No arguments here - security of all types is a hot topic. Thin Clients fit well into a general enhancement of a company's security plans because their very nature makes them very easy to secure. This article presents some of the security inherent in the Thin Client model.
A true Thin Client is not a PC. Thin Clients have no local storage, and, if it is an ACP Enabled Thin Client, they don't even have a local operating system and will not boot without a Windows Terminal Server. There are many locations where Thin Clients have replaced laptop computers because a Thin Client is not an item that will be of any use away from the Thin Client network. Installing an interface that is non-functional outside of your plant will discourage people from taking it, even for use at other locations within your company.
PCs that are used to display the operator interface for manufacturing processes are frequently the object of hackers. There are several reasons for this, but one of the most common is that operators have idle time alone with the computer, often very late at night and often far away from other people.
Most hacking attempts and addition of virus programs are made via the floppy drive, either by rebooting the computer or by breaking out to a DOS shell. Although companies usually try to keep their computers secure, the truth is that you could walk out on the plant floor right now and probably easily get to the DOS prompt and the "A:" drive on a number of computers.
Thin Clients have no floppy drive, or any local drive at all for that matter. This greatly reduces the number of entry points for user break-in attempts and the addition of unwanted software. IT can now focus on the much easier task of keeping the company's servers secure, which is something that they are doing an excellent job of anyway.
The addition of a virus is often unintentional; unwanted and malicious programs can attach themselves to games installed by operators, or to a floppy disk itself. Even programs that are working as they are supposed to may have an unanticipated impact on the operation of the PC.
Traditional distributed PCs require distributed software, which means that your very expensive SCADA and industrial software is installed all over the factory. Some of that software even requires the use of a hardware key, and loss of the computer (or just the key) is very difficult to overcome. We heard of a company that packed some PCs in boxes to move to another location, and while they were waiting for the transfer a member of the facilities group picked up the boxes and threw them out. People at the old location thought they had been picked up and moved, and people at the new location thought they weren't ready yet. By the time the error was discovered, it was too late to recover either the PCs or the $3,500 hardware key that was still attached to each computer.
Many client/server applications rely on the client to do some of the data processing. This can result in sensitive data being sent out over a variety of networks. Often that data remains on the client computer long past the time that it is needed for calculations.
ACP Enabled Thin Clients only display the result of calculations made on a server, and that display is only sent pixel by pixel as it is needed. Pixels that don't change aren't sent, and data that is sent is coded into the Citrix ICA protocol and managed by ACP ThinManager.
In spite of any company's best efforts, there will still be incidents that result in the loss of the operator interface station. This may not be because of intentional wrongdoing or sabotage - it may be a result of an accident or other unavoidable event. The most important thing to do when this does happen is to get the operator interface back up and running as quickly as possible.
Finding a replacement PC and reinstalling and reconfiguring software and drivers is not a task that anyone looks forward to. A Thin Client, however, can be replaced by plugging in a new one. Not only is the software and configuration ready to go immediately, but in most cases the application will still be running and displaying the same screen.
If you have any questions about how a move to Thin Clients can make your plant immediately more secure without causing you to change any of your existing software, please give us a call here at ACP and one of our sales people will be happy to talk with you.
For more information on ACP Industrial Thin Client computers, please visit our web site at http://www.thinmanager.com
To sign up for the E-mail newsletter go here: ACP newsletter signup
For an archive of past newsletter articles go to: ACP Newsletter Archive