GE
Intelligent Platforms
Proficy Agent
Trusted Data from Anywhere to Anywhere
Benefits
• Reduce network complexity
• Improve access control by eliminating
unnecessary VPN connections to third-party networks
• Simplify internal communication across
network boundaries
• Save time and costs with a solution that’s
easy to support and manage
• Align with industry standard security
practices using X.509 digital certificate
technology
Features
• Real-time encryption and decryption scalable to 1000’s of remote agents
• SSL with cryptographically strong encryption algorithms
• Out-of-the-box support for Proficy HMI/
SCADA – iFIX, Proficy HMI/SCADA –
CIMPLICITY, and Proficy Historian
• Web-based admin interface for managing agents
• Exception poll time or real-time streaming
• Ability to send files from authenticated
remote agents to the server on exception
or time base
• Functionality to create authenticated RDP
sessions with remote agents
Protect and control access to your assets
and data with a proven, easy-to-use solution. GE Intelligent Platforms’ Proficy*
Agent software enables authenticated and encrypted data transfers from external or internal data sources to a centralized system.
Remote Agents
Designed to easily support the collection,
recording, and transmittal of data from any source in a reliable and highly configurable manner, Proficy Agent can add security capabilities to protect client-server connections.
A secure-by-design scalable solution
Proficy Agent provides an encrypted and authenticated channel to forward
monitoring and diagnostic data from
remote agents to a central repository over
an intranet or the internet, replacing the
need for dedicated VPN connections. Proficy
Agent also delivers functionality to send files
and/or create RDP sessions from the Proficy
Agent Enterprise Server to Proficy Agents
over the established connection.
Remote agents are associated with a
uniquely identifiable device or group of
devices. An agent communicates to existing
Proficy software components through provided out-of-the-box agent plug-ins. Encrypted Transport
Proficy Agent delivers VPN-equivalent
security through the use of digital
certificates, which ensure that
connections are established from known
remote agents. Agents communicate with
a Proficy Agent Server by means of
messages and web service calls, with all
communications encrypted using SSLv3
via port 443.
These technologies, along with a tiered
network security defense strategy, can
efficiently minimize the exposure of control
systems networks and reduce the risk of
unauthorized access.
Agent Manager - Web Based Admin
Using the latest web-based technologies, the
administration of agents can be managed
through a web-based user interface. The
Agent Manager provides management
functions for file and data transfer, user
management, and device management.
Easy-to-use Admin Interface
Proficy Agent
Remote
Site 1
Firewall
Remote
Site 2
DMZ
Internal Data Sources
Controls
Network
DMZ
Firewall
External/Remote Data Sources
Agent
Manager
Agent
Manager
Remote
Site 1000x
You can use Proficy Agent to create encrypted
and authenticated remote connections over the
internet using firewall-friendly ports like 443/TCP.
Proficy Agent helps create trusted
connections between networks internally
to build a layered defense solution.
Exception-Based Options
Files can be uploaded from a remote agent
on a regular basis by scheduling it to watch
a directory at the device for changes.
Files that are new or changed are sent to
the Server. An upload function available
through the Proficy Agent Manager helps
upload a file from an agent.
Agent Configuration Tool
Streamline the setup and maintenance of both server and remote agent configurations. The tool’s features help
administrators install certificates, debug
systems, optimize performance, and
perform system checks/validation.
Open and Layered
Proficy Agent includes out-of-the-box
support for any version of Proficy iFIX and
CIMPLICITY HMI/SCADA systems as well as Proficy Historian. Proficy Historian
support extends to collector-to-server and server-to-server architectures via a
simple agent software addition to existing
servers. Proficy Agent also includes a file
monitor plug that enables encrypted and
authenticated connectivity to other 3rd
party data sources.
Ensure trusted connections for your data.
To learn more, visit www.ge-ip.com
Proficy Agent security capabilities
• Uses TLS v1 (SSL v3) to provide encrypted communications and mutual authentication using X.509 certificates
• Supports cryptographically strong encryption algorithms such as AES
• Default-Deny access control model – no default accounts or passwords
• Windows® authentication required for web administration (supports Kerberos)
GE Intelligent Platforms Contact Information
Americas: 1 800 433 2682 or 1 434 978 5100
Global regional phone numbers are listed by location on our web site at www.ge-ip.com/contact
www.ge-ip.com
©2013 GE Intelligent Platforms, Inc. All rights reserved. *Trademark of GE Intelligent Platforms, Inc. All other
brands or names are property of their respective holders. Specifications are subject to change without notice.
06.13 GFA-1955