The VPN in remote maintenance

Doing the right thing – and doing it right

Regensburg, 21.04.2021 – Even now, only few companies consider themselves to be well positioned in areas such as Industry 4.0 and the IIoT. In the current confused situation, which is additionally fraught with uncertainties such as Covid-19, trade wars and disruptions, the relevant opportunities and challenges are too multi-layered.

These topics refer to the productive use of data using current technologies. Industry 4.0 describes the fourth industrial revolution after mechanisation, mass production and the revolution created by automation. It includes autonomous decision-making, technical assistance provided by information and visualisation, as well as sensor technology and networking. In the final analysis the IIoT applies this concept at the level of individual devices.

Data communication is both a success factor and a risk factor

This requires innovative approaches to solutions that make data usable and useful. With data communication you open up possibilities for remote diagnosis, remote maintenance and remote control, which creates new options for action and makes new potentials accessible.

In the field of IT security in particular, data use and data communication pose fundamental challenges. In the area of plant security these can even lead to the shutdown and total failure of systems, including direct damage, consequential damage and commercial effects. In a “worst case” scenario complex technologies, technical causes, negligence and malicious intent quickly reveal the ugly facets of inadequate data or cyber security. In the end, security elements often determine the success or failure of digitalisation projects.

A success story: remote maintenance via VPN at Skoda Machine Tool

How a remote maintenance solution with a strong security concept works is shown by Skoda Machine Tool. The company has been using Internet gateways for the remote diagnosis of machine tools since 2012. Thanks to a security solution based on OpenVPN, this even succeeds with a secure WAN connection to the well-protected China. Systems at such international locations can thus be efficiently put into operation and remotely maintained, so that service costs on site are reduced.


It is no coincidence that in industry and automation, data is the new gold and remote maintenance is the gold standard: status information, sensor data, usage data, control data and environmental data can be recorded, analysed and used to its best advantage. In this way processes can be optimised, problems can be pinpointed, deviations and correlations can be recognised and predictions can be made in order to provide alerts or to control and intervene directly. In the best case, new business and service models are created through data availability in combination with usage models and overall solutions.

“Doing the right thing”: encrypted data communication

Encrypted protocols are the basis for secure data communication. In the corporate environment it is a matter of detailed control of when and how individual devices, systems, installations or users can exchange data with each other. VPN management requires groups, connection management, monitoring and tunneling through existing firewalls. IT can’t just do this overnight. The integration of OT (operational technology) into IT security concepts is not a simple undertaking either.

Doing things “right”: security thanks to OpenVPN

In this context the need for secure connections is without question. In the process OpenVPN sometimes generates knee-jerk objections. Lag times as well as complex configuration in the corporate environment are often mentioned as problematic. There are technical reasons for this, which mainly serve the undeniably high level of security: encryption and decryption with virtually no vulnerabilities as well as a range of functions and options ensure that OpenVPN is highly configurable and accordingly very flexible in its use. However, professional security solutions circumvent these issues and make OpenVPN easy to use for “everyone” – as in the case described with a challenging facility located in China.

Solution components: how remote maintenance can be carried out securely

Solution components for scenarios such as the success story at Skoda Machine Tool described above are a remote diagnosis solution, the appropriate hardware in the form of gateways for all relevant facilities, and the right VPN security solutions.

The remote diagnosis solution displays machine data and enables remote diagnosis and maintenance. Many services depend on functionality and intelligence, which are applied to the systems locally and incorporate local parameters. Depending on the model, the Internet gateways provide the necessary interfaces and hardware functionality. It is advisable to pay attention to configurable solutions in order to avoid programming work.

Here the specialist supplier can in particular build a bridge between IT and OT, because the necessary components are required for the integration of machine protocols into IT solutions with IT protocols. Almost every industrial machine can be integrated into remote diagnosis solutions. On this subject David Sukowatey, Product Manager for Managed Services at data communications specialist INSYS icom, adds: “For many manufacturing companies, the integration of machine technology into IT monitoring offers completely new possibilities in diagnostics, operational control and service models. This enables our customers to reduce their operating costs, in some cases significantly.

At the same time, any topology can be distributed locally “on the premises” or in a flexible way remotely with servers or cloud solutions. The remote diagnosis example of Skoda Machine Tool described above can accordingly be used for a large number of widely distributed small plants as well as for large, connected facilities.

VPN as a Service

As a specialist technical partner INSYS icom offers a remote diagnosis solution with suitable security features for industrial or automation facilities. This is highly favourable for companies which decide to book data communication as a complete service, instead of having their IT section develop complex in-house solutions.

At the end of the implementation a transparent, flexible overall solution is created from any number of gateways, together with an OpenVPN overall solution for remote access to machines and systems, an access portal and efficient device management. The functional elements can be configured by the user without extensive training or specialist knowledge. There is also nothing to prevent the system’s functional scope from being extended by applications operating locally on the gateways. In this way a wide range of remote access requirements, including 2-factor authentication, can be mapped.

The most flexible remote diagnosis and remote maintenance scenarios are possible

This success story serves as a practical example that can also be applied to other industries and companies. Predestined for this are installations and processes with high maintenance costs, heavy expenditure in service cases and ongoing operations which are highly dependent on a multitude of parameters. Furthermore, in addition to the safety functions described, such solutions offer the possibility of efficiently combining a wide variety of equipment types and machines in one monitoring solution.

This article was originally published in German in etz – Issue 1-2, 2021 (publication date: 18.02.2021):

You may also be interested in