Why MindSphere
Made with MindSphere
Products
Store
Documentation
Partners
Future World Series
Why MindSphere
Made with MindSphere
Products
Store
Documentation
Partners
Future World Series
Back

Why MindSphere

Discover how you can use MindSphere to make machines smart, make production lines fast, and prevent equipment failures before they happen.

Why MindSphere overview
For Users
For Makers
Back

Products

Products overview
Overview
MindSphere Offerings
MindSphere Applications
Back

Documentation

Here you can find everything you need: from getting started with MindSphere to the most advanced use cases. Use this section to explore all MindSphere capabilities.

Documentation overview
Overview
Connectivity
System Tools
System Tools overview
Overview
Asset Manager
Settings
Operations Insight
Fleet Manager
Developer Cockpit
Operator Cockpit
Deploy and update CF Apps Best Practice
Usage Transparency
Container Registry
Integrated Data Lake
Upgrade
Development
Development overview
Overview
Concepts
How Tos
Cloud Foundry
APIs & Services
Design System
Resources
Open Source
Licence
Mendix
Web Components
Community Forum
Apps and Solutions
Tutorials
Tutorials overview
Asset Manager
Fleet Manager
Visual Analyzer
VFC Introduction
VFC KPI
VFC Dashboard
Visual Explorer Connector
Visual Explorer
Guides
Guides overview
Overview
DevOps Guide
DevOps Guide (PRC)
Seller Guide
Seller Guide (PRC)
MindSphere Regions
Marketing Guide
Start for Free
Glossary
Release Notes
Back

Partners

Our partners are innovators at the forefront of the IoT revolution. Discover how they are accelerating the IoT digital transformation of our joint customers by leveraging MindSphere, the leading Industrial IoT as a service solution.

Partners overview
Partner Solutions
Featured Partners
Work With Our Partners
Become a Partner
Apply
Partner Login
Start for free for Partners
Back

Future World Series

Future World Series overview
Buildings
Energy
Mobility
Industry
MHP
Water
Mastercard

Why MindSphere

Discover how you can use MindSphere to make machines smart, make production lines fast, and prevent equipment failures before they happen.

Why MindSphere overview
For Users
For Makers

Products

Products overview
Overview
MindSphere Offerings
MindSphere Applications

Documentation

Here you can find everything you need: from getting started with MindSphere to the most advanced use cases. Use this section to explore all MindSphere capabilities.

Documentation overview
Overview
Connectivity
System Tools
System Tools overview
Overview
Asset Manager
Settings
Operations Insight
Fleet Manager
Developer Cockpit
Operator Cockpit
Deploy and update CF Apps Best Practice
Usage Transparency
Container Registry
Integrated Data Lake
Upgrade
Development
Development overview
Overview
Concepts
How Tos
Cloud Foundry
APIs & Services
Design System
Resources
Open Source
Licence
Mendix
Web Components
Community Forum
Apps and Solutions
Tutorials
Tutorials overview
Asset Manager Begin building your assets with Asset Manager. How to: configure and share assets using cross-tenancy
Fleet Manager Create value when monitoring assets with Fleet Manager. How to: build Rules for notifications and status of your assets
Visual Analyzer Quickly set up root cause analysis scenarios with Visual Analyzer How to: filter data from different devices simultaneously
VFC Introduction Immediately access your data with Visual Flow Creator. How to: work with your data to create a flow
VFC KPI Calculating KPIs with Visual Flow Creator. How to: design workflows and trigger key events
VFC Dashboard Simple dashboarding with Visual Flow Creator. How to: create a dashboard and publish to your tenant
Visual Explorer Connector Defining datasources to start Visual Explorer How to: create datasources from connected assets
Visual Explorer Discover the power of dashboarding with Visual Explorer. How to: customize advanced data visualizations
Guides
Guides overview
Overview
DevOps Guide For Subscribers to Capability Packages and MindAccess Plans
DevOps Guide (PRC) For Subscribers to MindAccess Plans
Seller Guide For Subscribers to MindAccess Plans
Seller Guide (PRC) For Subscribers to MindAccess Plans
MindSphere Regions For Subscribers to MindAccess Plans
Marketing Guide For Subscribers to Capability Packages and MindAccess Plans
Start for Free
Glossary
Release Notes

Partners

Our partners are innovators at the forefront of the IoT revolution. Discover how they are accelerating the IoT digital transformation of our joint customers by leveraging MindSphere, the leading Industrial IoT as a service solution.

Partners overview
Partner Solutions
Featured Partners
Work With Our Partners
Become a Partner
Apply
Partner Login
Start for free for Partners

Future World Series

Future World Series overview
Buildings
Energy
Mobility
Industry
MHP
Water
Mastercard

IPSec Tunnel Subscription (ITS) Getting Started

IPSec Tunnel Subscription (ITS) has the following documents:

Introduction

IPSec Tunnel Subscription (ITS) is an application that runs on MindSphere platform. It enables secure aggregated data transmit from several assets at customer site into the MindSphere Time Series store and Data Lake via a shared IPsec tunnel. Key ITS activities such as configuration changes in user or asset management are logged in an audit trail to further alleviate compliance with regulatory constraints.

.

 

Using and Configuring the System

This section gives an overview on how to use and configure IPSec Tunnel Subscription. Furthermore, all relevant terms and definitions are introduced.

 


 

In Asset System Management the general term Customer Asset (or Asset) is used for any kind of equipment located at the customer side, which shall either provide data to other MindSphere applications via IPSec Tunnel Subscription. A Customer Asset might for instance be a machine in a manufacturing line or a part of a power plant.

Customer Assets are managed by means of a tree-shaped Organization Structure, such a tree allows for grouping assets according to Regions (geographical or logical) and on the lowest hierarchy level according to customer-specific Sites. This in turn enables for convenient handling of all equipment at a selected location.

To alleviate working with different types of assets at a given site, assets are associated with a customer-defined logical Product type, which allows for instance for distinguishing manufacturing machinery from energy-generating machinery or machinery used for transporting goods on the factory floor. 

Note: Customer-site routers and gateways are also handled as assets.

Each MindSphere user working with IPSec Tunnel Subscription must also be registered as a User at the User Management in ITS and every user may have one or more User Roles, which grant the user certain access rights depending on the responsibilities and duties that person must fulfill at a given point of time. Such grants apply only to a certain scope and are marked as "partly" while others cannot be configured but only "used" as outlined in the table below.

NoteCertain network specifics at the customer or Service Provider side might require involving respective IT departments for initial connectivity setup.

Registered Users may have the following roles:

IPsec Tunnel Subscription (ITS) related roles

  • Tenant Administrator

A person that is authorized to administrate RTS objects (add, modify, or delete customer assets, user accounts, and so on) or to grant other users the authorization to use ITS functions. An administrator is assigned to one tenant and may administrate only that tenant’s objects and grants. Within that scope the Tenant Administrator may also operate and control connectivity to customer assets.

  • Remote User

This is a basic role that can connect only to the assets which are configured by the Tenant administrator. A Remote User may work within an assigned Organizational Tree of Assets.


 

Create Product Structure for Classifying Assets

Responsible Roles: Tenant Administrator

To create a new product, follow these steps:

  1. Click Structure Management under the Dashboard tab of the Home page.

  2. Click Product Structure on the Structure Management page.

  3. Select the Product from the product structure tree to which you want to create a new product.
  4. Click Add New.

  5. Complete the fields by entering the Product Name (example: Wind Turbine) and the Annotation.

  6. Click Add to tree.

Product (Wind Turbine) has been added to the Product Structure and is displayed in the Product structure tree. 

 

Create Organization Structure for Managing Assets

Create Region

Responsible Roles: Tenant Administrator

Let us create a Region, for example, country, company, etc. To create a new region, follow these steps:

  1. Click Structure Management under the Dashboard tab of the Home page.

  2. Click Organization Structure on the Structure Management page.

  3. Select the region from the organization structure tree to which you want to create a new region.
  4. Click Add New. 

  5. Complete the fields by entering the Organization Name (example: India) and an Annotation outlining the purpose of your input.

Region (India) has been added to the Organization Structure and displayed in the System tree.


 

Create Sites

Responsible Roles: Tenant Administrator

Let us create a Site "Wind power station". To create a new site, follow these steps:

  1. Click Structure Management under the Dashboard tab of the Home page.

  2. Click the Region tab on the System Management page.

  3. Select the region (example: India) from the Organization tree to which you want to create a new site.

  4. Click Add Site in the upper-right corner.

  5. Enter information describing the site into the fields and click Save.

A new site 'Wind power station' has been created and displayed on the System Management page.

 

Create Assets

Responsible Roles: Tenant Administrator

Let us create an Asset 'Vortex Generator' under the sample site 'Wind power station'. To create an asset, follow these steps:

  1. Click System Management under the Dashboard tab of the Home page.
  2. Click the Region tab on the System Management page and select the sample Region India.
  3. Click the remote site 'Wind power station'.
  4. Click New Device upper-right corner of the device table.

  5. Enter the Asset and Location information in the fields.

  6. Click Add Products in the upper-right corner of the Product field and mark true against the product Wind Turbine and click Select.

  7. Click Save.

A new asset 'Vortex Generator' has been created under the site Wind power station.

 

Managing Users for IPSec Tunnel Subscription

Responsible Roles: Tenant Administrator

In order to make use of ITS, we need Users with grants. Now, let us create a new user John S. To create a new user, follow these steps:

  1. Click User Management under the Dashboard tab of the Home page.

  2. Click the Users tab on the User Management page and click Add User Account.

  3. Enter the User information and necessary additional details in the fields and click Save.

User 'John S' has been created.

 

Assign Roles to Users

Responsible Roles: Tenant Administrator

When a user is created, the new user is assigned with the default role 'Remote User'. User 'John S' has been created in the previous step. Now the roles he requires for his service tasks are to be assigned to him.
To assign a role to a user, follow these steps:

  1. Click the Associate Roles tab on the Edit user 'John S' page.

  2. Assign the roles as required and click Save.

 

Assign Users with Grants for Scopes of Assets

Responsible Roles: Tenant Administrator

John has been assigned Remote User and Tenant Administrator roles. Now in order to access subsets of the Organization and Product structures, John must be assigned some asset-specific grants.
To assign asset-specific grants to a user, follow these steps:

  1. Click the Attribute based Grants tab.

  2. Click Add Organizational Structure in the upper-right corner of the Organizational Structure field.

  3. Select the required site, for example, Wind power station and click Select.

  4. Click Add Products in the upper-right corner of the Products field.

  5. Select the required product, for example, Wind Turbine and click Select.

  6. Click Add Roles in the upper-right corner of the Roles field.

  7. Select the required roles that you want to assign click Select.

  8. Click Add to Grants and Save.

Get Started

Developer

Partner

Support

MindSphere © Siemens, 1996 – 2022

Get in touch