Remote connection
Remote connectivity ensures controlled access to industrial control systems such as PLCs, SCADA servers and network devices at remote sites. By combining VPN tunneling, secure gateways and authentication, access restriction, audit logging and critical infrastructure protection are enabled without exposing the network to vulnerabilities.
The network is typically divided into zones with DMZ and the Purdue model to protect OT systems from threats from the overall IT network.
Areas of application
Technicians can connect securely via VPN and access controllers, PLCs or HMIs to troubleshoot, update or configure - without being physically present.
Using secure network connections, remote sites can be monitored and managed centrally. The systems often support multiple communication channels so that connectivity can be maintained even during network outages - e.g. automatic switching between landline and mobile networks.
Remote access can be protected with role-based access control, access filtering (whitelisting), time restriction and user activity logging, reducing the risk of unauthorized access and strengthening network traceability.
Technical build and safety
Remote connectivity is supported by protocols such as IPsec, OpenVPN and GRE, used through security gateway or router with built-in encryption, firewall and logging.
The structure follows:
Perimeter segmentation
IT networks, DMZ and OT zones separated via firewalls and DMZ intermediate networks
Purdue layering
Network level compliance ensures controlled access and isolation of critical equipment
Audit and logging
Firewall and VPN logs provide traceability of access attempts, sessions and changes
