MindSphere Remote Service (MRS) offers you secure remote access to your and your customers’ on-site Service Assets (e.g. machines) for the following key use cases:
Service on-site Service Assets fast via Remote Login to quickly perform diagnostic tasks or change or update configurations or resolve incidents.
Engineer PLCs and controllers by Remote Engineering instead of running your engineering tool locally within your serviced customer's network.
Use File Transfer from remote onto an on-site Service Asset to access data for further analysis or to deliver data or files onto remote Service Assets for update, compliance or configuration purposes.
MRS uses tunnel technology providing an additional level of security for meeting regulatory or market constraints for remote connectivity and data transfer. This also eases your IT security management and supervision by bundling many Service Asset connections into a single tunnel. WebSocket Secure tunnels enable fast setup via downloadable tunnel endpoints without the need for installing additional network hardware.
Please be aware that Remote Service infrastructure may be leveraged for versatile integration with other data or 3rd party tools using the same provided secure tunnels. Detailed use-case-specific information is available upon request.
This section gives an overview of how to use and configure MindSphere Remote Service. Furthermore, all relevant terms and definitions are introduced.
Each MindSphere user working with MindSphere Remote Service must also be registered as a User at the User Management in Remote Service. Every user may have one or more User Roles, which grant the user certain access rights depending on the responsibilities and duties that person must fulfil at a given point of time. Such grants apply only to a certain scope and are marked as "partly" while others cannot be configured but only "used" as outlined in the table below.
In Asset System Management the general term Customer Asset (or Asset) is used for any kind of equipment located at the customer side, which will be subjected to being serviced from remote. A Customer Asset might for instance be a machine in a manufacturing line or a part of a power plant.
Customer Assets are managed by means of a tree-shaped Organization Structure, such a tree allows for grouping Service Assets according to Organizations and Sub-Organizations (e.g., geographical or logical areas) and on the lowest hierarchy level according to customer-specific Sites.
To alleviate working with different types of Service Assets at a given site, Service Assets are associated with a customer-defined logical Product type, which allows for instance for distinguishing manufacturing machinery from energy-generating machinery or machinery used for transporting goods on the factory floor.
The combination of User Roles, Asset Tree and Product Typeprovides for convenient handling of all equipment at a selected location as outlined by below example:
Note: If needed, customer-side gateways shall be handled as primary Service Assets. Certain network specifics at the customer or Service Provider side might require involving respective IT departments for initial connectivity setup.
Remote Service-related roles for registered users
Tenant Administrator: This person is authorized to administrate Remote Service objects (add, modify, or delete customer Service Assets, user accounts, and so on) or to grant other users the authorization to use Remote Service functions. An administrator is assigned to one tenant and may administrate only that tenant’s objects and grants.
Region Tenant Administrator: This role is capable of user management, role management, asset system management, and configuration of Protocol Applications within the assigned Region part of the Organization Tree. A Tenant Administrator assigns the "Region Tenant Administrator" role to a given user and specifies the accessible Region or Sub-Organization.
Site Owner: The Site Owner role is capable of asset system management and assigning protocol application instances to assets. The Site Owner has the privileges for the assigned sites only.
Remote User: This is a basic role for performing the everyday tasks of Remote Service and Remote Engineering. This role has access to a set of assets as granted by above administrative roles.
Power User: This is a Remote User who may also use the "On-Demand Device" capability for establishing temporary Remote Service connections.
This section gives an overview of how to use MindSphere apps delivering Remote Service. MindSphere launchpad offers two apps for Remote Service, which provide a task-specific User Experience:
The following chart outlines the functional scope of the dedicated user interfaces of the otherwise identical Remote Service apps. Details of the supported Application Protocols are outlined further below
Note: If you use MRS UI V.2, then you will also have to leverage MRS V.1 for complementary administrative tasks.
The User Interface of the workflow-driven MRS V.2 is structured as follows:
MindSphere Remote Service relies on tunnel technology, which requires upfront setup as outlined on the following sections.
MindSphere Remote Service uses a versatile downloadable compact Client, which doesn't require to install additional runtime environments so that it can be used on constrained hardware. This client is deployed both in the Remote Service Provider's and in the Serviced Customer's network and it builds on top of secure WebSocket communication tunnel technology. It serves different purposes:
Client-based communication allows for integration with and tunnelling of different kinds of configurable protocols for Remote Service purposes. This is managed by setting up Remote Service Protocol Applications per asset:
A Protocol Application Type specifies a Remote Service protocol and provides fields for protocol-specific configuration such as port numbers or authentication information. Different Application Types allow for serving different operational needs.
A Protocol Application Instance of a given Application Type assigns concrete values to the protocol parameters, for instance, username and password needed for authentication at a specific customer network.
Each Customer Asset has a Protocol Application assigned referring to a selected Protocol Application Instance so that it can be accessed and serviced from remote via a specified protocol.
In MRS V.2 such assignment is done by using the Asset Tree for navigating to a Service Asset. At the bottom of the related device page there is a button "Create new application".
That will open the Connectivity Hub for assigning Application Protocols to Service Assets:
Remote Login with Operator Client:
Responsible Roles: Tenant Administrator
To create a new product, follow these steps:
The Product, Wind Turbine is added to the Product Structure and is displayed in the Product structure tree.
Responsible Roles: Tenant Administrator
Let us create a Region, for example, country, company, etc.
The Region, India is added to the Organization Structure and displayed in the System tree.
Let us create a Site “Wind power station”.
Let us create a Site "Wind power station".
A new site 'Wind power station' is created and displayed on the System Management page.
Let us create a Service Asset 'Vortex Generator' under the sample site 'Wind power station'.
A new asset 'Vortex Generator' is created under the site Wind power station.
In order to make use of Remote Service, a user is required with specific grants. Let us create a new user John S.
A new user 'John S' is created.
When a user is created, the new user is assigned with the default role 'Remote User'. The user 'John S' is created in the previous section. Now, it is necessary to assign the roles required for his service tasks.
John has been assigned Remote User and Tenant Admin roles. In order to access the Organization and Product structures or subsets, John must be assigned some Service Asset-specific grants.
Responsible Role: Remote Power User
Once the on-demand device is created, it works like a normal device within the 'On-Demand Organization Tree' and can be managed as a normal device for the duration it is created for. Remote Service supports the following types of on-demand device connection:
To create an on-demand device, follow these steps:
The on-demand asset/device is created and displayed in the Device table.
The on-demand Service Asset/device is created and displayed in the Device table.
The following tips & tricks shall guide you to resolve potential setup or communication issues: