DHCP Server Set Up. DHCP Freeware ‘HaneWIN’ »Available from // This freeware DHCP allows.
Secure High-Availability Remote Access to Industrial...
3
• The SiteManager™ itself and its monitored devices are all centrally managed and ac- cessible from the GateManager server. • Built-in serial, USB and Ethernet access agents for most PLC, HMI and Servo vendors in the market, as well as agent templates for video, voice, PC and Scada systems (including support for Siemens PPI and MPI) • Firewall friendly communication,- uses standard web protocols, and only inside- out. • No requirement for public or fixed IP ad- dress. SiteManager is by default DHCP enabled. No need to re-configure the PLC with gateway address etc. • Can operate as carrier of alarms, email alerts etc. between devices and central logging servers over the Internet. • Built-in firewall, AES and x.509 certificates for maximum security • All configuration, firmware and feature upgrades are done remotely through an intuitive web GUI • User-configurable email alerts for status monitoring and configurable I/O ports for custom alarms. • Integrated WiFi for connecting to the Inter- net via a local Access Point. • Can operate as WiFi access point via external USB WiFi adapter (available from release 6.0, Q2 2015) • Optional Internet access via a standard 4G/3G/GPRS modem installed in the USB port (available from release 6.0, Q2 2015) • Includes the unique Secomea EasyTunnel Client feature for allowing easy enrollment in a VPN network. • Security certified in accordance with lead- ing standards methodologies specified by NIST, ISA/IEC, BSI and ISECOM. Remote Management - SiteManager™ 1149 and 3349 Secure High-Availability Remote Access to Industrial Devices SiteManager™ is an off-the-shelf component in the Secomea Industrial Communications Solution program that in combination with Secomea’s GateManager™ and LinkManager™ ensures unified, uninterrupted and secure access to remote devices. SiteManager™ is security certified according to the highest industry standards of the industry, performed by the independent security organisation ProtectEM GmbH in Germany in close cooperation with the Deggendorf Institute of Technology. The SiteManager™ 1149 and 3349 are robust DIN mountable appli- ances that installs in the machine control panel, and provides remote access for on-demand servicing and programming of equipment, concurrently with static connections for monitoring and logging. The SiteManager™ 1149 and 3349 provide remote access to all types of industrial equipment via Ethernet,- Serial- or USB, using the equip- ment’s native protocols (e.g. Modbus, PROFINET, EtherCAT; EtherNet/ IP etc.) The SiteManager™ 1149 and 3349 establish access to the Internet through the firewall of the existing wired network infrastructure, or wireless by the built-in WiFi option. Additionally the SiteManager features static VPN powered by the unique Secomea EasyTunnel™ concept.
Transcript of Secure High-Availability Remote Access to Industrial...
• TheSiteManager™itselfanditsmonitoreddevicesareallcentrallymanagedandac-cessiblefromtheGateManagerserver.
• Built-inserial,USBandEthernetaccessagentsformostPLC,HMIandServovendorsinthemarket,aswellasagenttemplatesforvideo,voice,PCandScadasystems(includingsupportforSiemensPPIandMPI)
• Firewallfriendlycommunication,-usesstandardwebprotocols,andonlyinside-out.
• NorequirementforpublicorfixedIPad-dress.SiteManagerisbydefaultDHCPenabled.Noneedtore-configurethePLCwithgatewayaddressetc.
• Canoperateascarrierofalarms,emailalertsetc.betweendevicesandcentralloggingserversovertheInternet.
• Built-infirewall,AESandx.509certificatesformaximumsecurity
• Allconfiguration,firmwareandfeatureupgradesaredoneremotelythroughanintuitivewebGUI
• User-configurableemailalertsforstatusmonitoringandconfigurableI/Oportsforcustomalarms.
• IntegratedWiFiforconnectingtotheInter-netviaalocalAccessPoint.
• CanoperateasWiFiaccesspointviaexternalUSBWiFiadapter(availablefromrelease6.0,Q22015)
• OptionalInternetaccessviaastandard4G/3G/GPRSmodeminstalledintheUSBport(availablefromrelease6.0,Q22015)
• IncludestheuniqueSecomeaEasyTunnelClientfeatureforallowingeasyenrollmentinaVPNnetwork.
• Securitycertifiedinaccordancewithlead-ingstandardsmethodologiesspecifiedbyNIST,ISA/IEC,BSIandISECOM.
RemoteManagement-SiteManager™1149and3349
Secure High-AvailabilityRemote Access to IndustrialDevices
SiteManager™ is an off-the-shelf component in the SecomeaIndustrial Communications Solution program that in combinationwith Secomea’s GateManager™ and LinkManager™ ensures unified,uninterruptedandsecureaccesstoremotedevices.
SiteManager™issecuritycertifiedaccordingtothehighestindustrystandards of the industry, performed by the independent securityorganisationProtectEMGmbHinGermanyinclosecooperationwiththeDeggendorfInstituteofTechnology.
The SiteManager™ 1149 and 3349 are robust DIN mountable appli-ancesthatinstallsinthemachinecontrolpanel,andprovidesremoteaccess for on-demand servicing and programming of equipment,concurrentlywithstaticconnectionsformonitoringandlogging.
TheSiteManager™1149and3349provideremoteaccesstoalltypesofindustrialequipmentviaEthernet,-Serial-orUSB,usingtheequip-ment’snativeprotocols(e.g.Modbus,PROFINET,EtherCAT;EtherNet/IPetc.)
The SiteManager™ 1149 and 3349 establish access to the Internetthrough the firewall of the existing wired network infrastructure,or wireless by the built-in WiFi option. Additionally the SiteManagerfeatures static VPN powered by the unique Secomea EasyTunnel™concept.
PLC HMI PC Cam
GateManager™ Enabled GateManager™ enabled for easy, centralized configuration, backup,monitoringandaccessforremoteserviceandmaintenanceofSecomeaSiteManagerandindustrialdevices.TheGateManagerisavailablebothasahostedserviceandasastand-alonesoftwarepackage.
LinkManager™ Enabled The LinkManager is a one-step installation Windows application thatrunsonthesupportengineerPC.WorkingwithGateManager™itpro-videssecureon-demandaccess toremoteSerial, IPorUSBdevicesthroughtheSiteManagers.Onceconnected, itmakestheremotede-viceappeartothefieldengineerasiftheWindowsPCwasconnecteddirectlytothedevice.SowithLinkManager,anyremotedeviceisjustafewmouseclicksaway.
LinkManager™ Mobile Enabled The LinkManager Mobile is designed for accessing your devices viaatablet,mobilephoneorPCwithoutneeding installationofsoftware.LinkManagerMobileallowsaccesstodevicesusingWebbrowser,VNC/RDPRemoteDesktopclientsandselectediOSandAndroidRemoteHMIapps.
Static Device/Server Relays connections TheSiteManagerallowsStaticrelaystoaGateManagerenablingacen-tralserverorSCADAsystemtomonitordevicesreal-time,ortoallowdevicestopushstatusupdatesbacktothecentralserver.
Configurable Routing/Forwarding rules TheSiteManagercanbeconfiguredtoportforwardorrouteconnec-tionsbetweenitsUplinkandDevicenetworkports.ItcanevenbeusedassecureInternetrouterviaanintegratedWebproxy.
Optional EasyTunnel™ VPN supportTheSiteManagersupportstheuniqueSecomeaEasyTunnelVPNcon-cept. Enabling the included EasyTunnel Client in the SiteManager, willallowenrollmentinaVPNnetworkcontrolledbyaTrustGateconcen-trator.EasyTunnelworkslikeordinaryIPSecVPN,butwithouttheneedforjugglingcertificatesorkeys.SimplyentertheserialnumberoftheSiteManager,anditisinstantlyenrolledintheVPNnetwork.
State-of-the-Art SecurityTheSiteManagersolutionsareusingstate-of-the-artsecuritystand-ards. This includes a built-in stateful Inspection Firewall, authentica-tionsusingx.509digitalcertificateandencryptionusingthestrongAESstandardwithupto256-bit.TheentiresolutionisSecuritycertifiedac-cordingtothemostcurrentstandardsoftheindustry.
Firewall FriendlyTheend-usernetworksecurityisprioritynumber1.WiththeSiteMan-agerandthesecuritystandardthatthisincludes,it isimportantthatend-user do not need to compromise their own corporate securitystandards.Thereforeallcommunicationisencrypted,evenwhenusingport80fromtheinsideandout.
Local Access Management and loggingTheSiteManagerallowslocaladministeredaccessmanagementviaitsWebGUIordigitalports,inadditiontothecentraluseraccessmanage-ment.Ontopofthis,alluserconnectionsmadetotheSiteManageranditsconnecteddevicesareloggedcentrallyontheGateManager.
Drivers for any type deviceTheSiteManagerhasbuilt-inpreconfigureddrivers“agents”forremoteaccessinganytypeofdevicesuchasPLCs,HMis,IPCs,Robots,Servos,etc. Inaddition to this, it ispossible tocustomizeanagent forotherrequirements regardlessof it beingSerial, Ethernet,WiFi orUSBat-tached.
WiFi operation in both Client and Access Point modeTheSiteManager1149and3349featureabuilt-inWiFimodule,whichcanbeused foraccessing the Internetviaa localaccesspoint.Applyingan external USB adapter will allow operation as an access point forprovidingremoteaccesstoWiFiclientenableddevicesatthelocation.
4G/3G/GPRS Option with Wake-on-SMS(NOTE: available from release6.0,Q22015) TheSiteManager 1149and3349featureanoptionalUSBportforattachinga4G/3G/GPRSadapterforconnectingtotheInternet.ThisfeatureisusefulincaseswherenolocalinfrastructureexistsforconnectingtotheInternet.InadditiontheSiteManager supports a Wake-on-SMS that prevent consuming datatrafficchargeswheninidlemode.
Fail-over / Fail-back (Wired / Broadband)(NOTE:availablefromrelease6.0,Q22015).ByconnectingthewiredUp-linkandanoptional4G/3G/GRPSUplink,theSiteManagercanperformfail-overandtherebyensuremaximumuptime.Byprioritizingthewireduplink, theSiteManagerwill automatically fail-back to thewiredcon-nection,thusreducingconsumptionof4G/3G/GPRSdatacharges.
Flexible Alert notification systemTheSiteManagercanbeusedasgatewayforalertsgeneratedbylocaldevicesviaEthernet,Serialordigital input triggers,by theGateMan-agermonitoringstatusoftheSiteManagerandlocaldevices.AlertsareadministeredbythecentralGateManagerfromwheretheycanbesentasSMSorEmail.Inadditionallgeneratedalertarecentrallylogged.
RemoteManagement-SiteManager™3129
Secure High-Availability Remote Access to Industrial Devices
RemoteManagement-SiteManager™1149and3349
Unique Specifications
Secomea A/S
Denmark
E-mail: [email protected]
www.secomea.com
Partnumbers Description
30102 SiteManager1149including5DeviceAgents
30103 SiteManager3349including25DeviceAgents
27101 SecomeaWiFiUSBadapterforoperationasAccessPoint(supportedfromfirmwarerelease6.0,availableQ2,2015)
27250 SecomeaWiFiUSBadapterwithSMAadapter(foroperationasAccessPoint)
26878 GateManagersettingspreconfigured
26940 MPI/PPIadapter(Ethernet)
Doc rev. 2015-03-20
Electrical Characteristics
• 536MhzARMCortexA5CPU
• Input12-24V/DC,viascrewterminals.
• NetworkInterfaces:2x10/100Mbit Ethernet(UPLINK,DEV1,)–RJ45connection
• 2xUSB2.0fullspeed(Host)
• 1xRS232DB9Serialportwithfullflowcontrol
• Powerconsumption:5W(dimensionpowersupplyto8Wpeak)
• 2xdigitalinputports
• 1xoutputrelay(max0,5A),1xdigitaloutputopendrain(max0,2A)
• Integrated2.4GHzWiFimoduleforClientmode,IEEE802.11b/g/n(Supportforupto8concurrentclients)
• WiFiantennaconnector,RP-SMAFemale
Regulations
• FCCClassA,CE
• EN55022ClassA
• EN55024
• EN61000-3-2,3
• EN61000-4-2,3,4,5,6,8,11
• IEC60950
• C-TickN29451
• ULListed(file#E358541)
Physical Charateristics
• Operatingtemperature:-25°-+60C°,5to95%RH
• Dimensions,unpacked:107(H)x32(W)x97(D)mm,500g
• DINmountbracket.
• AluminiumChassis
• 2-yearsWarranty
Networking Capabilities
• ChoiceofUplink(WAN)Internetaccess:-Ethernet,-WiFi-Optional3G/4G/GPRSUSBmodem(Availablefromrel6.0,Q22015)
• ChoiceofUplinkIP-assignmentmode:DHCPclient,PPPoEclient,manual/static
• TelnettoSerialrouting(rfc2217).SiemensMPI/PPIissupportedviaanadapter
• DHCPserveronDeviceLANbyEthernetorasaccesspointviaexternalWiFiUSBadapter(availablefromrelease6.0)
• USBportforremoteaccessingUSBena-bleddevices(directlyorviaUSBhub)
• EasyTunnel™supportforenablingVPNviaSecomeaTrustGate
• SupportforremoteaccessbyanyUDP/TCPbasedprotocol
Monitoring and Logging Features
• SystemlogwithSystemWatchdog
• AutomaticeventloggingonGateMan-ager™
• AlertnotificationsgeneratedbySiteMan-agerorGateManagerandsentasemailorSMS
Configuration and Management
• ApplianceLauncherforeasyinitialcon-tactandconnectiontoGateManager™
• ConfigurationandmaintenanceofSiteManager™viabrowser(HTTPS/SSL-localorremotefromGateManager™)
• IncludesaSetupAssistantWizardforguidedconfigurationviatheWebGUI
• Easyconfigurationwithpre-definedcon-figurationusingaUSBstick
• Configurationbackupmanagement(viaGateManager™)includingscheduledbackupandfasthardwarereplacement(coldbackup)
• Configurationexportandimport(XML)
• Pre-definedDeviceAgentsforeasysetupofaccesstoallPCs,webdevicesandallcommonPLCsandHMIs.
LED Signaling and I/Os
• 4LEDsforsignallingPower,Status,WiFistatusandLinkManagerconnection.
• DigitalInputportforsiteoperatorcontrolofremoteaccess
• DigitalorRelayoutputforsignallingactiveLinkManagerconnections,andGateManagerconnectionstatus.
• ConfigurabledigitalinputportforcustomEmail/SMSalerttriggering
• OutputportforcustomtogglingfromtheSiteManagerGUI
RemoteManagement-SiteManager™1149and3349
Technical Specifications
