Remote Services: Overview¶
Remote Services (RS) is a Xclerator cloud-based product enabling secure network-to-network access. It provides secure connection of customer-owned apps (with authorized access) in one network to apps or data residing in other networks with Fine-Grained Access Control.
These customer-owned apps may use their own specific IP-based protocols (e.g. for communication, data transfer, streaming, login, browsing or messaging) for such access. MRS will route these protocols from one network to another via tunnels, which is a common technology used for encrypting protocols. So both unencrypted and encrypted protocols will benefit from this additional layer of security, which may be mandatory for certain use cases or industry.
Such network-to-network access is further protected by modern Fine-Grained Access Control (FGAC) mechanisms which defines which users can access which devices via which protocols in which targeted device networks. Administration of FGAC is much easier than using VPNs, which rely on network segmentation and IP address space sharing. FGAC offers access control not on the coarse-grained level of IP addresses, but down to the level of users, their roles, used communication protocols and to-be-accessed individual devices.
Remote Services support different kinds of network-to-network access use cases as outlined below.
Apps residing either in a Service Network or on other platform perform a forward access to apps or data residing on devices in a Device Network, for instance:
- Remote login to a device for purpose of incident handling, software maintenance or log diagnostics
- Remote commissioning or improvement of a controller's business logic
- Access to a factory floor camera
- Access to field data for diagnostic purposes
Apps residing on a device in a Device Network perform a reverse access to apps or data residing in a Service Network or on MindSphere, for instance:
- Send notifications to IT services such as ticketing or ordering or MES systems
- Work with data in a Corporate store
- Ingest data to data stores
Remote Services support Data & Server Connections which provide a significantly more versatile use of tunnel-based network-to-network access under Fine-Grained Access Control, so that Device may use reverse access and reach out to IT services or data intelligence. For details please see section Data & Server Connections.
We recommend you to take a moment to become familiar with the following terms in order to ease your understanding and help you to effectively work with Remote Services. The following terms were changed throughout the user documentation:
- Service Network - former Operator Network
- Device Network - former Machine Operator Network
- Service Endpoint - former Operator Client
- Device Endpoint - former Device Client
- Service Device - former Service Asset
Suggested Reading: section RS in a Nutshell gives a brief overview on the technical structure of Remote Services to simplify their setup and usage. It also suggests steps for getting started and for using more advanced capabilities. Furthermore, it provides links to setup topics or issue resolution.