Remote visualization on an HMI (system user interface)
Why access a system via remote visualization?
Remote visualization enables fast and location-independent access to a system user interface. This leads to shorter response times when acknowledging or influencing the system control. At the same time,more efficient use of resources by people who come into contact with the system, as they no longer need to be on site at the system, but can display and operate the system user interface on their own device.
What to look out for:
Multiple plants and locations
Facilities and sites must have proper network segmentation so that cyberattacks cannot spread to the entire network.
No direct access to systems (Privileged Access Management application)
Blocking an environment (installations and systems) for direct access from outside is a basic requirement. Only privileged accounts should be able to access certain installations and systems. Direct endpoint users to a system should be avoided. This is implemented using the jump host/appliance principle
Selection of the protocol
Different protocols are available for visualization, such as VNC, RDP or HTTPS.
VNC (Virtual Network Computing) and RDP (Remote Desktop Protocol) are remote protocols that make it possible to display and edit the screen content of a remote computer on a local screen.the main difference between the two is that RDP is a virtual session while VNC captures the physical screen. Important with VNC: use of an SSH tunnel to achieve secure authentication and encrypted transmission
RDP is integrated into the Windows architecture and is only available for Windows, while VNC is operating system-independent and available on most platforms. RDP is also more performant than VNC and offers extensive encryption options for a secure connection. VNC, on the other hand, is less efficient and does not offer advanced features such as printer function, sound output and microphone.
HTTPS is a protocol for the secure transmission of web content. Unlike VNC and RDP, HTTPS is not intended for the remote control of computers, but for the transmission of data over the internet. The advantage of HTTPS is its high level of security through encryption and certificates, but it requires a web browser.
Multi-factor authentication
In addition to user name and password as login for the remote visualization of a system interface a further authentication is mandatory, common is the use of an Authenticator App for entering a 2nd code.
Role-based access management
Access authorizations for functions must be subdivided and differentiated according to roles. With this basic requirement, both centralized user administration with corresponding roles and privileged access to facilities and systems can be implemented cleanly via PAM.
Centralized administration of the users
Ideally, user management is carried out by the company's central user management system (e.g. via Azure AD). With synchronization (e.g. Azure Sync), the users of the software that perform the remote visualization on a system interface are automatically synchronized and updated.
This eliminates the need to manually update and regularly check user roles and authorizations
Temporarily limited access
Instead of granting a user permanent privileged access, this should only be granted when required and then withdrawn again. Automating access rules for certain periods of time reduces manual effort.
Recording of all activities during a remote visualization
The remote visualization of a system by a user should fully log all activities from start to finish, record them via video stream and archive them. This ensures complete traceability of activities and gives a company full transparency at all times
Monitoring, control and auditing of activities
Continuous monitoring and active logging of all activities when accessing a system via remote visualization is crucial to ensure that a company has the necessary knowledge to protect its system. However, it is also crucial that the logs are audited regularly.
iDIP IoT Service Portal for the remote visualization of systems
With iDIP IoT, systems, locations and users are managed holistically for secure access to a system user interface.
Decentralized and centralized facilities and infrastructure areas can be administered with the greatest possible security and crystal-clear overview. The requirements from OT and IT security merge into one through the use of our gateway variants.
Find out more at ➡️ www.idip-solution.com/remote-visu
Just start
Discover the benefits iDIP can bring to your company.