Remote Services
As control systems move from proprietary
technology to open systems, there is greater
flexibility but there can also be issues with
compatibility, security and software complexity.
Honeywell works with customers to help
manage open systems. Honeywell's secure
remote services improve safety and reduce
costs with proactive monitoring and faster
problem resolution while avoiding travel time
and costs. Remote services include patch
management, virus protection, system
monitoring, backup and restore, and more.
To mitigate risk, Honeywell employs
industry best practices to ensure a highly
secure connection and protection of data
for ourselves and our customers.
Technological advancements are changing distributed control systems (DCS) by
integrating proprietary technology from the vendor with open systems technology
provided by Microsoft, Intel, Cisco and many others. Compatibility issues, security
patches, virus attacks and software complexity result in a significantly higher frequency
of change compared with proprietary only technology. To help manage the change,
the industry is employing remote services as a best practice to quickly connect supplier
experts with customer systems. Honeywell has developed a full suite of remote
services to support our customers with their day to day technology challenges
.
Best Practices for Managing
Open Systems Technology
Remote Services
Remote services improve plant safety, reliability and efficiency. Safety incidents are reduced by limiting the number of people needed on site. Reliability is improved through proactive 24/7 process and system monitoring providing faster resolution when problems arise. Efficiency is improved by avoiding travel time, allowing direct access to expertise, collaborative troubleshooting and engineering, standard operating practices and centralized services like deployment of updates and virus definition files.
Honeywell provides process
related remote services to
improve the customer’s
process performance. By
collecting data at the site
and analyzing it offline by
Honeywell, these services
provide valuable information
and recommendations on
how customers can optimize
their process performance.
The Honeywell Service Node
Remote connections are set up between a remote location and the Service Node on site. The Service Node is the entry point into the customer’s process domain. The Service Node consists of a combination of firewalls, proxy server and specialized communication server residing in a secure zone within the process control network (PCN). The Service Node can be used for remote access but is also capable of monitoring system parameters and running diagnostics over the entire PCN. The authorizing system of the Service Node includes a built-in permit and audit system to track access, requests and actions. The site retains full control over all communications to allow, forbid or require approval before actions can be made. The Service Node is protected by the latest validated virus definition files and patched with the latest validated security patches.
Infrastructure Related Remote Services
Virus Protection- Open platforms are
vulnerable to virus and worm attacks, which can lead to loss of view, loss of integration, loss of control and even production downtime. Honeywell tests and approves new virus protection definition files first on a test system emulating a customer’s production systems to reduce the risk of a signature collision with a valid data pattern. These new virus protection definition files are downloaded to the Service Node (normally within 24 hours after its release). Properly scheduled distribution at the site of new virus protection definition files eliminates the risk even further that redundant servers can stop at the same time due to the automatic update.
Patch Management
Patch Delivery- The process of software
patching repairs operating systems and application vulnerabilities that can provide an entry point for viruses and other damaging programs. It helps maintain operational efficiency and effectiveness, overcome security vulnerabilities and maintains the stability of the production environment. Honeywell tests and qualifies newly released security patches to make sure they can be safely installed and will not interfere with Honeywell process control software platforms. Normally these patches are tested and qualified within seven days of their release. Customers with a remote connection have the advantage that the Service Node will get the latest security patches and appropriate DCS patches automatically as soon as they are validated.
Patch Deployment- On-site patch
installation is offered using trained Honeywell personnel to manually patch the PCN during site visits after careful planning with operations, using the latest patch files made available on the Service Node. Remote patching is offered as an alternative, however, this requires an agreed procedure between engineers in remote locations and assistance from the site. Critical components are not recommended for remote patching.
Perimeter Security- To secure the
perimeter of a PCN environment, the protection mechanism consists of a set of security controls between the office domain (L4) and the management execution layer (L3) of the plant. This service includes checking of firewalls, intrusion detection /prevention system, network access, proxy servers, top / root domain.
Backup and Restore- Loss or corruption
of data can have a catastrophic impact on your ability to meet business demands. The best defense is making regular backups and a proven and tested recovery strategy. A complete reinstallation of a PC / server can take up to two days, while a solid backup and restore mechanism can reduce this time to a few hours. Honeywell uses Backup and Restore software and configures the schedule of the backups (full backup and/or incremental backup) so that multiple backups are not executed at the same time to limit the impact of a backup on the overall performance of the PCN. Backups for non-standard servers on the PCN (like PHD, PCC, FDM) can be offered as a special service.
Faster Resolution
Proactive
Peace of Mind
Expertise
System Monitoring- System Monitoring
collects and diagnoses health and performance data as well as system logs to monitor the PCN infrastructure. The information is available for local use and to generate reports. When a critical threshold is reached or invalid state / abnormal condition is detected, the monitoring service will run extra diagnostic routines depending upon circumstances, to directly provide a better view to the root cause of a problem allowing more detailed alarming. Alarms are generated and transmitted (through SMS or email) to the customer or designate. The Honeywell Remote Service Center (RSC) also receives the alerts allowing Honeywell to provide instant remote support. Customers will automatically benefit from Honeywell’s continuous research of past business interruption situations. Optional health and performance reports provide historical information and analysis including recommendations for optimizing system performance. These reports provide a summary of the recorded activity for devices and overall system health status to determine if any steps should be taken for overall system improvement.
System Administration- System
administration tasks include checking system logs, managing login problems and disk space management. Honeywell utilizes tools to automate many of these routine inspections, normally handled manually by system administrators, creating benefits like 24/7 continuous checking and eliminating human error. System administration service also monitors the PCN for proper deployment of patches, virus protection definition files and backups. This will generate a To-Do list for the system administrators to execute when time allows. These actions are required to keep the system healthy and avoid unwanted business interruptions. This results in a conditional maintenance task instead of spending long hours on routine checklists. Honeywell remote system administrators will work the To-Do list and are available during office hours to support customers.
The system administration tools also provide automatic self-healing capabilities such as starting a backup routine or collecting the latest virus definition file. Automatic repairing needs to be agreed on up front with customers if allowed.
Application Hosting- Application
hosting is a service where applications used by customers run on computers within a secure Honeywell environment. The benefits of working within the Honeywell cloud include resolving the customer’s internal IT department concerns about running additional software within their own environment, managing software compatibility issues, managing small volume or specialized software, and eliminating the requirement for specific or additional server hardware. To access these applications from the site the customer only requires a standard web browser and appropriate authentication.
Process Related Remote Services
In addition to infrastructure related services, Honeywell provides process related remote services to improve the customer’s process performance. By collecting data at the site and analyzing it offline by Honeywell, these services provide valuable information and recommendations on how customers can optimize their process performance. These services are designed to improve regulatory and advanced process control, increase production yields and throughput, and lower energy consumption.
Loop Scout- This service actively monitors
For More Information
To learn more about Honeywell’s service programs, contact your Honeywell account manager, visit www.honeywell.com/ps select Services, Maintenance and Support, and Open Systems Services.
Automation & Control Solutions
Process Solutions Honeywell
1860 W. Rose Garden Lane Phoenix, AZ 85027 Tel: 800-822-7673 www.honeywell.com
Benefits Attainment Service–
This service is available to UOP process licensees for the purpose of monitoring and improving catalyst lifecycle performance while improving the effectiveness of technical support. Advanced process control monitoring services and regulatory loop management services provide comprehensive process unit performance management solutions.
Benefits Guardianship Maximum (BG Max)- This comprehensive
performance management service maximizes the lifecycle value of advanced process control applications by providing regular monitoring and analysis of Honeywell’s Profit Controller applications. BG Max services are designed to not only manage and sustain the performance of advanced process control applications but also include the identification and implementation of application improvements to increase user benefits. Key deliverables include monthly performance score cards, detailed controller analysis reports with control improvement annotations, and direct interaction with subject matter experts.
Remote Services Delivery
Remote Service Center
(RSC)-Honeywell has two global RSCs (Amsterdam and Houston) to support our customers worldwide. The RSCs back up each other and manage all remote connections between Honeywell and our customers. Data retrieved from customer sites is stored within the secure environment of the RSC and access is restricted to appropriately authenticated engineers.
Virtual Remote Service Center
(VRSC)-VRSCs have similar responsibilities as the RSC but are not connected directly to the customer site and have no data storage capabilities. The VRSC makes use of the RSC infrastructure in a fully transparent mode. Access restrictions are set to ensure the VRSC can only work within the boundaries set by the RSC. VRSC capabilities are also available for those customers requiring the same level of access/reporting functionality.
Security Aspects
A process control system failure or unauthorized access has the potential to cause significant plant damage or safety risks. As both a process control user and supplier, Honeywell uniquely understands this challenge and therefore employs industry best practices to ensure a highly secure connection and protection of data for both ourselves and our customers. The main security measures are: • Two factor authentication to the RSC
and secure data communication using encrypted VPN tunnels
• Overall architectural setup to prevent malware propagation from a user’s computer into the process control network • Authorization from site required to allow
access to any device on the PCN • Full audit trail by logging all actions
Information Security
Confidentiality, integrity and availability are the core principles of information security. Within process control systems, data and control must be accessible when needed (availability), should not be modified without authorization (integrity) and should not be disclosed to unauthorized individuals or
systems (confidentiality). Remote services have the following controls in place to lower the risk of security breaches: • 24/7 remote services means high
availability of service delivery; including remote availability of Honeywell support personnel
• Secure authentication, authorization and traffic by utilization of encrypted data communication
• Plant personnel in charge of access control and remote activities • Non-disclosure agreement between
Honeywell and employees
Benefits of Using Remote Connectivity
• Access data and results anytime and anywhere
• Immediate detection of failures and performance anomalies
• Engage the right expertise at the right time (avoid waiting for travel or visa) • Improve troubleshooting with advanced
diagnostics
• Automated collection of system data for troubleshooting purposes • Receive prioritized notifications to
proactively avoid issues
• Reduce project / commissioning support cost
• Improve safety (reduce physical time on-site or access to safety critical locations)
Assessments and Consultancy Services
Honeywell provides additional services to help customers manage their open systems. These include assessments of network, security, risk and readiness, wireless and backup and restore. Consultancy services are available to support design /redesign of the process control network.
BR-10-08-ENG August 2010
