Honeywell Forge Cybersecurity Platform
Remote Access Bridge
Installation Guide
Document ID: CS-HFCPE502en-1911A
November 2019
Notices
Trademarks
Experion®, PlantScape®, SafeBrowse®, TotalPlant®, and TDC 3000® are registered trademarks of Honeywell International, Inc. OneWireless™ is a trademark of Honeywell International, Inc.
Other trademarks
Microsoft and SQL Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Trademarks that appear in this document are used only to the benefit of the trademark owner, with no intention of trademark infringement.
Third-party licenses
This product may contain or be derived from materials, including software, of third parties. The third party materials may be subject to licenses, notices, restrictions and obligations imposed by the licensor. The licenses, notices, restrictions and obligations, if any, may be found in the materials accompanying the product, in the documents or files accompanying such third party materials, or in a file named third_party_licenses on the media containing the product.
Documentation feedback
You can find the most up-to-date documents on the Honeywell Process Solutions support website at: www.honeywellprocess.com/support
If you have comments about Honeywell Process Solutions documentation, send your feedback to: hpsdocs@honeywell.com
Use this email address to provide feedback, or to report errors and omissions in the documentation. For immediate help with a technical problem, contact your local Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell Technical Assistance Center (TAC).
How to report a security vulnerability
For the purpose of submission, a security vulnerability is defined as a software defect or weakness that can be exploited to reduce the operational or security capabilities of the software.
Honeywell investigates all reports of security vulnerabilities affecting Honeywell products and services.
To report a potential security vulnerability against any Honeywell product, please follow the instructions at: https://honeywell.com/pages/vulnerabilityreporting.aspx
Submit the requested information to Honeywell using one of the following methods:
- Send an email to security@honeywell.com.
- Contact your local Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell Technical Assistance Center (TAC) listed in the “Support” section of this document.
Support
For support, contact your local Honeywell Process Solutions Customer Contact Center (CCC). To find your local CCC visit the website: https://www.honeywellprocess.com/en-US/contact-us/customer-support-contacts/Pages/default.aspx
Training classes
Honeywell holds technical training classes that are taught by process control systems experts. For more information about these classes, contact your Honeywell representative, or see www.automationcollege.com.
About this Guide
This document describes the installation requirements for the Remote Access Bridge.
Document scope
This guide describes how to install Remote Access Bridge.
Intended audience
This guide is for people who are responsible for the installation of Remote Access Bridge.
Prerequisite skills
This guide assumes basic knowledge of the Honeywell Forge Cybersecurity 1911 modules relevant to the Security Center, the VSE, or both, depending on your specific role.
Related documents
The following list identifies publications that contain information relevant to the information in this document.
| Document Name | Document Number |
|---|---|
| Honeywell Forge Cybersecurity 1911 – Security Center Installation Guide | CS-HFCPE510en-1909A |
Revision history
| Revision Supported Release | Date | Description |
|---|---|---|
| A (1909) | September 2019 | First release of product under the Honeywell Forge Cybersecurity brand |
| A (Release 510.2) | August 29, 2019 | Second release of ICS Shield documentation |
1. Terms and definitions
| Term | Definition |
|---|---|
| Communication Server (CS) | The Communication Server provides secure communication between the Security Center and the VSEs and, optionally, between the VSEs themselves. |
| DB | Database server component |
| Remote Access Bridge (RAB) | A Honeywell Forge Cybersecurity Platform component installed externally to the SC which enables secure remote access between the SC and the VSE. On receiving communication requests from the VSE and the RAG, it creates a secure bridge between them, thereby enabling a secure communications tunnel from the SC to the VSE, and from there to the required device. |
| Remote Access Gateway (RAG) | The Remote Access Gateway is part of Honeywell Forge Cybersecurity's remote access solution. When initiated, the Remote Access Gateway automatically pulls the connection details from the Security Center database. |
| reverse tunnel | A secured connection initiated by the VSE to the Security Center. |
| Security Center (SC) | Honeywell Forge Cybersecurity Platform component that is installed at the corporate data center. The security center is composed of various software components, which enable to remotely collect, analyze, view, manage, and store data retrieved from the VSEs. This data refers to the monitored network assets and devices found at the VSE's sites. |
| site | A remote physical location, such as an industrial plant, which includes one or more network environments and has at least one VSE. |
| tunnel | A secure connection established from the Security Center to the VSE. |
| VSE | The Honeywell Forge Cybersecurity Platform component that is installed at the remote site, monitors the devices at the site, and provides additional functionalities such as remote access. |
2. Platform Requirements
The platform requirements are as detailed below.
Operating System (OS)
- Windows 2012 R2 Server (64bit)
- Windows 2016 Server (64bit)
Recommended hardware configuration
- CPU: At least 4 cores
- RAM: At least 16GB
- Storage: Internal disk 100 GB or more
3. Installation instructions
This chapter provides installation instructions for both new and upgrade installations.
3.1 New installation
To perform a new installation:
- Decide which port to use for remote access (usually 443).
- Place the .keystore file somewhere on the machine. You can either use the keystore created during the Communication Server installation or create a new keystore.
- Run the Installation executable with administrative privileges.
- Provide the IP and port to be used.
NOTE: The IP address should be the FQDN or address accessible from the sites and the Remote Access Gateway. In SaaS configuration, this IP needs to be accessed from clients as well. - Browse for the keystore file.
- In some rare occasions, a restart is required and is initiated automatically by the installer.
CAUTION: The keystore file contains the private key to be used for the secure communication. As such, it is extremely sensitive and must be handled with utmost responsibility.
3.2 Upgrade installation
To perform an upgrade installation:
- Back up the old installation folder, in particular, the NNkeystore file located in the root of the old installation.
- Uninstall the previous version by going to the path C:\Program Files\RemoteAccessBridgeSupport\InstallInfo\4.x.x.x\Uninstall_RemoteAccessBridge (currently always in Program Files).
NOTE: On most occasions, a restart is performed upon the Uninstallation's completion. - Install the more recent version with administrative privileges. Use the keystore from the previous installation.
3.3 Uninstallation
To perform an uninstallation:
- Inform the customer that a restart of the machine is required.
- Launch the uninstaller from the path C:\Program Files\RemoteAccessBridgeSupport\InstallInfo\4.x.x.x\Uninstall_RemoteAccessBridge.
Honeywell Process Solutions
1250 W Sam Houston Pkwy S #150, Houston, TX 77042
Honeywell House, Skimped Hill Lane, Bracknell, Berkshire, RG12 1EB
Building #1, 555 Huanke Road, Zhangjiang Hi-Tech Park, Pudong New Area, Shanghai, China 201203
Document ID: CS-HFCPE502en-1911A | November 2019
© 2019 Honeywell International Sàrl
