Remote Services in a Nutshell¶
Remote Services provides the following set of key features and business values
- Secure transmission of IP-based protocols and streams used by customers' apps
- Forward network access for apps, tools, data intelligence or IT services in Service Networks connecting to many Device Networks
- Reverse network access for apps in Device Networks connecting to apps, data stores, data intelligence or IT services hosted in many Service Networks
- Customer sets up Fine-Grained Access Control for users and devices
- Tunnels provide protocol encryption and typically require minium network configuration
- Downloadable software endpoints for Windows (R) and Linux (C) terminate tunnels and may be used to upgrade devices such as Edge Devices to become access gateways
- IPsec routers may be used as hardware gateways in Device Networks - please contact your Sales representative
- RS administrative functionalities comprise supervision such as audit log or reports
- Easy-to-use User Interface alleviates everyday use with a workflow-driven design
Since RS is a genuine Siemens cloud app it benefits from further Siemens-provided advantages
- RS is an out-of-the-box service used in your existing Siemens cloud tenant
- RS is a managed auto-updated app, which frees you from updates or patches and which scales on Siemens cloud
- RS integrates with other Siemens cloud apps and solutions providing additional business value
- RS pricing is transparent and competitive
- Siemens cloud @ Siemens DI development is certified per IEC62443-4-1
- Siemens cloud @ Siemens DI operation is certified per ISO27001
- Siemens cloud @ Siemens DI is also certified for TISAX (automotive) and CSA
Structure of User Documentation¶
This user documentation is structured such, that it outlines common basics and paradigms first. Upcoming chapters show how to setup RS-specific mechanisms, which are then used for creating first connections. Next, additional advanced connection mechanims are shown. Information for troubleshooting and expert use are comprised as well.
| Chapter | Content |
|---|---|
| Concepts Used | Introduction of the paradigms and concepts underlying Remote Services. Start here to learn about network-2-network access modes, their setup, device-specific protocol definitions, as well as access control mechanisms including user roles. |
| Sample Setup | Outlines the RS sample user roles and sample devices, which will be configured and used throughout this documentation. |
| Product Structure | Commercial package and the different ways for procuring it. Describes assignment of mandatory RS-specific user roles to users of the Siemens cloud tenant to which RS was added. |
| Setup Users and Access | Based on the previous sections, this chapter shows how to assign rights to users and how to register Devices. |
| Basic Connections | Download tunnel endpoints and create first remote login connections to Devices residing in a primary Device Network. |
| File Transfer | Leverage RS UI to transfer files such as data or software packages to or from remote Devices in primary Device Networks. |
| Advanced Connections | Configure devices in primary Device Networks as gateways and leverage these to connect to devices in secondary Device Networks. |
| Engineering Connections | Find out how to setup dedicated forward connections from Service Networks to Device Networks using streams or for accessing PLC web servers or for doing remote engineering or commissioning with Siemens TIA Portal. |
| Data & Server Connections | Setup reverse connections originating on Devices residing in a Device Network reaching out to IT-services or data intelligence residing in your Service Networks. |
| Monitoring & Supervision | Check out what was going on by accessing audit log or more app-function-specific system log as well as billing-related information*. |
| Troubleshooting | Straighten out issues using hints for resolving general setup issues, access-control related shortcomings, or shortcomings with network setup. |
| Appendix for Experts | Find out how to configure firewall, proxy and DNS or link RS devices to assets used in other Siemens cloud apps. After an overview on capabilities of released RS tunnel endpoints and how to update endpoints from remote, additional information for using endpoints as Operating System services or containers as well as Industrial Edge Apps is given as well. |
| Optional Capabilities | Selected RS functionality described in here is not available anymore, since it was used only on rare occasions. Please contact your sales representative or product manager. |
| Glossary | Quick access to acronyms plus quick links to definitions of terms used in this documentation. |
Getting Started with Remote Services¶
This section gives a brief orientation on the steps needed in order to get started with RS.
Note
The below actions may require different RS user roles, which are described in section concepts used in RS. Users, who have multiple user roles assigned, may easily switch to other roles (top right corner of UI).
| Step | Action for Getting Connected | see section |
|---|---|---|
| 1. | Add RS to your tenant | Product structure and procurement |
| 2. | Add RS cloud resources to your add-on for scaling purposes | Product structure and procurement |
| 3. | Assign users with RS-specific roles and rights | Setting things up - users and access |
| 4. | Create an adminstrative tree structure with sub-organizations and Sites | Setting things up - users and access |
| 5. | Create a catalog of Protocol Application templates defining Device-specific access protocols | Basic connections |
| 6. | Onboard Devices to organizational Sites and download RS Endpoints to your service access system (e.g. a technician's PC) and to Devices in primary Device Networks | Basic connections |
| 7. | Assign Protocol Applications to Devices and establish connections to them | Basic connections |
| 8. | Activate optional permission mechanism for Protocol Applications to enforce approval of connection requests | Basic connections |
| Step | Optional Actions for Additional Use Cases | see section |
|---|---|---|
| 1. | Onboard Devices in secondary Device Networks | Advanced connections |
| 2. | Leverage custom protocols & streams for connecting to Devices | Engineering connections: use of custom apps and protocols |
| 3. | Setup remote engineering and commissioning with Siemens TIA portal | Engineering connections: use of custom apps and protocols |
| 4. | Reverse connectivity enables Devices to access apps and data in Service Networks | Data & Server connections: reverse access to other network |
| Step | Support or Operational Action | see section |
|---|---|---|
| a. | Monitor, supervise or audit the system | Monitoring |
| b. | Leverage RS Endpoints on operating system level or on Industrial Edge Devices | Appendix for Experts |
| c. | Network setup with firewalls and proxies | Appendix for Experts |
| d. | Overview on tunnel endpoint capabilities and their upgrade | Appendix for Experts |
| e. | Hints for overcoming hurdles | Troubleshooting |
| f. | Acronyms and some cross-references | Glossary |
Last update: June 20, 2023