Remote access

Routers for telecontrol and remote access

Remote access service based on INSYS icom routers

Instead of sending out a technician in response to every fault message to check the situation on site, remote maintenance enables a quick and efficient response to alarms and intervention in the event of a breakdown. As a result, personnel can be deployed more efficiently, while shorter downtimes improve OEE (overall equipment effectiveness).

Such applications place severe demands on modern routers: reliability, security and fault tolerance take top priority. However, flexibility in the choice of communication channels and support for data processing and transmission are also essential.

Remote maintenance routers from INSYS icom meet all these requirements – and they can do even more: using pre-installed assistants and integrated apps they simplify the use of complex functions and numerous options. In this way manufacturers of plant and machinery can implement innovative service models, while users benefit from higher efficiency and functional diversity in condition monitoring and remote access. Our experts will be happy to advise you!

Please also have a look to the following topic:

Did we catch your interest?

Then please get in touch with us. Our experts will contact you as soon as possible and will be happy to advise you.

Cost efficiency and higher productivity

Remote access helps to reduce maintenance cost

The major advantage of remote maintenance and telecontrol technology is the cost saving factor. Configuration, updates and maintenance – in the case of plant and machinery located at a distance each of these activities involves travel on the part of a technician. This includes travel costs and travelling time and – in the event of a malfunction – the damage from an unscheduled shutdown has to be added.
By enabling condition monitoring and remote access, remote maintenance routers greatly reduce personnel costs and downtimes. The investment cost of remote monitoring and control facilities is recouped after only a very short time.

Reach the break-even point faster

In Germany, without remote maintenance and remote access the cost of sending out a technician quickly adds up to 500 euros even without an overnight stay. Abroad it can cost more than 1,500 euros. With an assumed investment of 500 euros for a simple remote maintenance solution and additional telecommunications and energy costs, you have reached the break-even point as early as the second deployment.

Favourable total cost of ownership (TCO)

An analysis of the TCO takes into account the overall cost of procurement, operations and disposal. As a rule, the operating costs are many times higher than the purchase and disposal costs of the hardware. This is because, in addition to electricity and repair costs, operating expenditure includes above all personnel costs: the time required for installation and maintenance is the most important factor here. In the case of installations located at a distance, the longer absence of technicians must be taken into account.

In the event of a malfunction, the costs incurred are calculated on the basis of the time taken to rectify the fault and put a system back into operation. The costs here include factors such as water damage caused by the failure of pumping systems, as well as lost profits in the event of production downtime.

A faster response via remote access can therefore reduce the cost risk enormously. If an on-site visit is necessary after all, the problem can often first be identified remotely so that the technician already knows what spare parts may be needed and multiple trips are avoided. These positive effects of remote control operations also have to be taken into account when the TCO is calculated.

Optimised processes and higher-value services

If a plant is not only prepared for remote maintenance but becomes part of an IIoT (Industrial Internet of Things) solution via a retrofit, this opens up remote access to extensive data sources and their data. The improved data situation of an IIoT-capable installation enables the operator and service providers to obtain further benefits, for example from higher-value services such as predictive maintenance and continuity service offers, or benchmarking of energy and cost efficiency, which can reveal the potential for process improvement and therefore contributes to the optimisation of the installation.

Remote access as a source of revenue

Remote Access can drive revenue

It’s a fact that teleservice and remote maintenance alone offer the opportunity for enormous increases in efficiency. But continuous condition monitoring and telecontrol technology can also be used to integrate remote systems and devices into an (industrial) Internet of Things (IoT/IIoT). This enables additional value to be generated, for example through data-based process optimisation. For machine manufacturers and service providers in industry, remote customer service offers attractive business opportunities.

Business models for Industry 4.0

Within the scope of Industry 4.0, new business models such as pay per use are also being tested. Here the customer no longer buys the device or machine, but pays according to the amount of use. In return, the manufacturer undertakes to guarantee availability at a certain level by means of a service level agreement (SLA). In its pay-per-use model, for example, a compressor manufacturer charges for the amount of compressed air used and guarantees less than nine hours of downtime per year.

This is made possible by continuous condition monitoring, which includes monitoring of the processes as well as the hardware. The manufacturer can monitor the condition of its equipment via a router and, by means of condition monitoring, avoid impending breakdowns. The process data also indicates the quantity of compressed air called off, which is then invoiced.

In addition, the available data provides the opportunity to contribute to the customer’s process and cost optimisation. If, for example, the capacity limit of the compressor is regularly fully utilised, the supplier should offer a capacity expansion to create reserves before production defects occur. Conversely, if the demand is too low it may be appropriate to switch to a smaller model that requires less energy and thus generates lower costs.

Innovative service models

Remote access using modern remote maintenance routers offers many more possibilities than just installing updates or reacting to current problems. Service providers and manufacturers can, for example, offer their customers continuous condition monitoring (remote monitoring) to detect changes at an early stage and eliminate the causes. This allows critical situations to be avoided before they actually occur. For example, the increasing power consumption of a drive at a constant load indicates that the motor will fail in the near future and cause an unforeseen standstill. The service provider can now plan a maintenance appointment in good time and procure the required replacement device.

The service technician can also support the user on site as an external expert via teleservice – for example if additional know-how is required during the commissioning of a system.

Industrial routers as part of a ecosystem

According to the VDMA, 85 percent of existing industrial installations have not yet been networked. This means that they offer neither the possibility of simple condition monitoring nor of higher-value services that can be provided by machine manufacturers as external services, for example.

This shortcoming can be remedied in the course of modernisation investments. In 2017 alone German SMEs invested 15 billion euros in digitalisation, and the trend is still rising. Worldwide sales for a retrofit that makes systems IoT-capable are expected to rise to 45 billion dollars by 2021. According to estimates by the association, on average investments in telecontrol technology and remote access pay for themselves within 18 months. According to the estimates of Germany’s Federation of Engineering Companies (VDMA), appropriately equipped systems can be operated on average for five to ten years longer.

Security & reliability

Secure and reliable remote access

From the perspective of cyber security, public networks such as the Internet and mobile phone networks are generally regarded as insecure. Accordingly, remote access via such channels must be specially secured. Routers from INSYS icom support the use of VPN services and work with user authentication and strong security certificates to prevent unauthorised intrusion.

However, users also need to be sure that the remote routers can be reached at all times. The reliability of the connection is therefore essential for security. If the connection breaks down and can no longer be established, the fault must be rectified on site – with correspondingly high personnel and travel costs.

Our own VPN service: “icom Connectivity Suite – VPN”

A virtual private network (VPN) creates a secure tunnel through potentially insecure networks. A variety of security methods can be used, depending on the requirements of the existing network topologies and the needs of the user:


  • Configuration as an OpenVPN server or OpenVPN client
  • Routers act as virtual network cards
  • Data traffic is encrypted

IPsec (Internet Protocol Security):

  • Connection of two subnetworks
  • Seamless connection via a secure tunnel

GRE (Generic Routing Encapsulation):

  • Virtual address space for the connected network
  • Uniform address space to the outside
  • Unchanged, unencrypted data packages

DMVPN (Dynamic Multipoint Virtual Private Network):

  • A combination of IPSec and GRE
  • Ideal for star-shaped networks (hub and spoke)
  • Configuration as spokes possible
  • Reliable communication with the central hub

With the “icom Connectivity Suite – VPN”, INSYS icom supplements its remote maintenance routers and gateways with a secure, powerful communication service which can be used worldwide. With the help of this managed service, the OpenVPN-capable routers of INSYS icom are securely networked with each other. A quick start wizard simplifies the launch, and the often troublesome administration and transfer of certificates is performed automatically in the background.

Due to the intuitive, web-based user interface, the further options of the service can be conveniently configured. Scalability and high availability characterise the service, which addresses different needs: the VPN Flex version is ideal for small and medium-sized applications, while the VPN Enterprise version is available for larger solutions.

Norms and standards for secure remote maintenance

The use of remote maintenance and remote monitoring is always a potential source of danger, because it creates an interface that is potentially vulnerable. This makes it all the more important to put security first when designing the network and communication channels. “Security by design” is the consistent recommendation of cybersecurity experts that should be carefully considered.
Help for this can be found in abundance. Among other things, the IEC 62443 standard, which deals with IT security for industrial networks and systems, should be mentioned here, as well as ISO 27000 ff. which describes general standards for information security. Further best practice descriptions are provided in the handouts of various associations such as VDI/VDE Guideline 2182, the NAMUR (Standards Working Group for Measurement and Control Technology in the Chemical Industry) Worksheet 115 or the joint white paper on requirements for safe control and telecommunication systems published by BDEW (Federal Association of the Energy and Water Industry) and Oesterreichs Energie.
In case of doubt, you should look for partners who combine special expertise in cybersecurity and network technology. INSYS icom cooperates with various software producers and service providers in these fields. We also offer you the opportunity to network with IT system houses from the INSYS icom ecosystem and find experienced project partners.

Redundant WAN communication via DSL, Fiber & 4G

The connection channels should therefore be designed with redundancy. Routers from INSYS icom offer various interfaces for remote communication: including Fiber, ADSL / VDSL or mobile radio communication. In addition, the remote maintenance routers offer functions for the automated establishment of connections. The user can set which channels should be used first and which alternatives should be checked if the preferred service is not available.

Those who have connected their remote maintenance via 2G radio technology GSM (GPRS, Edge) or via third-generation mobile communications (UMTS, HSDPA, HSPA) should upgrade to the latest technology at an early stage. In Germany 3G technology will be partially switched off at the end of 2021 and will probably be finally shut down one year later, while in other countries 2G is already being phased out. Current mobile phone connections are based on 4G (LTE), and routers from INSYS icom with an LTE interface can also be upgraded to the new 5G protocol, which (where available) promises faster data transmission and lower latency times.

Device management included: icom Router Management (iRM)

To monitor the functionality of remote systems and enable updates and maintenance via remote access, INSYS icom has created its own cloud-based managed service, which is exclusively designed for its own remote maintenance routers. By means of iRM, recurring tasks such as condition monitoring and remote services can be automated, and updates can be easily distributed to a large number of devices. The fast detection of security-relevant events opens up the opportunity to react to malfunctions at short notice. And last but not least, comprehensive asset management is also integrated.

Security is guaranteed by a dedicated encrypted communication channel, which does not require an additional VPN. In addition, the cloud environment in which iRM runs is ISO-27001 certified.

A hardened operating system – “Made in Germany”

All INSYS icom routers run on a specially developed and maintained operating system. icom OS operates on a hardened Linux basis which is optimised for stability and reliability. This operating system, too, is compatible with the most usual standards and IT security requirements, for example those of ISO 27001, ISMS, BSI, EnWG §11 Section 1a and the BDWE white paper.

A further advantage: INSYS icom brand routers are developed and manufactured in Germany. This applies to both the software and the hardware. In this way you can be sure that you are acquiring a product that is 100% tested and contains no backdoors

A flexible range of applications for remote access routers

A range of apps makes remote access flexible

An essential factor for the automation of factories, buildings and machinery is the smooth communication between the control system, devices and machines. Initially limited to local, closed networks, cross-location access options via routers have quickly established themselves.

All requirements covered

Originally, remote maintenance was understood to mean all service and maintenance work carried out on IT systems, networks and industrial facilities without a technician being on site. Since then more and more remote access applications are being included, such as remote diagnosis, condition monitoring or asset management in the Industrial Internet of Things (IIoT). Remote maintenance 4.0 is no longer just about avoiding and correcting problems. Instead it stands for a whole range of flexible applications and innovative services that are created remotely by means of mobile data communication and the processing of sensor, condition and process data.

A remote maintenance solution essentially consists of three elements:

Originally, remote maintenance was understood to mean all service and maintenance work carried out on IT systems, networks and industrial facilities without a technician being on site. Since then more and more remote access applications are being included, such as remote diagnosis, condition monitoring or asset management in the Industrial Internet of Things (IIoT). Remote maintenance 4.0 is no longer just about avoiding and correcting problems. Instead it stands for a whole range of flexible applications and innovative services that are created remotely by means of mobile data communication and the processing of sensor, condition and process data.

A remote maintenance solution essentially consists of three elements:

  • The remote maintenance router
  • Reliable, secure communication channels
  • Applications, for example for condition monitoring or data exchange.

INSYS icom provides you with all the required elements from a single source: INSYS icom routers, communication services and data applications. In this way you will receive an integrated complete IIoT package with coordinated components, which offers extensive functions and can be flexibly expanded as required. If you have any questions or problems, the experts at INSYS icom will support you on all aspects!

The remote maintenance router: The most important element for remote maintenance is an on-site router or gateway. With their reliability and flexibility, INSYS icom routers meet the highest industrial requirements in terms of dependable remote control. Developed and manufactured in Germany, they offer the necessary robustness and long-lasting quality for use in demanding environments, too. You can also be sure that your data is secure – there are no backdoors.

Secure communication: The second element is a secure communication channel. No matter on which communication channel the remote maintenance router is connected: only an encrypted data connection offers the necessary security when public network routes have to be bridged. The “icom Connectivity Suite – VPN” offers you secure data communication worldwide as a managed service, with easy setup using the quick start wizard and automatic certificate management.

The IIoT application: icom Data Suite: The third element of telecontrol technology is application software, which integrates remote devices and systems into an Industrial Internet of Things (IIoT) and provides intelligent remote access. This not only allows you to carry out service and maintenance work via remote management, but also to obtain added value from the data of the connected devices.

High-performance application software

The icom Data Suite provides all the necessary functions, ranging from control and monitoring, messaging and visualisation to data acquisition and processing. The software package runs on the IoT operating system of the INSYS icom routers. The icom Data Suite establishes the connection between router, controls and devices, and therefore creates the basis for service technicians to remotely control all connected devices. Different protocols and communication platforms can be used for this purpose, such as Modbus, Siemens S7, Codesys, IEC 60870-5-104 and 60870-5-101, OPC UA or serial ports.

Remote administration and monitoring are therefore just as possible as local processing of the collected data, whether it involves implementing programmed controls in the remote maintenance router or consolidating the data and then transferring it to the cloud, for example via MQTT. As a result, in addition to remote maintenance and condition monitoring, IIoT functions which provide added value from the data of remote installations are also available. By means of integrated connectors, cloud services such as Cumolocity and the Telekom Cloud of Things can be used quickly and easily. In addition, the system is flexibly expandable and can be scaled as required.

Modular hardware

There are innumerable use cases for remote access and remote maintenance, and this leads to a variety of requirements for the hardware used. INSYS icom responds to this with a flexible, modular router family that gives you the choice of which connection types and interfaces to use. LAN, DSL or LTE connections are available, or a combination of these to create redundant connections. Two different housing variants offer space for one or even up to three add-on cards. This enables you to retrofit additional interfaces beyond the standard equipment, and allows you to use new technologies such as the upcoming 5G without having to replace the router. In this way INSYS icom protects your investment!

Gained in practice, for use in practice

Interested in our Solutions? Then please get in touch with us.