Secure remote access with Nerve

Implementing secure remote access to industrial assets using Nerve

In our blog series, we have already discussed important considerations for remotely connecting industrial assets and available methods for remote access. As we have shown, there are different ways for setting up secure remote connectivity in an industrial environment. A managed edge computing platform like TTTech Industrial’s Nerve can help to simplify the process for companies at all stages of the digitalization process.

Introducing Nerve

Secure connectivity of industrial assets is needed as the basis for use cases such as condition monitoring, predictive maintenance, or digital twins. Nerve provides a software infrastructure for machines on the shop floor and in the cloud and offers:

• Connectivity for machines
• State-of-the-art, cloud-based software management
• Vendor independence, openness and flexibility
• Integrated security features
• A flexible cost model

Nerve is a modular system and thus extremely flexible. Customers can choose which features are needed to support their current business case and extend the feature sets as they grow or adapt their processes. Some key features of Nerve are:

• Hosting of third-party applications and software as VMs or Docker containers and centralized logging for application messages and errors.
• Data collection and visualization.
• Remote connection, as well as workload and device management.

With Nerve, customers can establish secure remote access to a wide range of assets from different vendors and use the Nerve Management System as a trusted counterpoint for remote access to these assets from anywhere in the world.

Secure remote access with Nerve

Nerve supports the three key needs in remote access projects:

• Remote connection to devices in the field
• Data access devices using different protocols and connections, including legacy assets
• In-built security features to support secure remote access

1. Remote connection of assets from different vendors via one platform

Nerve’s Remote Services module includes features like remote screen viewing, remote tunneling and remote shell access to any edge device running Nerve, as well as to software workloads hosted on Nerve. Remote access to industrial assets can be configured when setting up workloads in the Nerve Management System or locally at the device.

2. Transmitting data from industrial (legacy) assets

Nerve’s Edge Hosting module enables software workloads – i.e. either separate applications running on one machine or applications from different devices – to run side-by-side at the edge. These can be managed remotely with Nerve’s Management System hosted locally or in the cloud. The workloads (applications or devices) can be encapsulated in Docker containers or, as it is often the case for legacy assets, hosted as virtual machines (VM). This allows them to be safely contained and to run on a secure, state-of-the-art industrial PC/host computer. Centralized logging helps to record all messages from the applications, events happening in the system as well as on the devices. Fieldbus-level sensors and actuators can also be accessed using the Soft PLC module of Nerve.

3. Nerve’s integrated security features provide a secure basis for managing industrial assets

Nerve is regularly penetration tested by third-party security specialists and software development processes are compliant with IEC 62443. Data is sent from machines to the Management System using Transport Layer Security (TLS) 1.2 (i.e. the data is encrypted to prevent it from being “read” by unauthorized parties during transmission).

A very important feature, particularly for remote access, is the management and authentication of users. Nerve requires logins for all services and passwords stored on Nerve are all encrypted.

• Role-based access control (RBAC) ensures that users have only access to those services and functions they need to perform their tasks.
• Hosting of Nerve’s software-as-a-service offering on Microsoft Azure, in Germany guarantees compliance with the EU’s General Data Protection Regulation (GDPR).
• For critical applications, where data may not leave a company’s premises, Nerve can also operate fully offline.

As mentioned before, Nerve offers centralized logging which helps to detect threats to the system. On the application level, Nerve supports VMs and Docker containers, which increase security by encapsulating or virtualizing workloads e.g. legacy assets that do not allow a direct, secure connection. Another important feature to keep remote access secure is provided through Nerve’s central update mechanisms. They allow centralized rollout of security patches and software updates to ensure that devices are always up-to-date and secure.

A managed edge computing platform like TTTech Industrial’s Nerve can support companies in gaining secure remote access to their industrial assets. (© iStock/aydinmutlu/TTTech Industrial)

We know that each customer and each use case are different – you can find out more about how Nerve is used in different industries by checking out the links below or registering for a free trial. If you have specific questions related to your business, please contact our team at sales@tttech-industrial.com.

Find out more

• Find out more about Nerve:
  • Learn how our customers use Nerve in the case studies section
    • Fill uses Nerve and Azure to enable its Smart Factory vision
    • Building a foundation for smart, digital connectivity with Nerve
  • Read our technical whitepapers for a more in-depth view at how Nerve is used across different industries
  • Register for a free trial of Nerve
• Check out our article on industrial edge computing
• Can legacy systems work as industrial IoT hardware? | TechTarget
• IEC 62443 standard – security for industrial automation and control systems
  • IEC blog post: Understanding IEC 62443
  • DKE: IEC 62443 – Die internationale Normenreihe für Cybersecurity in der Industrieautomatisierung (in German language)