Controlled support access without creating an OT backdoor.
Remote access is optional. It must not change production safety.
Dedicated VPN gateway into a Remote Access Zone.
Jump host is the only box that can reach Site Data services.
No direct remote path to cameras or edge nodes.
MFA required.
Time-bounded access (maintenance windows).
Session logging and monitoring.
Separate accounts for support vs operators.
Remote access failure must have zero impact on inspection continuity.
Last updated 1 month ago
