Welotec Remote Access Portal -
Remote maintenance rethought
With the Welotec Remote Access Portal (RAP), we offer system operators and machine builders a new type of remote maintenance. In addition to highest security, the focus is on maximum convenience, two things that usually do not go well together. For this purpose we have developed a system that automates the entire configuration of the VPN infrastructure after initial setup. Users do not need any IT knowledge and can concentrate entirely on their core area. The days of manual routers and VPN configuration are finally over.
What can you use the Welotec RAP for?
- Remote maintenance
- Installation of patches, firmware updates, configuration, projects
- Predictive Maintenance
- Machine Learning
- Connection OPC UA Server
- Connection to Monitoring System
- Data acquisition
Further advantages of the portal
- System runs in the customer's infrastructure - thus guaranteeing data integrity
- System can also run in private networks
- You have complete control over your data and applications
- Connection to monitoring via simple VPN tunnel
- No Internet connection necessary
- Own CA (certificate authority) usable
Remote access with just one click
Automated certificate generation
Automated rollout of VPN configuration
Automated firewall rules
Structure of the Remote Access Portal
The Welotec RAP consists of different components that are all connected by the Welotec SMART EMS. The Welotec SMART EMS is the core component of the Welotec RAP and enables automated router configuration including VPN connectivity.
Further components of the Welotec RAP:
- Automated certificate generation and management via integrated Public Key Infrastructure (PKI)
- Provision of the secured VPN infrastructure via integrated firewall
- User interface for overview of VPN access points and end devices
- Industrial VPN Router of the TK500 or TK800 series
- Automated configuration: once set up, the system is scalable
- Zero-Touch Provisioning: Router get your configuration incl. certificates automatically
- Central administration of all routers possible
- Firmware and configuration rollout
- LTE or WAN connection usable (also available as pure WAN router)
1:1 NAT - connection to the end device and not only to the router
The Welotec RAP uses 1:1 NAT within the VPN connection and thus connects directly to the end device and not to the router. This eliminates the need for complex port mapping for configuration ports of connected devices.
The unique addressing by the 1:1 NAT also has advantages in series machine construction, where identically configured machines are often delivered. The components in the machines always have the same IP address, but an address conflict is avoided by the virtual address ranges.
Encrypted connection between user VPN endpoint with direct access to end devices
● Next Generation Encryption - Encryption according to current BSI standard
● End to end encryption
● Connection must be initiated by the user - Security by Default
● Data remains in customer infrastructure - Ensuring integrity and confidentiality
● Concept easily realizable in private networks
Zero Touch Provisioning
Mount the router, connect the antennas and supply the device with power - done!
Zero Touch Provisioning (ZTP) enables plug-&-play even in complex networks.
● Cost and time savings through automated processes
● Low personnel requirements and administrative expenditure
● No trained personnel required for commissioning or configuration on site
● High security level through centrally controlled configuration
● User administration with access control to device types
● Grouping by application / customer (sites)
● End-to-end connection guaranteed by separate VPN instances and firewall rules
● User structure with different correction levels
● Logging of all VPN accesses
Setup and Rollout
With the Welotec RAP you can simplify the setup and rollout of your network as well as its administration.
First, a VPN structure is set up and the Welotec RAP itself is installed. Then the templates for your infrastructure, i.e. for your terminals and routers, are defined.
After the import of electronic delivery notes, the automated certificate generation and assignment takes place. Then both the OpenVPN connections and the routers are automatically configured.