Secomea Remote Access - How can agents help you?

One of the specifications listed on Secomea SiteManagers is agents. Some models come fixed with 5, others fixed with 25 and certain models can be upgraded to 10, 25, 50, or 100 with a software upgrade. During model selection, it's important to understand what an agent is and what a given model supports in regards to them.

So what is an “agent,” and do you need them? How many do you need?

Agents are an enabler for several different things: 
  1. Agents enable you to specify exactly which device (by IP) and which service (HTTP, RDP, Modbus TCP, etc.) you want to allow remote access to via LinkManager. You can think of them as firewall rules. By default, once you begin defining agents, you effectively turn the firewall ON, allowing communication to NOTHING other than what you explicitly whitelist. Secomea has many pre-configured agents for popular vendors as well so you could easily whitelist Allen Bradley communications without needing to know which ports are required.
  2. Agents enable remote access to Ethernet devices previously not possible. For example, certain Siemens PLCs look for an 8ms handshake between the programming software and the controller to function. Obviously an 8ms handshake is very difficult to accomplish over the internet; however, Secomea’s Siemens agent not only identifies the ports required but also spoofs this handshake locally from the SiteManager to make remote access possible.
  3. Agents enable secure mobile (iOS, Android, etc.) access to HTTP, VNC, and RDP servers using LinkManager Mobile.
  4. Agents enable you to leverage the serial port on the SiteManager for serial redirection and make it appear to a LinkManager user as if the serial device is directly connected to a COM port of his laptop.
  5. Agents enable you to leverage the USB port on the SiteManager for USB redirection and make it appear to a LinkManager user as if the USB device is directly connected to a USB port of his laptop.
  6. Agents enable configuration of internet access for devices in the SiteManager LAN.
  7. Agents enable unique Layer 2 access to SiteManager LAN.
A SiteManager with five agents constitutes five remote access agent definitions such as those below:

It also constitutes five Device Relays OR Server Relays (for persistent connections using OwnGateManager).

Often a customer will say “I don’t want to firewall. I just want to talk to everything” and “I don’t have any special needs like Siemens, mobile, serial, or USB.” If that is true, don’t worry – you don’t HAVE to use agents. There is a setting in hardware SiteManagers called “Auto Subnet Agent.” Its operations is as follows:

  • Enabled (default setting). When you connect with LinkManager to the SiteManager, you see only the option to “Connect all,” and this grants you access to all IPs/services in your DEV/LAN network. Enabled allows connection to ALL until your first agent is created; then it is assumed you want to restrict and only allows communication for defined agents.
  • Disabled. Explicitly disables the ability to reach entire network. 
  • Always. Always ensures that you can reach ALL devices in the subnet behind the SiteManager, regardless of whether you have agents defined or not. This accounts for situations where perhaps you HAVE to use an agent for Siemens to reach that controller, but for remaining devices you don’t want to specify and simply want to allow all.
In summary, agents are NOT required for basic remote access but are a great enabler for extended functionality.

Related Posts:
 Links of Interest