Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Remote Services
Managing Open Systems with Remote Services
As control systems move from proprietary
technology to open systems, there is greater
flexibility but there can also be issues with
compatibility, security and software complexity.
Honeywell works with customers to help
manage open systems. Honeywell's secure
remote services improve safety and reduce
costs with proactive monitoring and faster
problem resolution while avoiding travel time
and costs. Remote services include patch
management, virus protection, system
monitoring, backup and restore, and more.
To mitigate risk, Honeywell employs
industry best practices to ensure a highly
secure connection and protection of data
for ourselves and our customers.
Reduce costs and mitigate riskwith secure remote services
Technological advancements are changing distributed control systems (DCS) by integrating proprietary technology from the vendor with open systems technology provided by Microsoft, Intel, Cisco and many others. Compatibility issues, securitypatches, virus attacks and software complexity result in a significantly higher frequencyof change compared with proprietary only technology. To help manage the change, the industry is employing remote services as a best practice to quickly connect supplierexperts with customer systems. Honeywell has developed a full suite of remote services to support our customers with their day to day technology challenges.
Best Practices for ManagingOpen Systems Technology
Remote Services
Remote services improve plant safety,reliability and efficiency. Safety incidentsare reduced by limiting the number ofpeople needed on site. Reliability isimproved through proactive 24/7 processand system monitoring providing fasterresolution when problems arise. Efficiencyis improved by avoiding travel time,allowing direct access to expertise, collaborative troubleshooting and engineering, standard operating practicesand centralized services like deploymentof updates and virus definition files.
Remote Access to Customer Sites
It all starts with a remote connection to a customer site. Honeywell uses theInternet or dedicated lease lines withsecure protocols and protection mechanisms to set up the connection.Logins with password, encryption, VPNtunnels, PIN code and a hardware keycode generator maximize securityavoiding unauthorized access.Honeywell uses the same connectivitysolution to deliver all remote services,including troubleshooting, systemchanges and analysis, so all use thesame secure link (one channel
principle) between the customer site and Honeywell.
Honeywell provides process
related remote services to
improve the customer’s
process performance. By
collecting data at the site
and analyzing it offline by
Honeywell, these services
provide valuable information
and recommendations on
how customers can optimize
their process performance.
The Honeywell Service Node
Remote connections are set up betweena remote location and the Service Nodeon site. The Service Node is the entrypoint into the customer’s process domain.The Service Node consists of a combination of firewalls, proxy serverand specialized communication serverresiding in a secure zone within theprocess control network (PCN). TheService Node can be used for remoteaccess but is also capable of monitoringsystem parameters and running diagnostics over the entire PCN. Theauthorizing system of the Service Nodeincludes a built-in permit and audit systemto track access, requests and actions.The site retains full control over all communications to allow, forbid orrequire approval before actions can bemade. The Service Node is protected bythe latest validated virus definition filesand patched with the latest validatedsecurity patches.
Infrastructure Related Remote Services
Virus Protection- Open platforms are
vulnerable to virus and worm attacks,
which can lead to loss of view, loss of
integration, loss of control and even
production downtime. Honeywell tests
and approves new virus protection
definition files first on a test system
emulating a customer’s production
systems to reduce the risk of a signature
collision with a valid data pattern. These
new virus protection definition files are
downloaded to the Service Node (normally
within 24 hours after its release). Properly
scheduled distribution at the site of new
virus protection definition files eliminates
the risk even further that redundant
servers can stop at the same time due
to the automatic update.
Patch Management
Patch Delivery- The process of software
patching repairs operating systems and
application vulnerabilities that can provide
an entry point for viruses and other
damaging programs. It helps maintain
operational efficiency and effectiveness,
overcome security vulnerabilities and
maintains the stability of the production
environment. Honeywell tests and qualifies
newly released security patches to make
sure they can be safely installed and will
not interfere with Honeywell process control
software platforms. Normally these patches
are tested and qualified within seven days
of their release. Customers with a remote
connection have the advantage that the
Service Node will get the latest security
patches and appropriate DCS patches
automatically as soon as they are validated.
Patch Deployment- On-site patch
installation is offered using trained
Honeywell personnel to manually patch
the PCN during site visits after careful
planning with operations, using the latest
patch files made available on the Service
Node. Remote patching is offered as an
alternative, however, this requires an
agreed procedure between engineers in
remote locations and assistance from
the site. Critical components are not
recommended for remote patching.
Perimeter Security- To secure the
perimeter of a PCN environment, the
protection mechanism consists of a set
of security controls between the office
domain (L4) and the management
execution layer (L3) of the plant.
This service includes checking of
firewalls, intrusion detection /prevention
system, network access, proxy servers,
top / root domain.
Backup and Restore- Loss or corruption
of data can have a catastrophic impact on
your ability to meet business demands.
The best defense is making regular backups
and a proven and tested recovery strategy.
A complete reinstallation of a PC / server
can take up to two days, while a solid
backup and restore mechanism can reduce
this time to a few hours. Honeywell uses
Backup and Restore software and
configures the schedule of the backups
(full backup and/or incremental backup) so
that multiple backups are not executed at
the same time to limit the impact of a
backup on the overall performance of the
PCN. Backups for non-standard servers
on the PCN (like PHD, PCC, FDM) can be
offered as a special service.
Faster Resolution
Proactive
Peace of Mind
Expertise
Remote Services
System Monitoring- System Monitoring
collects and diagnoses health and
performance data as well as system logs
to monitor the PCN infrastructure. The
information is available for local use and to
generate reports. When a critical threshold
is reached or invalid state / abnormal
condition is detected, the monitoring
service will run extra diagnostic routines
depending upon circumstances, to directly
provide a better view to the root cause of
a problem allowing more detailed alarming.
Alarms are generated and transmitted
(through SMS or email) to the customer or
designate. The Honeywell Remote Service
Center (RSC) also receives the alerts allowing
Honeywell to provide instant remote support.
Customers will automatically benefit from
Honeywell’s continuous research of past
business interruption situations.
Optional health and performance reports
provide historical information and analysis
including recommendations for optimizing
system performance. These reports
provide a summary of the recorded activity
for devices and overall system health status
to determine if any steps should be taken
for overall system improvement.
System Administration- System
administration tasks include checking
system logs, managing login problems and
disk space management. Honeywell utilizes
tools to automate many of these routine
inspections, normally handled manually by
system administrators, creating benefits
like 24/7 continuous checking and
eliminating human error. System
administration service also monitors the
PCN for proper deployment of patches,
virus protection definition files and backups.
This will generate a To-Do list for the system
administrators to execute when time
allows. These actions are required to keep
the system healthy and avoid unwanted
business interruptions. This results in a
conditional maintenance task instead of
spending long hours on routine checklists.
Honeywell remote system administrators
will work the To-Do list and are available
during office hours to support customers.
The system administration tools also provide
automatic self-healing capabilities such as
starting a backup routine or collecting the
latest virus definition file. Automatic repairing
needs to be agreed on up front with
customers if allowed.
Application Hosting- Application
hosting is a service where applications
used by customers run on computers
within a secure Honeywell environment.
The benefits of working within the
Honeywell cloud include resolving the
customer’s internal IT department
concerns about running additional
software within their own environment,
managing software compatibility issues,
managing small volume or specialized
software, and eliminating the requirement
for specific or additional server hardware.
To access these applications from the site
the customer only requires a standard web
browser and appropriate authentication.
Process Related Remote Services
In addition to infrastructure related services,
Honeywell provides process related remote
services to improve the customer’s process
performance. By collecting data at the site
and analyzing it offline by Honeywell, these
services provide valuable information and
recommendations on how customers can
optimize their process performance. These
services are designed to improve regulatory
and advanced process control, increase
production yields and throughput, and
lower energy consumption.
Loop Scout- This service actively monitors
PID control loop performance and system
alarms and provides diagnostics, resolution
tools and workflows. This service delivers
powerful functionality in the form of industry
benchmarks, individual control loop
performance history, valve diagnostics and
more. Optimum performance of control
loops also means optimum process
conditions impacting bottom line results.
For More Information
To learn more about Honeywell’s service
programs, contact your Honeywell account
manager, visit www.honeywell.com/ps
select Services, Maintenance and Support,
and Open Systems Services.
Automation & Control Solutions
Process Solutions
Honeywell
1860 W. Rose Garden Lane
Phoenix, AZ 85027
Tel: 800-822-7673
www.honeywell.com
Benefits Attainment Service–
This service is available to UOP process
licensees for the purpose of monitoring
and improving catalyst lifecycle
performance while improving the
effectiveness of technical support.
Advanced process control monitoring
services and regulatory loop management
services provide comprehensive process
unit performance management solutions.
Benefits Guardianship Maximum (BG Max)- This comprehensive performance management service maximizes the lifecycle value of advancedprocess control applications by providingregular monitoring and analysis ofHoneywell’s Profit Controller applications.BG Max services are designed to not onlymanage and sustain the performance ofadvanced process control applications but also include the identification andimplementation of application improvementsto increase user benefits. Key deliverablesinclude monthly performance score cards,detailed controller analysis reports withcontrol improvement annotations, and directinteraction with subject matter experts.
Remote Services Delivery
Remote Service Center (RSC)-Honeywell has two global RSCs(Amsterdam and Houston) to support our customers worldwide. The RSCs backup each other and manage all remote connections between Honeywell and ourcustomers. Data retrieved from customersites is stored within the secure environmentof the RSC and access is restricted toappropriately authenticated engineers.
Virtual Remote Service Center (VRSC)-VRSCs have similar responsibilities as theRSC but are not connected directly to thecustomer site and have no data storagecapabilities. The VRSC makes use of theRSC infrastructure in a fully transparentmode. Access restrictions are set toensure the VRSC can only work withinthe boundaries set by the RSC. VRSC capabilities are also available for thosecustomers requiring the same level ofaccess/reporting functionality.
Security Aspects
A process control system failure or unauthorized access has the potential tocause significant plant damage or safetyrisks. As both a process control user andsupplier, Honeywell uniquely understandsthis challenge and therefore employsindustry best practices to ensure a highlysecure connection and protection of datafor both ourselves and our customers. The main security measures are:
• Two factor authentication to the RSC and secure data communication usingencrypted VPN tunnels
• Overall architectural setup to prevent malware propagation from a user’s computer into the process control network
• Authorization from site required to allowaccess to any device on the PCN
• Full audit trail by logging all actions
Information Security
Confidentiality, integrity and availability arethe core principles of information security.Within process control systems, data andcontrol must be accessible when needed(availability), should not be modified withoutauthorization (integrity) and should not bedisclosed to unauthorized individuals or
systems (confidentiality). Remote serviceshave the following controls in place tolower the risk of security breaches:
• 24/7 remote services means high availability of service delivery; includingremote availability of Honeywell supportpersonnel
• Secure authentication, authorization and traffic by utilization of encrypted datacommunication
• Plant personnel in charge of access control and remote activities
• Non-disclosure agreement betweenHoneywell and employees
Benefits of Using Remote Connectivity
• Access data and results anytime and anywhere
• Immediate detection of failures and performance anomalies
• Engage the right expertise at the righttime (avoid waiting for travel or visa)
• Improve troubleshooting with advanceddiagnostics
• Automated collection of system data for troubleshooting purposes
• Receive prioritized notifications to proactively avoid issues
• Reduce project / commissioning support cost
• Improve safety (reduce physical time
on-site or access to safety critical locations)
Assessments and Consultancy Services
Honeywell provides additional services tohelp customers manage their open systems.These include assessments of network,security, risk and readiness, wireless andbackup and restore. Consultancy servicesare available to support design /redesign of the process control network.
BR-10-08-ENG August 2010© 2010 Honeywell International Inc.