Architecture

Secure Gateway acts as a gateway between users in remote locations and Plant SCADA clients running in a control network. The server component can be installed in a DMZ to route traffic between an external business network and an internal HMI SCADA network.

Important: Using the Secure Gateway to connect to your SCADA system from an external network may expose your SCADA system to unauthorized access. It is recommended that you use the Secure Gateway in conjunction with other measures to improve the overall protection for your system.

The Access Anywhere Secure Gateway comprises of two installed components:

• Secure Gateway Server — provides encrypted access to the Plant SCADA Access Anywhere Server

• Authentication Server — performs authentication services for Plant SCADA Access Anywhere.

These components can be installed on separate computers if required. If your Secure Gateway Server is going to be exposed to computers outside your SCADA domain network, it is recommended that the Authentication Server be installed separately within the SCADA domain network.

The following diagram illustrates how a Secure Gateway Server provides remote access to Plant SCADA clients.

Web traffic from an external business network is tunneled through an SSL-based Secure Gateway connection. User authentication occurs on the Authentication Server within the operations network.