Questions & answers

The crucial difference is that zedas®secure combines security on all relevant levels in one solution and thus provides effective and profound defence. In zedas®secure’s comprehensive security concept, end devices and operating and application software are also included, such as network security and operational organisation. Computers and software used to access the system are located in the company itself and no longer external. The remote maintenance computers are only turned on when they are required. All external workers only gain access to monitor output, keyboard and mouse via Remote Desktop Protocol. On the secured desktop, there are only programme connections which have been explicitly unlocked for the current service use. The use of zedas®secure by responsible production employees is simple. In addition, zedas®secure makes available a series of central services such as virus protection, back-up storage, central printers, operating system updates, secure access within the organisation, system-wide and secure. In a nutshell, with zedas®secure, the functional and IT security technical requirements for a digitised production are completely fulfilled. Customers also benefit from the wealth of experience of employees of a company which has been working for over 15 years on the topic of: “IT security in production”.

Yes! The customer requirements determine the design and configuration of zedas®secure.

Not just source IP and target IP addressed and ports used are monitored, but also permitted URLs in the browser. In addition, programmes, plug-ins and similar which are reloaded by an application must be explicitly permitted.

Yes! The observe function allows authorised users to reflect current remote maintenance sessions on permitted systems.

When starting the remote maintenance computer, the virus protection is checked and, if applicable, updated before the computer can be used. In addition, zedas®secure also monitors the time period in which the virtual remote maintenance computer was not started up. After more than 72 hours (can be configured differently), at a previously defined time, the remote maintenance computer starts up automatically and updates the virus protection. Of course, the computer is also shut down again automatically afterwards.

Yes! The virus protection solution in zedas®secure sores the 40 (can be configured differently!) last anti-virus pattern data. After selecting the pattern status approved by the system manufacturer, the roll-out for the selected system is offered and carried out on all systems in the plant after manual, administrative approval.

Yes! With Network Access Control, previously registered notebooks can be connected to defined and access-protected network entries (config. rooms). You gain access to the virtual remote maintenance computer of your company on site and work according to the same procedures as with remote maintenance. The aim of zedas®secure is to avoid direct access to the system with third-party hardware.

Not really! To use the zedas®secure remote service, only a HTML5-compatible browser is required. The VPN is encrypted with SSL. The exchange of data takes place via encrypted File Transfer Protocol (secure FTP). The browser and sFTP client can be integrated simply into the IT infrastructures of external service providers. Practical experience shows that a solution is always found. The crucial question is whether the owner of the system would like to retain digital sovereignty over this. This is possible with zedas®secure!

Yes! Costs can be cut, not only with remote service. Operational management, testing, maintenance, use, administration and auditing of a central solution allow you to save costs as a colourful zoo of various solutions. And this with an equally high security level for all systems.

Yes! The technical basis of zedas®secure offers all possibilities of an implementation with high availability. The virtualisation of servers, storage and networks in zedas®secure in particular uses the available market standards.

Yes! In zedas®secure, the operational organisation of the approval of remote service accesses can be implemented centrally, decentrally or as a combination of central and decentral approval in the dual control principle. A variant of decentral approval is the key switches in the system.

As the recording of the remote maintenance request is required to start a virtual remote maintenance computer, the technically recorded processes (starting up and shutting down of the computer) can easily be linked with the manually recorded information in zedas®secure. This is saved and stored in a protocol app for viewing. The app also gives you the option of selecting and exporting access data in a CSV file.

With zedas®secure, an overlay network can be set up over the various production systems. We call this a production data network (PDN). This is divided into security zones using firewalling and ensures communication between different systems. In addition, the zedas®secure central services can also be used in the systems in this way. As well as the production systems, zedas®secure has network connections to the company network (own employees) and to the internet (external service providers). This is the digital gatekeeper for your production and makes all necessary interface services centrally available.

In the zedas®secure integrated monitoring system, hundreds of parameters are monitored on a hardware, network and software level. To forward information, for example on recognised security incidents to control station systems, there is a function aside from the usual mail, SMS warning, which automation technicians in particular enjoy. Six digital IO outputs each signal the status to a group notification. The allocation of individual monitoring parameters for group notifications can be configured freely.

Yes! An sFTP server in zedas®secure allows a bidirectional exchange of data. This can be achieved from the internet and takes place in a zedas®secure demilitarised firewall zone. Controlled synchronisation, including virus scans, with an integrated file service means that the target or source systems in the production plant do not require direct access to this sFTP server and can also not be reached from this.

Please take a look at our glossary! There we have attempted to explain important concepts as simply and as understandably as possible. If you don’t find your answer(s) there, please let us know. We’d be happy to then add to our glossary!