Skip to content

MindSphere Remote Services in a Nutshell

Remote Services provides the following set of key features and business values
1. Secure transmission of IP-based protocols and streams used by customers' apps
2. Forward network access for apps in Service Networks connecting to many Device Networks
3. Reverse network access for apps in Device Networks connecting to many Service Networks or MindSphere
4. Customer sets up Fine-Grained Access Control for users and devices
5. Tunnels provide protocol encryption and typically require minium network configuration
6. Downloadable software endpoints for Windows (R) and Linux (C) terminate tunnels and may be used to upgrade devices such as Edge Devices to become access gateways
7. IPsec routers may be used as hardware gateways in Device Networks
8. MRS administrative functionalities comprise supervision such as audit log or reports
9. Easy-to-use User Interface alleviates everyday use with a workflow-driven design

Key Features of Remote Services

Since MRS is a genuine MindSphere app and benefits from further MindSphere advantages
1. MRS is an out-of-the-box service used in your existing MindSphere tenant
2. MRS is a managed auto-updated app, which frees you from updates or patches and which scales on MindSphere cloud
3. MRS integrates with other MindSphere apps and solutions providing additional business value
4. MRS pricing is transparent and competitive
5. MindSphere development is certified per IEC62443-4-1
6. MindSphere operation is certified per ISO27001
7. MindSphere is also certified for TISAX (automotive) and CSA



Structure of User Documentation

This user documentation is structured such, that it outlines common basics and paradigms first. Upcoming chapters show how to setup MRS-specific mechanisms, which are then used for creating first connections. Next, additional advanced connection mechanims are shown. Information for troubleshooting and expert use are comprised as well.

Chapter Content
Concepts Used Introduction of the paradigms and concepts underlying Remote Services. Start here to learn about network-2-network access modes, their setup, device-specific protocol definitions, as well as access control mechanisms including user roles.
Sample Setup Outlines the MRS sample user roles and sample devices, which will be configured and used throughout this documentation.
Product Structure Commercial packages and the different ways for procuring them. Describes assignment of mandatory MRS-specific user roles to users of the MindSphere tenant to which MRS was added.
Setup Users and Access Based on the previous sections, this chapter shows how to assign rights to users and how to register Devices.
Connect Download tunnel endpoints and create first remote login connections to Devices residing in a primary Device Network.
File Transfer Leverage MRS UI to transfer files such as data or software packages to or from remote Devices in primary Device Networks.
Advanced Connections Configure devices in primary Device Networks as gateways and leverage these to connect to devices in secondary Device Networks.
Engineering Option Find out how to setup dedicated forward connections from Service Networks to Device Networks using streams or for accessing PLC web servers or for doing remote engineering or commissioning.
Data & Server Option Generic Setup reverse connections originating on Devices residing in a Device Network reaching out to IT-services or data intelligence residing in your Service Networks.
Data & Server Option MindSphere Setup connections between Devices residing in a Device Network and data intelligence apps residing on MindSphere.
Supervising the System Check out what was going on by accessing audit log or more app-function-specific system log as well as billing-related information*.
Troubleshooting Straighten out issues using hints for resolving general setup issues, access-control related shortcomings, shortcomings with network setup or IPsec router configuration.
Appendix for Experts Find out how to configure firewall, proxy and DNS or link MRS devices to assets used in other MindSphere apps. After an overview on capabilities of released MRS tunnel endpoints and how to update endpoints from remote, additional information for using endpoints as Operating System services or containers as well as Industrial Edge Apps is given as well.
Glossary Quick access to acronyms plus quick links to definitions of terms used in this documentation.


Getting started with Remote Services

This section gives a brief orientation on the steps needed in order to get started with MRS.

Note: below actions may require different MRS user roles, which are described in section concepts used in MRS. User, who have multiple user roles assigned, may easily switch to other roles (top right corner of UI).

Step Action for Getting Connected see section
1. Add MRS to your tenant Product structure and procurement
2. Add needed MRS capabilities and resources Product structure and procurement
3. Assign users with MRS-specific roles and rights Setting things up - users and access
4. Create an adminstrative tree structure with sub-organizations and Sites Setting things up - users and access
5. Create a catalog of Protocol Application templates defining Device-specific access protocols Getting connected
6. Onboard Devices to organizational Sites and download MRS Endpoints to your service access system (e.g. a technician's PC) and to Devices (if these are not connected via registered routers) Getting connected
7. Assign Protocol Applications to Devices and establish connections to them Getting connected
8. Activate optional permission mechanism for Protocol Applications to enforce approval of connection requests Getting connected
Step Optional Action for Additional Use Cases see section
1. Onboard Devices in secondary Device Networks Advanced connections
2. Leverage IPsec hardware routers for brownfield connectivity Advanced connections
3. Leverage custom protocols & streams for connecting to Devices Engineering Option: use of custom apps and protocols
4. Setup remote engineering and commissioning with Siemens TIA portal Engineering Option: use of custom apps and protocols
5. Reverse connectivity enables Devices to access apps and data in Service Networks Data & Server Option: reverse access to other network
Step Support or Operational Action see section
a. Supervise or audit the system Supervising the system
b. Leverage MRS Endpoints on operating system level or on Edge Devices Appendix for Experts
c. Network setup with firewalls and proxies Appendix for Experts
d. Hints for overcoming hurdles Troubleshooting
e. Acronyms and some cross-references Glossary

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.


Last update: January 5, 2023