Man holding iPad looks at machine parameters

Considerable relief during maintenance when using remote maintenance Security routers ensure secure communication in machine building

As part of its remote maintenance concept, Hermes Systeme GmbH relies on mGuard security routers and the associated mGuard Secure Cloud as a flexible, economically efficient solution for securely accessing customer applications.

Nowadays, systems without remote maintenance technology are no longer competitive because every operator requires high availability. Malfunctions must be eliminated as quickly as possible.

Ingo Hermes - Hermes Systeme GmbH, General Manager
Two Hermes Systeme employees installing a control cabinet

Hermes Systeme GmbH develops innovative solutions for MCR and automation technology

The employees of Hermes Systeme GmbH, located in Wildeshausen near Bremen, develop innovative solutions for MCR and automation technology. In addition to system modernization, their range of services is comprised of maintenance and repair of the existing technology as well as supply and installation of new systems. Hermes Systeme focuses on industry and building automation, water technology, swimming pool technology, wastewater treatment plant technology, cooling technology, information technology, and central control engineering. As a system integrator, the company has supported industrial and municipal users for more than 30 years, also in implementing SCADA systems. In such systems, an I/O station designed by Hermes Systeme is used. For remote maintenance services, security appliances from Phoenix Contact are used. They provide secure access to the corresponding SCADA network for the service engineers.

We can completely solve around 80% of all problems with remote access.

Christian Nölker - Hermes Systeme GmbH, Electrical engineer and programmer

Machine availability is restored quickly after malfunctions

A service technician accesses a machine via remote access after a malfunction

At Hermes Systeme, the primary focus is on eliminating malfunctions, but a transparent security standard that the system operators demand in order to accept remote maintenance is also important.
When service is required, Hermes Systeme service engineers can immediately obtain information on the system’s operating state without needing to be on site. Engineers simply press a button to evaluate extensive log files and other historical data that provides information on the cause of the error. The records from the system sensors indicate errors and suggest options for optimization at the same time. SCADA systems are usually comprised of one or more controllers and a graphical user interface. “To do so, our service engineers view the system operator’s screen on their computer and then work with the employee on site to remedy the error,” explains Christian Nölker, electrical engineer and programmer at Hermes Systeme.

“We were looking for a supplier that offers a solution for easy system and service personnel management. It was also important for the solution to be from a renowned manufacturer so that our customers would accept the remote maintenance concept.”

Ingo Hermes - Hermes Systeme GmbH, General Manager
mGuard security router on a mounting plate

Easy management of systems and service personnel

“It is not enough to look at the technical parameters and prices in order to make the right choice of remote maintenance technology,” Christian Nölker emphasizes. With an increasing number of systems, online access management and configuring the remote router stations can become time-consuming. Issues like secure authentication, managing customized access and configuration data, and the different software environments of a plant that has grown continuously make the decision even more complicated.

For this reason, the decision-makers were persuaded by the complete solution from Phoenix Contact because it is comprised of system and service personnel management with a high IT security standard. The required end device configuration is automatically generated in the cloud and downloaded to the devices. All processes, such as VPN configuration, routing settings, and certification management, are implemented using the cloud. “As a portal, the Phoenix Contact cloud manages the increasing variety of different system maintenance environments and automatically provides the right environment to the service engineer,” says Christian happily. Each service access starts a temporary virtual machine, which is then deleted afterwards. It also allows the parallel operation of different software generations. For Hermes Systeme, this type of remote maintenance has proven to be an efficient solution that ensures increased system availability for its customers.

Installing the FL mGuard security router in a control cabinet

Robust security routers for the harsh industrial environment

“We were looking for a solution that uses the Internet to dial into the system’s SCADA network. At the same time, we wanted to protect the network against unauthorized access,” Nölker continues. Ideally, the solution would be suited to an industrial environment. “However, the majority of security applications on the market have been developed for the office environment,” Nölker explains. With the FL mGuard product family from Phoenix Contact, Hermes Systeme has opted for security appliances that meet all the requirements of the industrial environment.

“The FL mGuard RS2000 security router version we use can be mounted on a DIN rail and features a 24 V DC power supply. Based on the local situation, we use either the RJ45 version or the wireless variant to connect the system to the cloud,” the programmer continues. Because the FL mGuard RS2000 acts as a secure gateway that protects the system against unauthorized access, the SCADA network can be connected directly to the Internet, and therefore to the cloud. Service engineers use a VPN software client to establish a connection to the cloud. The VPN function ensures that only authorized persons can initiate communication using the corresponding access data. If the VPN connection has been set up, it works like a direct connection to the local network. In this way, the controller’s programming software detects the security devices and can simply connect them.

Product overview of various security routers

Protect your industrial networks

Protect your systems against unauthorized access by people or malware, and find out more about our security routers here.