• Overview
• Enterprise Connectivity
• Defense in Depth
• Features
• Request Demo

To create a secure network interface to a factory LAN, ILS Technology deploys a combination of both hardware and software that provides a "defense-in-depth" approach toward protecting access to corporate assets. ILS Technology's ServiceNet is a proprietary network hub that uses state of the art VPN device technologies to minimize intrusion risks and maximize transmission speeds while running over your existing internet service. These hubs are placed inside secured network facilities strategically located in North America, Europe, and Asia Pacific.

ServiceNET

The first step in creating a secured network is to limit network access through hardware controls such as creating a site-to-site Virtual Private Networks (VPN) and isolating cross-connects by using firewalls. ServiceNet creates a cost effective, private internet connection between a manufacturer and remote users using a "connect once, access many" architecture. ServiceNet is a series of turbo-charged linked hubs located throughout the globe to ensure high performance connections worldwide. Rather than installing multiple VPN devices within a manufacturing plant or equipment supplier's support center, ServiceNet permits each constituent to create a single VPN tunnel that terminates in an isolated, global network hub. When a remote user client initiates a connection to the eCentre server, a virtual VPN is created through the ServiceNet hub, securing the connection between the client and the server.

Secure Connectivity

Users (internal or external to the factory) that wish to access equipment on a factory LAN must first be logged onto their respective corporate intranet. The external users' corporate intranet site, in turn, is connected to a VPN device that terminates in a VPN device located within a ServiceNet hub. Once the user is connected to the corporate intranet an SSL connection, within the IPsec VPN, is established between the user and the eCentre server. Approved corporate intranet connections can then be programmed into the ServiceNet VPN to establish multiple secured tunnels between multiple factories and external users (suppliers, JV partners, other corporate sites). ILS Technology connects manufacturer and supplier sites to each other once pre-approved in writing by each party. When the network connections have been established, pre-shared keys or certificates are passed between the connecting parties, permitting a valid IPSec connection between the two.

Users that are connected to their corporate intranet site may now initiate a request for the eCentre client. Using a standard Internet browser, the user is directed to an eCentre Customer URL where they are presented a list of customer sites to which they may have access based on their user ID. Once connected to a site, the eCentre client verifies that they are running the appropriate version client for that site, followed by a request to log in. The eCentre server authenticates the user against a user ID and password stored in a central LDAP. Other forms of authentication, such as SecurID tokens may also be used. Associated with the user's ID are their team enrollment, the sessions available to their team, and the privileges allowed within a session. An eCentre session is defined as a collaboration between multiple users (team members) and a defined set of equipment connected to the factory LAN. The eCentre administrator can pre-define the sessions, enable or disable them from being accessed by users, and set the users' capabilities in a given session. The administrator can delegate this authority so that equipment owners can create and maintain their own users. Administrators are able to modify sessions on the fly, without having to reboot the eCentre application or otherwise interrupt active sessions.

Granular Security

Once a team member has joined an eCentre session, he or she will have specific access privileges to features including file transfer capabilities  (the user can upload a file to a tool computer), remote tool operation (the user can operate the tool computer in real time), and more.

In some cases, function approval must be given from a session participant located on the factory floor at the tool console. For example, uploading or downloading files may be disallowed by the eCentre administrator to prevent a possible interruption in production. Or in the case of a request for RTO, the equipment operator may disallow a remote user from taking over control of the equipment or even viewing the machine's console screen. This may be for safety reasons, production requirements, or to safeguard equipment information from being shared during a specific production run.