Secure Remote Access at Glaston
The history of glass dates back to the 5th millennium BC. It first appeared as glass beads in ancient Egypt and Mesopotamia and continues to inspire people in all shapes and applications to this day. Such a high-quality material with all its noble properties is the epitome of quality and purity. The Finnish Glaston Group has been involved in the development of glass and the machines required for this since the end of the 19th century. In addition to manufacturing glass processing machinery in the fields of automotive glass, architectural glass, functional glass, display glass and solar glass, Glaston offers a range of related maintenance and service offerings for its end customers.
The Swiss technology center Glaston Switzerland AG is a prime example of how requirements are not only met, but also taken further – in this case in the area of monitoring and remote access of customer systems.
Guaranteed service in the event of a customer complaint
With a whole series of examples of customer-oriented handling of complaints, Glaston has earned an excellent reputation in the market. In addition to fast and professional processing, the range also includes a guaranteed scope of services for the customer, which is impressive and has repeatedly made Glaston a preferred partner for future projects. In order to be able to help and analyze as efficiently as possible, Glaston has relied on outstanding remote access support for many years. This capability is a key factor in saving time and money and enabling assistance to be provided anywhere in the world at any time. This means that machine downtimes, which are immediately very costly, can be reduced to minimal time windows and this increases customer satisfaction enormously.
The decisive factor for successful remote access is being able to reach a system at any time without any problems. However, due to a lack of trust in secure technologies and partnerships, this is usually difficult to achieve in reality. Customers refuse permanent access, unconsciously paralyze network access by adapting their infrastructure or simply prohibit unknown solutions. Glaston, however, has managed to overcome these hurdles for years and convinces customers of the added value that can be achieved through secure connectivity of systems. This works above all with the factors of transparency, trust and the use of solutions that go far beyond the normal standard.
Glaston can therefore not only offer a service, but also contractually guarantee it. The remote access solution is not just a means to an end, but an elementary component of comprehensive service support, which can also be used to increase sales.


Secure remote access to customer machines with the mbNET.rokey series incl. key switch
Customer authority for access functions, confidentiality and guaranteed security are key
Products from the mbNET.rokey series from MB connect line are used as network access points and links in the system network. The decisive advantage of this series is an integrated key switch that cannot be changed and is configured by the manufacturer. MB connect line calls this tamper-proof mechanism on the device “Security by Design”. The security rotary switch located on the remote access allows several requirements to be covered at the same time:
- The customer or system operator always has ultimate control over the router’s access function.
- The key protects unauthorized personnel from incorrect operation.
- The 3-stage setting option allows the router to be brought online, but prohibits access to the underlying system network.
- It also prevents willful or accidental resetting to factory settings, which is easily possible with many alternative products.
An mbNET.rokey as an access point, which could not be more suitable for the intended use, provides Glaston with decisive advantages when arguing for a secure solution for remote access to customer machines. Without the customer’s prior consent, given by the mechanism of a key switch, systems cannot be accessed from outside and are therefore protected. Only the owner of a key can grant permission to the customer, which considerably restricts the group of people and raises security awareness.
Glaston’s support includes continuous monitoring of the access point in order to immediately detect errors with the cabling, device failure or an IT problem. Alarms report immediately after adjustable buffer times have expired if systems no longer log into the mbCONNECT24 monitoring portal. Important security patches can be applied to the router at any time via the online version of mbNET.rokey, which in other cases are usually neglected due to time constraints, meaning that network devices are sometimes years out of date. Appropriately trained personnel, established regulations and a suitably structured infrastructure ensure that Glaston customers are guaranteed protection of their data. This data is treated as strictly confidential and does not leave a company network without consent.
“For me, mbNET.rokey is THE solution for gaining the trust of our customers and ensuring that they always have control over what is happening on the system.”
Matthias Rilinger – Senior Service Specialist at Glaston Switzerland AG
Taking security to the next level
VPN access to a plant network enables many users worldwide to securely connect to the machine to resolve or detect faults. For many service teams, such as the Glaston task force, this has become indispensable. But does this “luxury” also bring new dangers? The answer is simply: yes, because wherever networks are made up of many different components, there are weak points and most of these are caused by the users themselves.
Glaston has long recognized that when industrial PCs are returned for repair from plants or backups, 5-10% of them are infected with malware, and this aspect alone is alarming. However, this situation must be dealt with professionally. There is a risk that the machine manufacturer will also become a victim through his remote access and may even become the carrier of these viruses: to his own network or the customer’s next network to which he connects. In the worst-case scenario, this could result in further complaints or even claims for damages, even though the manufacturer only wanted to help.
MB connect line also offers a way to reduce this risk. With the help of so-called Web2Go connections, remote access services are tunneled port-related to a web application. Full VPN access to the entire network is not necessary for this. For most support requests, a connection to end devices can be established at the touch of a button, which rules out the transmission of malware. In general, MB connect line rates the risk with active VPN connections as very low, as incoming connections to the service endpoint are not possible and the local firewall provides additional protection. Nevertheless, there is a residual risk when transferring infected files.

Web2Go connections are used to tunnel remote maintenance services port-related to a web application

Service hotline at Glaston
Cleverly minimize any remaining risk
However, some use cases require full VPN access to the machine network and the exchange of data from a customer system is also necessary and expedient. A certain residual risk remains, as the transfer of infected files is not prevented. Glaston has addressed this issue and reduced this risk to a minimum based on its own experience.
With the help of a VM environment established for this purpose, complete network separation between the service endpoint and the customer network was realized. A virtual machine, which is created from a snapshot prior to a support request, represents the service endpoint at Glaston. The service technician starts his remote access from this “clean environment” and the interfaces to the systems are always compatible. Additional advantages arise from the greatly reduced maintenance effort due to only one virtual environment, which is available to all technicians at all times with the appropriate tools. All users work in the same way, which creates transparency and efficiency. Suitable virtual machines with appropriate operating systems can be provided for older systems.
When exchanging data that may be infected, it always passes through the isolated virtual machine first. There, they are checked with virus scanners and warned accordingly in the event of a threat. In the event of an incident, the entire environment can be deleted safely and without risk and restored from the snapshot if necessary. This mechanism reduces the residual risk of exchanging dangerous files to a minimum.
Glaston’s remote access concept fulfills a very high security standard with these additional precautions and the already very well-considered options. Risk assessments by Glaston’s security-sensitive customers produced confidence-inspiring results, which were convincing and paved the way for the connectivity of the systems.
“Remote access is trust! – And trust has to be earned.”
Statement from the Glaston presentation “If it costs nothing, it’s worth nothing”, MB connect line user conference