Winter Closure Time: no Orders will be processed from 24.12.2024-02.01.2025.
vpn
vpn security suite

0 Min. Reading duration

Harmonized VPN infrastructure

Welotec

Published on 26 Feb, 2021

VPN Security Suite

Integration of different device types in VPN infrastructures

The advantages through digitalization can only be fully exploited by networking all devices in the field. With local PLCs, HMIs and IPCs at one location, for example on a shop floor, this is easily possible via the local network. However, if devices are distributed over many locations, public networks must be used. The industry standard to securely connect distributed devices and networks is VPN. VPN stands for Virtual Private Network and enables connecting different networks over public infrastructure like the Internet. Several VPN technologies, such as IPsec, Wireguard and OpenVPN are used. OpenVPN has the advantage that it is very secure and already integrated in many devices. In addition to that, OpenVPN is very compatible between different devices from different vendors. OpenVPN is a server client protocol. Usually, there is one OpenVPN server in a central location and an OpenVPN client on the devices in the field. The identity of the devices and the encryption of the data is managed by digital certificates. There are multiple possibilities to integrate devices like RTUs, PLCs, HMIs and IPCs into a OpenVPN infrastructure. The most important requirement is that the devices have access through a network to the central server. This can be accomplished through a wired internet connection, 4G LTE, 5G or Wifi. In addition to that, they need to have an OpenVPN Client support. There are multiple ways to do that:
  1. Direct software support for OpenVPN
  2. Support to run additional applications e.g. Docker Container
  3. External Gateway for OpenVPN (like Welotec Router or Edge Gateways)

Challenges of integrating different devices in VPN infrastructures

Secure and reliable operation of a VPN infrastructure is often complex. Among other things, configurations for the local firewall, the VPN tunnel and certificates for identity and security must be installed on each device in the field. To ensure security, the VPN configurations must be updated, and the digital certificates must be renewed frequently. With a few devices from one vendor, it is easy to keep track of and perform these tasks manually. However, especially in the energy sector and machine building, where many systems are distributed , these tasks can not be carried out manually. An automated approach is needed.

Welotec VPN Security Suite

The Welotec VPN Security Suite offers automated processes to roll out and manage VPN infrastructures. It consists of three components. This includes a central VPN Concentrator with integrated Firewall and access rules. An integrated Public Key Infrastructure (PKI) manages and renews digital certificates. The third component is a Device Management for rollouts and distributing configurations.

The Welotec VPN Security Suite allows to roll out a uniform VPN infrastructure on different device types, regardless of the manufacturer. It is necessary that the devices have an integrated OpenVPN client or support Docker containers. Docker container-enabled devices can be connected through the Welotec VPN Container Client (VPN-CC). VPN-CC enables self-registration to the VPN Security Suite and communication with the end device. With the end device communication, you can directly access devices/machines  behind the VPN-CC connected device. In addition, the certificates and VPN configuration are automatically distributed to the VPN-CC device. By using orchestration software such as Kubernetes, VPN-CC offers a very simple and scalable approach to building VPN infrastructures.

Advantages and implications for business

With the VPN Security Suite, we offer plant operators, machine builders and device manufacturers an easy and secure way to collect data from distributed devices. Data collection is key to predictive maintenance, enabling  better service quality and reduced downtimes. In addition, secure remote access to distributed devices and machines enables greater efficiency through reduced travel and staffing. The Welotec VPN Security Suite also creates potential for new services and business models such as Equipment-as-a-Service.

Expert

Welotec

Expert Knowledge at Welotec

Related Products