Remote access solutions for OT environments are purchased either by plant operators, who usually use a variety of suppliers for control systems and machines in their plants, or by manufacturers of industrial automation technology and machine builders. Of course, there are conflicts of interest here: machine builders would prefer all their customers to use the same solution, while plant operators only want to use one solution for all types of machines and devices.
Which requirements which are not exactly obvious could be relevant?
- Are connections always established from the plant?
- Are public IP addresses of security routers required or can the existing network architecture of the plant operators (zones/channels) be taken into account?
- Does the solution allow transparent access to machines regardless of industry protocols or which protocols can be used at all?
- Can technicians use a browser, or do they have to install a special client?
- What use cases exist? E.g.:
- Internal service technicians using an IDE on their laptop to make changes on a PLC.
- External service technicians updating parameters, e.g. via a proprietary system or GUI of the machine/component.
- Upload and optimization of process data in the cloud.
- What workflows are required for role-based access? E.g.:
- Can a central service team grant access rights to external technicians when requested by the local plants?
- Can access rights be granted for individual machines or components, even if there are several machines from the same supplier in the plant?
- Can a local employee at the machine allow and terminate the connection, e.g. for security reasons? If so, does the local employee know that a remote connection is in place?
- Is the solution compliant with the ICS components in use as well as the CMDB inventory and existing ITSM tools?
- What information is monitored and tracked? Are warnings possible, and what search functions are available for log data?
- Considering a proof-of-value phase and a clear test plan for the practical comparison of 2 to 3 solutions – e.g., how easy is it to configure the remote access solution? How easy can local employees configure and use the remote access solution?
Who are the typical providers?
The field is wide; vendors include Siemens, Rockwell, Phoenix Contact, Claroty, Ixon, HMS/EWON, InUse and many more.
What are the typical costs that should be budgeted?
The range of prices offered is wide. However, this also means that there is significant potential for savings, depending on the specified requirements.
Some providers charge only one-time costs for software and hardware, which amount to EUR 1,000 to 2,000 for central access and use of the central web portal. Other providers charge annual license fees of the same amount. The total cost difference can quickly reach six figures for a large manufacturer.
Please remember: This article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.
