Remote Maintenance Solution genubox: Secure and Convenient Remote Maintenance
As a manufacturer or service provider you want to offer your customers convenient monitoring and remote maintenance services for their plants or IT systems? Or are you on the other side, using several remote maintenance services as a system operator and must allow those services to access your network?
These key requirements apply in both cases: The remote maintenance solution should guarantee reliable IT security, record all service activities in accordance with auditing requirements, offer flexible integration in different environments and be easy to use.
Top Highlights
Your Benefits at a Glance
- Remote access, VPN and firewalling in one solution
- Can be centrally administrated with full control at all times of maintenance action, access time, target and accessing instance
- High level of operational security thanks to internal confirmation of the establishment of the connection, e.g. via Windows app or key switch
- Greater operational security; establishment of connections always confirmed from within
- Simple and uniform operation of a number of services and integration of third-party solutions possible
- Virus/malware protection through data checking using external virus scanners via ICAP interface
- Compliant with the NIST recommendation (National Institute of Standards and Technology/USA)
- Compliant with the basic protection requirements up to high security level by meeting the tightened rules of the German IT-Grundschutz Kompendium 2022
- Security level can be adapted, "open" and continuous access up to full control
- Sophisticated corporate-ready rights and role system for up to 100 remote maintenance providers worldwide
- Maximum security and control through port-specific access to the target system, which is isolated from the rest of the system, as well as rendezvous point in the DMZ or in the cloud
- Video recording function and logging
- Supports concepts for Zero Trust network protection
- The infrastructure components of the solution are available as hardware and virtualized appliances (e.g. for operation in Azure); service box hardware is also available as an industrial variant with a suitable temperature range and form factor as well as convenience features such as key switches
- Advanced update mechanism protects against attacks with quantum computers
secure remote maintenance
Remote Maintenance with genubox
genubox can provide you with extremely secure remote maintenance access just about anywhere.
As a rugged appliance, genubox can be installed, for example, on industrial robots, wind turbines or simply in server rooms – all locations where manufacturers or service providers monitor and provide support by remote access. genubox ensures security in the event that maintenance should be required: It establishes an encrypted connection for data transfer and uses its firewall function to restrict external access exclusively to the system being maintained – as a result, other sensitive areas of the operator's network cannot be accessed via the maintenance access. In conclusion, genubox is the comprehensive solution for industrial plant security.
Secure Maintenance Access to Sensitive Networks
Companies with a larger number of machines on the one hand, and providers of remote maintenance on the other, are faced with the need to set up a constantly increasing number of remote maintenance connections. One must bear in mind here that the machines are usually integrated in local area networks (LANs). If unauthorized persons or malicious code manages to penetrate into the LAN via this maintenance access, there can be serious consequences – not least of all for the relationship between the remote maintenance provider and the customer. A remote maintenance solution must be used here that ensures a high level of security. Other requirements on remote maintenance solutions include convenient operation and administration as well as simple integration.
Rendezvouz-Server
Secure solution: Rendezvous Server for Linking the Connections
genua offers a remote maintenance solution that meets high reuqirements: high level of security, convenient operation and administration as well as simple integration.
Our concept: One way access by the remote maintenance service into customer networks is not permitted. Instead, all maintenance connections run through a rendezvous server. This can, for example, be located as an appliance at the service provider or at the customer in a demilitarized zone (DMZ) or virtualized in the cloud.
Both the maintenance provider and the system operator connect to this server at an agreed upon time. A direct maintenance connection is created only once the rendezvous has been established on the server. Via this connection, the remote maintenance provider can now access the machine plant or the IT system in the customer network. The rendezvous solution thereby ensures that system operators retains full control of maintenance access in their networks.
The ability to connect a virus scanner to the rendezvous server allows the data sent by the remote service provider to be checked for malicious code. This option offers additional protection against attacks and ensures plant availability.
Comprehensive Overview, Control, and Traceability
genubox has an interface to SIEM systems (Security Information and Event Management) for the central recording of all security-related information from the remote maintenance solution. You can use this to intelligently link these to messages from other systems and services in your enterprise network and trace attempted attacks that remain undetected when only looking at individual systems.
The four-eyes principle applies during maintenance access: System operators can follow all actions of the maintenance services live via the user interface. Subsequent traceability is also ensured – video recordings enable audit-optimized documentation of all maintenance work.
In this way, system operators always have external access under control and can retrospectively determine who did what in their network and when. If critical incidents should occur, causes, responsibilities and, if necessary, claims for recourse can be clarified with this comprehensive documentation.
Privileged Access Management (PAM)
genubox combines the advantages of secure remote maintenance with the protection functions of a Privileged Access Management solution. Access to critical resources is monitored and unauthorized actions on the network are prevented. The advantages of the Privileged Access Management in detail:
Granular access control: genubox offers precise control – only authorized remote maintenance providers can access specific systems.
Complete session control and logging: genubox monitors who accesses which systems and when. Sessions can be recorded in an audit-optimized manner, archived and, if necessary, traced back to identify suspicious activities.
Secure access methods: The genua remote maintenance solution includes a rendezvous server, which, as a central security component, offers the plant operator complete control over the maintenance process at all times.
No network access: Authorized remote maintenance providers access the affected application directly without gaining access to the network. This significantly reduces the risk of distributing malware or security gaps into the plant operator's network.
Zero-Trust Networking
Support of Zero Trust Concepts
With Zero-Trust networking, trust in the security of the entire network is replaced by trust in the security of specific communication endpoints, i. e. devices, services, and applications.
A compromise of individual endpoints is thus limited to the permitted communication relationships and no longer endangers the entire network. This approach gives the operator back control of his systems and proactively reduces the attack surface.
The remote maintenance solution from genua supports Zero Trust concepts. In this context, the rendezvous server takes on the role of the software-defined perimeter and allows authenticated external users to access only specific services. This is where the target system connects from the inside. The service provider, in turn, also establishes encrypted communication with this perimeter. After successful authentication, access is only granted to specifically required services, e.g. on the desktop of the machine to be maintained, the terminal or on selected ports.
This is done according to the principle of least privilege: only the desired protocol of the software determines the connection, all other applications or even both networks are not linked.
An interface to identity and access management systems enables the remote maintenance solution to be flexibly connected to a central user and rights management system. genubox supports Keycloak, Microsoft Active Directory, Microsoft Entra ID (formerly Azure Active Directory), OKTA, and RADIUS (Remote Authentication Dial-In User Service).
Flexibility & Efficiency
Flexibility and Efficiency through Virtualization
Both the rendezvous server and the service box are not only available as an appliance in different hardware variants, but also as a virtualized solution.
The secure remote maintenance solution is fully virtualized or can be used flexibly in mixed operation, e.g. in private and public clouds such as Azure as well as on special industrial hardware in production environments. In addition, the most common hypervisors are supported. genubox Virtual offers particularly easy commissioning through efficient shipping, deployment, and central management of all instances. The software application is compatible with the genuview access and storage management solution – for audit-optimized management and archiving of remote session recordings.
User-Friendly Operation with Windows App, Web Browser, and Central Management
The service employee initiates the maintenance connection via a user-friendly Windows app, which does not require administrator rights, or flexibly in a standard web browser. If the system operator now also establishes his part of the maintenance connection to the rendezvous server, the service can directly access the maintained target system.
The remote maintenance solution is administrated via a central management station. This is also suitable for operating larger installations with many maintenance connections, making it easy to operate a uniform solution over which all remote maintenance solutions run.
genuview's user interface simplifies the overview, administration and archiving of the recordings. In addition, genuview can easily be scaled to handle large quantities of data and many permanent connections.
The genuview access- and storage-management solution is connected directly to the remote maintenance solution. The service boxes on the target systems transfer the data of the video recordings to external genuview servers, e.g., on a customer server, where it is stored and archived.
This ensures that only authorized users are granted access to the server and that data communication can be neither intercepted nor tampered with.
For the system being managed in the customer’s network, just one genubox needs to be installed. The compact appliance serves as a remote peer for the encrypted connection and, with its integrated firewall, shields the managed system from the remainder of the customer’s network should servicing be required. The connection thus leads only to the maintenance object; other systems in the customer network cannot be accessed. These measures guarantee a very high level of security.
For the maintained system, genubox must be installed as remote peer. To ensure that no work arises here for the operator, the preconfigured solution simply needs to be connected to the network. Because firewalls generally permit outgoing connections, the rendezvous server can now be accessed from the network – and with that the remote maintenance solution is set up.
Fast commissioning in maintenance cycles, security updates, central administration, and mass configuration ensure efficiency.
Our sales team will be glad to answer your questions. We are looking forward to get in touch with you.