrustGate
• SupportforremoteaccessbyanyUDP/TCPbasedprotocol
Monitoring and Logging Features
• SystemlogwithSystemWatchdog
• AutomaticeventloggingonGateMan-ager™
• AlertnotificationsgeneratedbySiteMan-agerorGateManagerandsentasemailorSMS
• Unique built-in trouble shooting function-ality for automatic discovery of network-ing conflicts and configuration issues.
Configuration and Management
• ApplianceLauncherforeasyinitialcon-tactandconnectiontoGateManager™
• ConfigurationandmaintenanceofSiteManager™viabrowser(HTTPS/SSL-localorremotefromGateManager™)
• IncludesaSetupAssistantWizardforguidedconfigurationviatheWebGUI
• Easyconfigurationwithpre-definedcon-figurationusingaUSBstick
• Configurationbackupmanagement(viaGateManager™)includingscheduledbackupandfasthardwarereplacement(coldbackup)
• Configurationexportandimport(XML)
• Pre-definedDeviceAgentsforeasysetupofaccesstoallPCs,webdevicesandallcommonPLCsandHMIs
• Unique device scanning feature for au-tomatic detection of IP and USB devices and configuration with a single click.
LED Signaling and I/Os
• 4LEDsforsignallingPower,Status,WiFistatusandLinkManagerconnection
• DigitalInputportforsiteoperatorcontrolofremoteaccess
• DigitalorRelayoutputforsignallingactiveLinkManagerconnections,andGateManagerconnectionstatus
• ConfigurabledigitalinputportforcustomEmail/SMSalerttriggering
• OutputportforcustomtogglingfromtheSiteManagerGUI
RemoteManagement-SiteManager™1149and3349
Technical Specifications
Secomea A/S - Denmark-www.secomea.com
