Various software solutions are already known for the operation, monitoring and/or configuration of an automation system of a technical plant, e.g. of an industrial production plant, a power plant, a freight transport and distribution system or buildings technology in a large building. Examples of well known software solutions are the operating and monitoring software marketed by the applicant under the name “WinCC” and the planning and/or configuration software marketed under the name “Step 7”. These software solutions which can be run on a PC are installed for instance on an engineering station (i.e. a PC station for planning the automation system), which is connected to a non-public internal data network (e.g. an industrial Ethernet) of the plant, to which the automation system of the technical plant is also connected. The engineering station in this way comprises a first network address for communication with the network, said network address being addressable by the operating and monitoring software and/or the configuration software for data transfer to the automation system by way of the network. The integrity of the network and the restricted group of employees who have access to the network ensures high IT security and safety.
With the aid of these software solutions, remote services such as for instance remote support, remote control and remote preventive maintenance can also be implemented for the automation system and the plant controlled thereby by way of a public and therefore unsecured network like for instance the Internet. The facility for operating, monitoring and/or configuring the automation system is then remote from the plant. In the event of remote access to the automation system of the plant, the IT security and the safety of the plant must nevertheless be ensured.
In a first known option, the operating and monitoring software and/or the configuration software is installed on the remote facility and the remote link to the automation system is realized with dedicated modem links and layer-2 bridging links. This solution is, as measured by current requirements for IT security and safety, becoming outdated, particularly in the industrial field.
A further option includes the operating and monitoring software and/or the configuration software being installed on a PC station in the plant, for instance an engineering station, which is disposed in the same internal non-public data network as the automation system and in the facility remote from the plant remotely controlling the PC station and the software installed thereupon by means of a terminal session. The remote facility is in this way connected to the PC station by way of the public network by means of an encrypted point-to-point link (e.g. a VPN tunnel). The security in this method is ensured by the integrity of the non-public internal data network and the encrypted point-to-point link. However, this is often associated with additional costs for terminal session programs. Furthermore, PCs are not available in all areas of an automation system.
In order to establish temporarily secure links in a flexible fashion from different locations remote from a plant via a public network like the Internet to an automation system of a technical plant, central and secure communication platforms are already known, like for instance a platform with the name “cRSP” (Common Remote Service Platform) of the applicant. Contrary to simple point-to-point links, such a platform from each Internet terminal enables a secure link to be established with an automation system.