Skip to navigation Skip to content

IoT Integrator Summit: Remote Access to Manufacturing Equipment or Industrial IoT Systems

Minute Read

This presentation was originally delivered during the IoT Integrator Summit on Securing Edge Computing, which took place from July 14-16, 2020.

You can  view the full event summary and as well as access additional sessions from the IoT Integrator Summit here.

Following is the recording and a session summary of a talk by Lin Nease, HPE Fellow -- CTO for IoT, HPE.

Many enterprises have difficulty enabling remote operations, as many of the assets in their operation require on-site control and supervisions. With the “new normal” of COVID-19, industrial enterprises are investing in a new division of labor, with local “hands and feet” and remote subject matter expertise. A big problem with this new division of labor is the air-gapped network approach to hosting control systems and HMI (human-machine interface). This discussion provides a context and overview of the problem and potential solutions to enable remote operators in industrial operations.

Watch the video or peruse the notes from the session below.



-- Article continues below --New call-to-action

Visit the IoT Security Resource Center.

Session notes

Remote work in enterprise environments

The new normal of COVID-19 has been a shock and an opportunity alike for enterprise customers. Enormous demand for remote access is forcing us to rethink our traditional enterprise framework. The factors driving demand for remote access are surprisingly varied. 

Today’s contributing trends are:

  • Supply chain redesign. Clients are turning to less concentrated, more stable supply solutions.
  • Relief from year-over-year (YOY) results. Company longevity and resilience are the priority over immediate results.
  • Enterprise flexibility. Due in part to relief from YOY results, companies are looking to automation more broadly than before.
  • Division of labor/remote work. Adding automation and infrastructure forces further divisions of labor between experts and generalists. 
  • Marketing and sales transformation. Reaching customers indirectly and reliably is more critical than ever. 
  • Security, privacy and ethics. Security and privacy are rapidly entering new frontiers. 

Industrial IoT remote access requirements

In rethinking the enterprise framework, the core requirements remain the same. Businesses must have:

  • Secure connections to corporate applications from unsecured devices 
  • End-user collaboration and work from home
  • Rapid provisioning and scalability
  • Downward scalability as business dictates. 

We have satisfied these requirements for much of the workforce. The machine operator, however, is still a difficult class of worker to host remotely.

The challenges you encounter when hosting the machine operator are:

  • Machines and control systems are frequently air-gapped for extreme security purposes
  • Authorized users are very few
  • Software is often running on unsupported or obsolete platforms

In short, production systems are keeping machine operators tied to the plant. Production systems are controlled by programmable logic controllers or control systems. The controllers are extremely vulnerable and sensitive to change but are also absolutely critical to the business. 

These controllers, often decades old, are operating state-of-the-art physical processes even while they run on very old platforms. Patching these platforms is generally impossible. Even if we were able to patch the platform, these machines are unprepared for any outages. If a component of the update is incorrect, then the physical system may not operate at all, and production grinds to a halt. 

The demand for flexible automation and remote work

Client trends are unearthing a new approach to the division of labor. The focus is now on creating physical space and reducing operational risk. Efficiently utilizing scarce resources is more critical than ever. Companies are adapting their operating models to include:

  • Subject matter experts (SMEs) who work and operate machinery remotely, paired with more generalized labor assigned to “regions” of the plant to allow for social distancing
  • New time and motion designs to further keep local workers at acceptable physical distances
  • Automation for both the SMEs and the local workers
  • Hybrid approaches that include remote oversight or Automated Guided Robots (AGVs)

This new approach forces us to reassess the traditional enterprise framework. The challenge in employing these changes in today’s enterprise is strict adherence to the Purdue model.

The limits of the Purdue Model

The Purdue model is the standard for enterprise architecture. It begins with the sensors and field equipment—the system’s components interacting with the physical world. A control system on an isolated network segment coordinates these components. These segments are dual-homed and communicate on control networks to supervisory control and data access (SCADA) systems. 

SCADA systems are the piece of the framework that is aware of what is happening in our systems. Modeling our network architecture in this way introduces three significant drawbacks. Network segments are isolated, tightly controlled and poorly managed. Restructuring architecture with Attila can solve all three problems. 

Connected devices in enterprise IoT systems

With Attila architecture and Human Machine Interfaces (HMIs), workers can securely connect to these production systems from anywhere. HMIs are terminals or client devices that we can attach a GoSilent server to and remotely access through a GoSilent client. By themselves, HMI systems can be located anywhere in the plant, far away from their connected devices. 

Attila adds full remote capability. The GoSilent solution can take over all general-purpose access. Users can connect to less secure networks—like hotels or cafes—completely hide the VPN connection and securely access the control system on the other side. 

The Purdue Model is breaking down. With increasing predictive and condition-based maintenance, clients need more direct IoT processes. Direct IoT processes cannot run through the typical control system but require native IP networks. 

Secure remote access to those control systems is critical for progress. It is too cumbersome to build these capabilities into the enterprise software, so work outside the traditional model is necessary. The enterprise framework is undergoing a major transformation, and remote access will be vital in moving forward. 

Q & A from listeners

Lin Nease answers questions directly from our listeners. 

Q: With the advances in remote access for manufacturing we’ve discussed and COVID forcing individuals to rethink their locations, how will corporations’ location planning and staffing change?

There will be a race for specific expertise. The expertise companies are looking for will not change substantially. If specific production processes are in place, those processes and their control systems are not likely to change. What will change is where the companies can go to find workers they can train. Remote access is central to any company that wants access to a broader employee base.

Q: You’ve outlined a solution that applies GoSilent to some aspects of the Purdue problem. Are there any challenges associated with that solution?

The challenge is integration. The work required to integrate this solution large-scale is substantial. It would be easy for a client to observe one or two situations in their plant and commit to this strategy. In doing so, the client may be setting themselves up for an inordinate amount of integration work.

The implementation needs to follow a different pattern than usual. This solution needs to be built on areas with the highest value. The client must think through where work gets done and find out where this labor division would provide the most value. Even if the integration work is hard, the ROI will be there.

Looking for content from other IoT Integrator Summit Sessions?

Browse all of the session recordings.

IoT Security Event Recordings - Securing Edge Computing

About Lin

Lin Nease is an HPE Fellow and Chief Technologist for HPE Pointnext’s IoT activities. In this role, He is responsible for setting strategy, building a technology plan, and driving innovation with key enterprise customers/partners of HP. Additionally, he provides IoT consulting directly with HPE’s enterprise customers. Lin also helped establish HPE’s EdgeLine business, and HPE’s membership in organizations like the Industrial Internet Consortium.

In his 25+ years with HPE, he has been a Chief Technologist and Director of strategy for multiple business units, including HP’s Business Critical Servers and Networking businesses, has been a Chief Technologist and General Manager for multiple global accounts (GE, UPS), driven multiple M&A activities and cross-business initiatives, led
numerous successful commercial products, including the industry’s first blade solution and HP’s long-lived Superdome platform, and holds several patents in software-defined networking.

About HPE

For more than 75 years, our success has exemplified through our employees’ drive to advance ideas that bring meaningful innovations to life for our customers and partners around the globe. We are guided by our mission to help customers use technology to turn ideas into value, and empower them to transform industries, markets and lives. We simplify Hybrid IT, power the Intelligent Edge and provide the expertise to make it all happen.

Read the complete IoT security guide.

The Complete Guide to IoT Security