Satisfied Customers from Remote Maintenance Service – KASTO Maschinenbau
Their teeth cut through the hardest steel: KASTO metal saws cut steel girders with rapid, precise cuts; aluminium blocks and sheet steel are cut exactly to shape at high speed. The raw materials – which can weigh tons – are fed to the saws directly from fully automatic storage systems. The KASTO Maschinenbau company, based in Achern in Baden-Wuerttemberg, Germany, is specialized in the sawing and storage of metal – from compact systems for small businesses up to full automatics with integrated storage systems – and is the world-wide market leader with over 140,000 customer installations. When customers purchase a powerful sawing machine or a custom storage system they expect rapid service from the manufacturer at all times in order to guarantee problem-free operation. KASTO, which is a mid-sized engineering company with 700 employees, provides this service world-wide – using remote maintenance access via the Internet. This remote maintenance solution allows regular monitoring, quick reaction times and often removes the need for a technician to be deployed on-site. In addition, the solution implemented meets two other important requirements: it is simple to administer and ensures the security of KASTO’s customers’ IT.
KASTO produces their sawing machines and storage systems in Germany; the world-wide distribution takes place through foreign subsidiaries. The circle closes once again at the headquarters in Achern, where the customer service for the installed systems is based. Customer queries are taken on and processed by support staff in the central service center. During this procedure customers can choose between three service levels: from a normal maintenance contract over extended support with shortened reaction times – eventually outside normal hours of business – up to "teleservice" with remote maintenance access via the Internet. "With the teleservice, our specialists access the machine control systems by remote access and look for the problem. This can then be resolved immediately in 80 percent of all incidents. And our customers value this quick and cost-effective service without the deployment of a technician on site", explained Josef Schneider, Head of Service at KASTO.
KASTO implemented their first remote maintenance connections between their service center and customers’ machines using analogue modems or ISDN, data transfer was encrypted with various VPN (Virtual Private Network) appliances from a number of manufacturers. This led to a conglomerate of different solutions that were time-consuming to operate and administer. The frequency with which errors occurred increased with the complexity and the connections used were slow and expensive. This situation motivated KASTO to introduce a standard solution for the remote maintenance. The central requirements in the specification were:
- quicker and less expensive data transfer via the Internet
- reliable IT security for data transfer and access to customer networks
- simple operation and administration of a large number of connections
Tenders were then obtained from a number of manufacturers and evaluated and tested, with the final choice being the remote maintenance solution from genua. The company, which is based in Kirchheim near Munich in Germany, is a specialist in remote maintenance systems and high security firewalls. "The solution from genua met all the specified requirements and could acquire important additional plus points in the area of IT security. The company has many years of experience in this field and as KASTO has to access customers’ networks during remote maintenance, a high degree of security gives the customers the trust they require", explains Thomas Zeller, Managing Director of BWG Informationssysteme. BWG Informationssysteme has supported KASTO for more than 20 years with the implementation and security of their IT infrastructure.
The key to the selected solution is the Remote Service Appliance genubox. The system runs on compact, maintenance-free hardware and is installed at the end-points of the maintenance connection; i.e. one appliance at the machine being maintained and one as a central access point at the manufacturer’s service center. A connection via the Internet is then established between the appliance at the machine and the service center appliance. This connection is quick, inexpensive and uses encryption technology to ensure that data transmissions cannot be read by third parties.
Although the connection via the Internet is reliably protected, access to the customer’s network still touches the sensitive subject of IT security: the sawing machine and the automatic storage system themselves are integrated in the customer’s LAN and KASTO therefore is accessing this network to carry out the maintenance. Dogged resistance from those responsible for the customer’s IT security is to be expected here as every access to the LAN from outside brings with it the risk that it will be misused from malicious third parties.
The maintenance concept from genua, however, solves this problem as the direction in which the connection is made is reversed: i.e. all maintenance connections are initiated from the customer’s appliance via the Internet to the service center. It is only after these connections have been established that they can be used by KASTO in the other direction for maintenance access. Many customers leave connections established in this manner permanently open, others only open them for the time-frame in which the maintenance access is to take place. However, it is always the customer who initiates the connection, not KASTO. This is important as it is always easier for customers to know which outgoing connections are being established and therefore this approach is more secure than allowing external access to their network.
A further security feature of the genua solution is the encryption procedure used. Communication between the customer’s remote maintenance appliance and the appliance at KASTO uses SSH. In contrast to the widely used IPSec, that basically couples networks, SSH allows communication to be restricted to specific services. This means that with IPSec all computers in network A are generally able to communicate with all computers in network B. However, with SSH, data transfer can be restricted to taking place between the remote machine and the service center – communication with other computers in either network is not possible.
All maintenance steps carried out by the service provider are recorded by the genubox and clearly shown on the customer’s local GUI. This means that the customer knows at all times exactly when the teleservice has used the connection and which systems were worked on. "The security of our remote maintenance customers’ IT is not weakened and customers always have control over access. Even customers that have to follow very strict security policies accept this solution and allow us into their networks with the remote maintenance box", says Gerhard Lambertz, Software Developer at KASTO.
The genubox solution is comfortable for the maintenance specialists from KASTO to operate. They are able to use a standardized GUI to log in to the genubox before proceeding to the control systems of the sawing machines or storage systems. Operational data is then called up with a variety of tools, analysis carried out and errors corrected if required. The genuboxes also have to be administered. This is carried out using a central management server at KASTO, where the service staff are able to monitor the status of all customer genuboxes that are active. "The ease of operation and high security provided by this remote maintenance system enables us to offer a world-wide service that in turn makes a considerable contribution to the satisfaction of our customers", explains Josef Schneider, KASTO’s Head of Service.