GS43D07N10-08EN - 005 Oprex Managed Service - Cloud Edition

OpreX Managed Service
General
Specifications OpreX Managed Service -Cloud edition-
GS43D07N10-08EN
 OVERVIEW
OpreXTM Managed Service is provided based on the advanced digitalization Managed Service Suite (MSS) platform
technologies, which is delivered as a managed service. The platform provides meaningful actionable information as a one-
stop shop linking Process, People and Technology. MSS connects all sources of available data of a plant and converts
this data into information (Technology) and proposes appropriate actions when required (Process) by the right person
(People).
 CLOUD EDITION, PURPOSE

OpreX Managed Service -Cloud edition- is one of the OpreX Managed Service lineups. The Cloud edition is provided by
Yokogawa managed cloud, where customers do have their own secure workspace, and a dedicated secure site server to
control all monitoring, remote access, and files exchange from the OT plant. This Cloud edition is suitable/developed for
customers with one or many plants with OT asset services provided by Yokogawa.
The service provides remote condition-based preventative monitoring and maintenance of OT domain assets, from its
Yokogawa cloud-center and the customer or plant specific workspace. By timely identifying issues with plant equipment
and devices before they can break down, this service can prevent unexpected plant shutdowns and reduce traditional
preventative and corrective maintenance.
The service consists first out of, the "Basic Services," providing reliable and secure operation of the OpreX Managed
Service Suite (MSS)-platform itself 24/7, and secondly is covers the "Optional Services," which is a value-added service
that helps improve the efficiency and effectiveness of customer OT maintenance and security. The content introduced in
this document consists of the following chapters.
Managed Service Delivery

• Basic Services
• Optional Services
Architecture
• MSS Architecture
• Center Component
• Site Component
• Network Operations Center (NOC)
• Platform Deployment
Deployment
• Deployment phases
Features [Release R1.6.2]
• Single sign-on user authentication
• Asset inventory
• Unified web interface across multiple applications
• Asset availability
• Data collection for various asset types
• Data collection for various application types
• Remote access
• File transfer
• Windows Update Server and Anti-Virus software server
• Automation (Alerting, Incident Management)
• MSS alerts
• ServiceNow alerts
• Email notification
Yokogawa Electric Corporation GS 43D07N10-08EN

2-9-32, Nakacho, Musashino-shi, Tokyo, 180-8750 Japan ©Copyright Dec. 2021
5th Edition Jul. 27, 2023
2
 Managed Service Delivery

Yokogawa offers basic services and optional services.
 Basic Services
Basic Services provide MSS functions to a customer and constantly monitors and maintains performance, system health,
platform security, and its applications 24/7 by the Service desk.
 MSS platform features

MSS platform provides various features. See FEATURES.
 MSS platform management
MSS platform provides some management as follows.
• Platform monitoring and maintenance
Yokogawa Service Desk constantly monitors the performance, health of MSS itself 24/7 in the network
operation center, and takes appropriate action when problems occur.
• User management and support
Yokogawa grants permissions for users, groups, and each asset as user management.
• Platform configuration management and update management
Yokogawa onboards customers assets that are monitored in MSS. MSS Platform is always kept up to
date (Always the latest version operation), so user can use the latest technology in a stable environment.
• Platform security assessment and update
MSS platform is protected and monitored by anti-virus software. The platform is also updated with OS
patches. To update with latest anti-virus signature and OS patches, MSS platform keeps secure at all
times.
 Optional Services
Optional Services are for the added value provided by Yokogawa's subject experts to improve maintenance efficiency.
 Yokogawa subject matter expert on-demand online services

When occurring problems with customer’s assets, customers under the Asset Lifecycle Agreement can receive
emergency maintenance immediately as a remote maintenance service through MSS not bothering DCS
operation.
 OpreX Plant Healthcare Services
• OpreX Plant Healthcare Service for Security
This service regularly delivers essential security advisory report by analyzing security related events in
OT. For more information on the service, please contact Yokogawa affiliate.
• OpreX Plant Healthcare Service for System
This service provides a proposal to optimize maintenance and operation by analyzing the condition of
system assets, alert, and operation procedure. For more information on the service, please contact
Yokogawa affiliate.
• OpreX Plant Healthcare Service for Field Asset
This service helps customers optimize maintenance for field digital assets and improve availability
continuously throughout filed assets lifecycle annual report in a plant. (For details, refer to GS43D07E05-
01EN).
All Rights Reserved. ©2021 Yokogawa Electric Corporation GS 43D07N10-08EN Jul. 27, 2023
3
 ARCHITECTURE
 MSS Architecture
MSS consists of Site Component, Center Component, and Network Operations Center. These three are Yokogawa
managed SaaS infrastructure that are interconnected with an IPsec VPN connection. (Internet access required)
< Center Component >

Center Component is the central location for user-to-system access: between a user’s client PC and a host system in
the process control domain (PCD). It also provides a central point for consolidated reporting on assets in the PCD.
Center Component is deployed in public cloud and it is shared with multiple customers.
Table 1: Public Center Components
Data Center Service Coverage Area*1
Japan Asia & Oceania, North/Central/South America, Middle East & Africa
Europe (Netherlands) Europe
*1 Cloud service or some features may not be available in a particular country, region, sector, or organization due
to their data localization policies. E.g., personal and non-personal information which is collected in China must
be stored and processed in China. For more information about the service coverage area, please contact the
Yokogawa local support office.
< Site Component >

Site Component is the infrastructure (firewall and application hosting) and software solution that is installed at each
managed site. It provides a means of establishing a secure tunnel from the PCD to the Center Component and can
orchestrate various data flows for maintenance activities. It also provides a firewall service for secure system-to-system
communication between systems and services in the MSS and the PCD.
< Network Operations Center (NOC) >

The NOC allows remote monitoring and maintenance of MSS. Every deployed instance of Site Component and Center
Component are configured to forward monitoring data of each instance itself to NOC. E.g.: Monitoring MSS infrastructure
like availability of hard disk space in Site and Center Component, verifying that backup is successful, etc.
 Platform Deployment
Deployment pattern for OpreX Managed Service -Cloud edition- is as follows.
Network Operations Center
<< Public DC >>

NOC
Yokogawa Central Data Center

<< Public DC >>
MSS Center
Component
Customer A Site Customer B Site
<< Local Site >> << Local Site >>

MSS Site MSS Site
Component Component
Figure 1: OpreX Managed Service -Cloud edition- Deployment
4
Yokogawa
Network Operations Center
NOC
Servicedesk
Internet (Out of scope of MSS)
Enterprise Network (Out of scope of MSS)
Business user Site A
IPsec
HTTPS Customer
Customer Central Data Center MSS User
Site B work place
Site A work place
Business user Site B
MSS Center Component

MSS User
Site A Site B
Business logistics MSS User (Site admin), Business logistics MSS User (Site admin),
systems MSS User systems MSS User
Industrial Security Industrial Security

Zones MSS Site Component Zones MSS Site Component
Manufacturing operations Manufacturing operations
systems systems
Control Control
systems systems
Intelligent Intelligent
devices devices
Figure 2: OpreX Managed Service -Cloud edition- Deployment example

(* not regarded as part of the specification)
5
 DEPLOYMENT
Deployment phases
The entire MSS deployment program contains several stages, including site survey, configuration design, deployment
installation and its commissioning and handover, to start operation of OpreX Managed Service -Cloud edition-.
Site survey
This phase aims to create an overview when building the PCD environment. On-demand, this will evaluate and
analyze the PCD environment. Information is analyzed during this phase to create a platform onboarding preparation
or coordination and implementation plan.
In this phase Use case and Network route for an expected solution should be assessed prior to the next design
phase. If the network bandwidth and the latency are not sufficient, the solution may not function or perform well.
Yokogawa requests the following bandwidth and latency in Table 2 to meet acceptable performance.
Table 2: Network considerations
Use case Network route Requirement
Remote Access (*1) Client PC - Endpoint assets via Center and/or Site Min bandwidth >= 2Mbps,
Max latency < 300ms
*1; Assumed scenario is a user will work with a Yokogawa DCS HIS by MSS HTML5 based RDP Remote Access
desktop operation for 1920x1080 resolution, no busy graphic motions or animations, and no coexisting heavy traffic
like large file transferring.
Design
The purpose of this phase is to use a check sheet to verify that the network configuration conforms to the standard
configuration for deploying the MSS. In this phase, you'll document your project, modify your tasks, and run them
in the time frame you need.
For deploying MSS-Site Component, Yokogawa recommends the installation of the following verified standard
model in Table 3.
Table 3: Hardware Specifications for Site Deployment
Vendor Model Specifications
DELL PowerEdge R6515 [CPU] AMD 7402P 2.8GHz,24C/48T,128M,180W,3200
[Memory] 96 GB (32 GB x 3)
[HDD] 4.8 TB (1.2 TB x 4)
[SSD] 2880 GB (960 GB x 3)
Deployment
The purpose of this phase is to prepare the network for MSS installation and to perform all required network
remediation. This Work Pack runs consecutively with the deployment of MSS itself at the customer’s location. After
deployment, it is tested and validated consistently.
Handover to Managed Services

The purpose of this phase is to formally agree that the project deliverables have been successfully completed and
delivered and that the project is ready for handover to the Line of Business. The closeout meeting will include a
review of improvement points. After the agreement, confirm the deliverable with a customer, it is handed over to
operation.
6
 FEATURES [Release R1.6.2]

 Single sign-on user authentication
MSS user logs on Center Component via member site. Besides a username and password, business users are also
asked to authenticate additionally with multi-factor authentication (MFA).
The site responsible person will manage all credentials. For this, MSS is equipped with a dedicated Active Directory
domain which serves as the primary user authentication source. Passwords are not imported within the MSS database;
password validation is delegated to the Active Directory domain controller.
Permissions of each asset are assigned per user or user group. Permissions can be granted not only for each user but
also for each asset.
Table 4: Supported single sign-on protocols

SSO MSS Protocol
Standard authentication MSS Active Directory
Multi-factor authentication Google Authenticator
Member site Entrance of Center Component
Figure 3: User authentication/authorization interface example

 Asset inventory
An asset/application is a monitoring target of MSS. MSS supports monitoring following assets.
Table 5: Asset inventory
Asset/Application Type Asset/Application Subtype
Windows Agent based Compute asset
Compute asset
Windows WMI based Compute asset
Yokogawa Field Control station
Yokogawa Safety Control station
PLC/DCS asset Yokogawa Bus Converter
Yokogawa Vnet Router
Yokogawa Wide Area Communication Router
Field assets Field instruments monitored by PRM
Switch
Network assets
Router
7
Time Server
Firewall
Environmental assets Yokogawa Online Diagnostic Unit
McAfee ePolicy orchestrator
Security applications Microsoft WSUS
Veeam Backup and Replication
Control applications Yokogawa Centum VP
Asset Management applications Yokogawa Plant Resource Manager
Yokogawa Advanced Analytical Instrument
Analyzer Management applications
Management System
< Asset discovery >

MSS provides dynamic asset discovery to further simplify the onboarding process. Assets can be discovered by
scanning one or more IP address range(s). After completing the discovery process, assets can be onboarded via a bulk
onboarding process.
< Field asset discovery >

To onboard field assets, MSS provides Field asset discovery function. List of Field assets are retrieved from PRM and
can be onboarded via a bulk onboarding process.
< Customizable data fields >

MSS allows an assets or application’s attributes fields to be extended as per business requirements.
 Unified web interface across multiple applications

MSS provides data on a unified web interface across multiple applications.
MSS dashboard creates a summary status and key numbers with easy recognizable graphics enabling the user to check
information collected from multiple types of assets while all raw data for each asset can also be viewed. Sites deployed
in MSS can be visualized in Center on the site map view with color markings to indicate the monitoring status. All the
site web interfaces are integrated on a single unified web interface served by Center Component.
MSS allows users to securely connect to the unified web interface from their enterprise network or local network. Users
must bring their own desktop or laptop PC to enter and use the unified web interface; the requirements are shown in
Table 6.
MSS web interface keeps track of all user activities to give the most comprehensive audit trails available.
Table 6: Requirements for user to enter and use the unified web interface
Item Requirement
Hardware Desktop or laptop PC with 1280×800 or higher screen resolution
Operating system Microsoft Windows 10
Microsoft Edge version 101 or higher
Browser Mozilla Firefox version 100 or higher
Google Chrome version 101 or higher
Network (Business user) Https internet connection to Center Component
Network (MSS user) Https intranet connection to Center Component
MSS users can create their own custom dashboards to meet operational needs. Such dashboards can be shared with
other users to collaborate.
8
Figure 4: Example of unified web interface (Site map, Dashboard)

 Asset availability
Asset availability in MSS is determined by,
1. Operational state
2. Heartbeat status
Operational state is a configurable property of an asset/application. MSS users can set the state of an asset in Site
Component.
‘Heartbeat’ is a metric of asset/application that lets users know if MSS can communicate successfully with
asset/application.‘
Table 7: Asset availability
Status Description
Operational State Operational The asset is active in production
Maintenance The asset is suspended temporarily for maintenance
Disposed The asset is no longer used in production is disposed
Heartbeat Status Up MSS can successfully communicate with the asset
Down MSS attempted to communicate, but asset didn’t respond
Turned Off MSS is not attempting to communicate with the device
‘Field assets’ and ‘Agent based Compute assets’ are exception to this.
• Availability of Field assets are determined by the Asset Management Application (such as PRM).
• ‘Agent based Compute assets’ always have an ‘unknown’ status as they do not have a heartbeat collector.
 Data collection for various asset types

MSS provides data collection from various types of assets as shown in Table 10-Table 19 below. The data is collected
in a variety of ways using agent-based and agentless data collection methods conducted by the Site Component of
MSS, and the collected data is stored in an isolated central location after going through the transferring and buffering
process.
The maximum number of assets for data collection is shown in Table 8.
Table 8: Data collection methods
Method Agentless data collection Agent-based data collection
Request/Response/Pull from Site
Communication Push from Compute asset
Component
Installing software on Compute
Not required Required
asset
WMI, SNMP, MSSQL, Yokogawa
Protocol/Program Yokogawa original
original
9
Table 9: Maximum number of assets for data collection per Site Component
Asset type Purdue Level Maximum number of assets per site
Compute asset L2 and L3 240
PLC/DCS asset L1 160
Network asset L2 and L3 330
Environmental asset L2 and L3 20
Field asset L0 24,000
< Computer assets >

Table 10: Supported Compute assets for data collection
Vendor / OS
Microsoft / Windows 10
Microsoft / Windows Server 2019
Microsoft / Windows Server 2016
Microsoft / Windows Server 2012 & R2
* No End of Support (EOS) is supported by MSS
Table 11: Data collected from Compute assets

Data item examples
Method Data type
CPU information
Disk/Volume information
Domain information
Network information
Inventory
System information
Software information
OS patches/versions information
User/Group information
CPU usage
Agentless data Memory usage
collection Network usage
Metric Process
Uptime
Fan
Temperature Probes
Windows logs (Application)
Event log Windows logs (Security)
Windows logs (System)
Operational Status Heartbeat collector
CPU information
Disk/Volume information
Domain information
Network information
Agent-based data
Inventory System information
collection*
Software information
OS patches/versions information
User/Group information
Task information
10
CPU usage
Memory usage
Metric Network usage
Process
Uptime
Windows logs (Application)
Event log Windows logs (Security)
Windows logs (System)
* Selection of the data collection method will be subject to the customer’s demand for data visibility, product
compatibility, restriction by corporate security policies, and other reasons.
< PLC/DCS assets >

Table 12: Supported PLC/DCS assets for data collection
Vendor / PLC/DCS System
YOKOGAWA / CENTUM VP R6 Hardware (FCS, BCV, AVR, WAC) *3
YOKOGAWA / CENTUM CS/CS3000/CS1000/VP R4/R5 Hardware (FCS, BCV, AVR, WAC) *1, 3
YOKOGAWA / ProSafe-RS R4 Hardware (SCS) *2, 3
*1 For monitoring PLC/DCS system, a project connected to CENTUM VP R6 is required.

*2 ProSafe-RS must be CENTUM VP integrated.
*3 Data collection from Hardware is carried out via HIS of CENTUM VP R6.
* No End of Support (EOS) system or hardware component is supported by MSS.
Table 13: Data collected from PLC/DCS assets

Data item examples
Method Asset Type Data type
CPU usage
ECC (error checking and correction) counter
FCS / SCS Metrics HKU (House Keeping Unit)
Control Bus (VNET) usage
Revision info
VNET
AVR Metrics
Revision info
Agentless data
CPU
collection
ECC
BCV Metrics HKU
VNET
Revision info
WAC
WAC Metrics
Revision info
All asset type Operational status Heartbeat
< Field assets >

Table 14: Supported Field assets for data collection
Vendor/Field device
FOUNDATION fieldbus device (via PRM)
HART device (via PRM)
* No End of Support (EOS) system or hardware component is supported by MSS.
11
< Network assets >
Table 15: Data collected from Network assets
Data item examples
Method Data type
PSU status
Serial Number
Object ID
System Name
Description
SNMP data collection Location
(MIB-II) Software version
Status
Network interface Speed
Description
Operational status Heartbeat
CPU usage
Metrics Memory usage
SNMP data collection RX/TX
(Private MIB) *1
Vlan Vlan
Syslog Syslog Syslog message
Refer to Supported Configuration Column of
SSH/Telnet *2 Configuration
Table 17
*1 Private MIB is available at Network assets listed in Table 16

*2 Configuration of a Network asset is collected through SSH/Telnet for few Supported Network assets
Table 16: Supported Network asset for private MIB

Type Vendor Model/Series
MACH 104
Switch Hirschmann
MAR 1040
Table 17: Supported Network asset whose Configuration is collected

Type Vendor Device Configuration
Running Configuration file
Switch Hirschmann Version and Status of System Hardware and Software
Routing Table
< Environmental assets >

Table 18: Data collected from Environmental assets
Data item examples
Method Data type
Temperature
Humidity
TCP/IP data Installation environment Isolation resistance
collection monitoring unit Contact resistance
Dust
Corrosion
12
Table 19: Supported Environmental asset
Type Vendor Model/Series
M1790LL
Installation environment monitoring unit Yokogawa
SV7EM001
 Data collection for various application types

MSS provides data collection from various types of applications as shown in Table 20 -
13
Table 27 below.
The data is collected in a variety of ways using agent-based and agentless data collection methods conducted by the
Site Component of MSS, and the collected data is stored in an isolated central location after going through the
transferring and buffering process.
< Security applications >

Table 20: Data collected from Security applications
Applicatio Data item examples
Method Data type
n Type (* not regarded as part of the specification)
Agents
Inventory
Installed Products
Product Agent
Product Endpoint Security Platform
Metrics
Product Endpoint Security Threat Prevention
ePO Product Virus scan Enterprise
Client Threats
Logs Client Events
Server Audit Logs
Operational Status Heartbeat
Computers
Groups
Inventory Memberships
Agentless data Patches
collection Applicable Patches
WSUS
Download Status
Metrics
Missing patches per computer
Logs Events
Backup Servers
Jobs
Inventory
File Servers
Machines
Backup &
Replication Backup Sessions
Logs Restore Sessions
Replica Sessions
Table 21: Supported Security applications

Type Vendor
ePolicy Orchestrator McAfee
Windows Server Update Service Microsoft
Backup & Replication Veeam
14
< Control application >
Table 22: Data collected from Control applications
Data item examples
Method Application Type Data type
Inventory Project Inventory
Agentless data
Centum Project Logs Historical Messages
collection
Table 23: Supported Control applications

Type Vendor
Centum Project Yokogawa
< Asset Management application >

Table 24: Data collected from Asset Management applications
Application Data item examples
Method Data type
Type (* not regarded as part of the specification)
Users
Inventory
Connected Field Assets
Historical Messages
Diagnostic Events
Agentless data Configuration Events

Yokogawa PRM Logs
collection Authentication Logs
Audit Logs
Application Logs
Metrics Parameters
Table 25: Supported Asset Management applications

Type Vendor
PRM Yokogawa
< Analyzer Management application >

Table 26: Data collected from Analyzer Management applications
Application Data item examples
Method Data type
Type (* not regarded as part of the specification)
Application Users
Inventory
Connected Analyzers
Yokogawa Activity Log
Advanced
Agentless data Analytical Application Log
Logs
collection Instrument Maintenance Events
Management
System Validation Events
Metrics Performance
15
Table 27: Supported Analyzer Management applications
Type Vendor
Advanced Analytical Instrument Management System Yokogawa
 Remote Access
Authorized and authenticated MSS users can remotely access an asset at the customer site from the Center Component
or Site Component.
Each named user has role-based access control (RBAC) permissions, and Site responsible person controls the user
permission.
MSS remote access runs on modern secure web browser applications whose communication is encrypted, and data is
transferred using the Hypertext Transfer Protocol secure (HTTPS) connection only and any other additional software is
not required on user’s device.
MSS remote access is based on Hyper Text Markup Language 5 (HTML5) and it supports following protocols as shown
in Table 28.
- Remote Desktop Protocol (RDP)
- Secure Shell (SSH)
- Virtual Network Computing (VNC)
- Web (HTTP/HTTPS)
Table 28: Supported Remote Access Asset type and protocols
Access method
Asset type
RDP VNC SSH Web
Windows OS computer  *1, 2   
Network assets - -  -
*1 Client editions of Windows allows one concurrent user whether remote or local to make a user session. If a
remote desktop connection made, it will disconnect the existing current user session.
*2 Terminal Server role service installed on a host server enables to provide multiple Remote Desktop sessions
to client users.
Network model for the interactive remote access flows is shown in the following Figure 5.
16

unified web interface
MSS User
MSS Site Component

MSS User
RDP, VNC SSH
Network asset
Computer asset
VPN
HTTPS
RDP, VNC, SSH
Figure 5: Remote Access
Remote Access options

< Remote Access Session Control >
Site responsible person can act as observer or approver for the remote sessions by using various options on MSS
Center and Site Component. The remote sessions can be limited in a specified time or in an application and revoked by
the Site responsible person or automatically.
< Remote Access Session Live View >
Remote access active sessions can be viewed by other users and administrator in Site Component.
< Remote Access Session Recording >
MSS can record remote access session by video and/or transcript keystrokes to help audit purpose.
17
 File Transfer
Authorized and authenticated MSS users can transfer a file at the customer site or users end on the Center Component
and/or Site Component.
MSS supports following file transfers as shown in Table 29.
Table 29: Supported file transfers
Transfer Type Description
User to upload files from Center Component
Upload/Download Center
User to download files from Center Component
User to upload files from Site Component
Upload/Download Site
User to download files from Site Component
Uploaded files are synchronized between Center
Synchronization
Component and Site Component

MSS User
Synchronization
MSS Site Component

MSS User
VPN
HTTPS
File Transfer
Figure 6: File Transfer
All uploaded files will be scanned by MSS anti-virus scanner for detecting virus infections. If a file is found to be infected
or cannot be scanned, it is quarantined.
File Transfer options

< Set expiration date >
MSS deletes any uploaded file after 30 days in the default setting and the expiry date can be modified to delete the file
at a later or earlier.
< Group sharing >
Uploaded files are determined as private in the default setting and the permission can be modified to share.
 Windows Update Server and Anti-Virus software server

The Microsoft security and Anti-virus updates are downloaded from NOC to MSS Center and Site Component
periodically. The architecture and data flow are shown in Figure 7.
Delivery of security updates to endpoint is based on support contract between customer and local Yokogawa office.
< Windows update server >

Windows Update Server is built and maintained as follows:
1. Qualified replication XML files for Microsoft security update are imported into WSUS Server in MSS Center
Component.
2. WSUS Server in MSS Center Component synchronize to Microsoft public Windows Update download site in
internet to download defined scope of security update programs.
3. WSUS Server in MSS Site Component synchronize to primary WSUS Server in MSS Center Component to
replicate new policies including approval list and security update programs.
18
< Anti-Virus software server >
Anti-Virus software server: McAfee ePolicy Orchestrator (ePO) is built and maintained as follows:
1. Qualified anti-virus definition files are imported into MSS Center Component.
2. McAfee ePO Server in MSS Site Component synchronize to primary McAfee ePO Server in MSS Center
Component to replicate new policies and latest virus definition files.
Yokogawa Network Operations

Center
Provides Windows, Anti-virus patches
Replication XMLfiles of Microsoft Security Update

Windows Update Server & Virus definition files for Anti-Virus software
Anti-Virus software server
VPN
HTTPS
MSS Site Component Windows Update download,
Windows Update Server & ePO synchronization
Anti-Virus software server
Windows Update download

ePO synchronization
Computer asset
Figure 7: Windows Update Server and Anti-Virus software server
 Automation (Alerting, Incident Management)

MSS user can create an automation rule in MSS. The rule runs periodically and executes the Action according to
predefined Trigger and Condition.
Figure 8: Automation Flow
Automation supports following Trigger types and data.
Table 30: Supported Trigger type

Trigger Type Description
Event range Compares the asset's aggregated numeric value with specified threshold
State range Check the asset's state change
Compares the asset's numeric value by predefined calculation rule with
State change operator
specified threshold
Time The timestamp of the event
Time pattern Duration of the event/changes
Table 31: Supported data for Trigger

Asset Type Monitoring item
CPU average
Compute asset Memory average
Logical disk used in percentage
19
Logical disk used in bytes

Critical events
Network interface administrative state
CPU average
ECC error counter (left / right)
PLC/DCS asset
Temperature (in / out / battery)
Vnet load
PRM alerts
Field asset
Parameter track change
Network interface operational state
Network interface speed
Vlan administrative state
Network asset CPU average
Memory
Temperature
Interface Admin State
Temperature
Humidity
Isolation
Environmental assets
Contact
Dust
Corrosion
Client threats
Client management status
Client content version
Client on access scan status
Client product version
Security applications (ePO)
Client on access scan status
Client access protection status
Client last full scan date
Client events
Client audit logs
Server synchronization state
Server critical events
Security applications (WSUS) Client synchronization state
Client non installed approved updates
Client non installed critical approved updates
Failed Backup Sessions
Failed Replica Sessions
Security applications (Veeam)
Failed Restore Sessions
Heartbeat
Asset management applications Device Deleted
20
User Logout
User Login
Control applications Historical message
Condition is optional rule to add some exclusive conditions such as Attributes, OR, AND, etc. It prevents further
execution of automation rule unless condition is satisfied. Multiple conditions can be applied on a Trigger to make a
complicated rule.
Action is an operation performed by MSS after identifying an asset that matches the predefined Trigger and Condition.
Table 32: Supported Action type

Action Type Description
MSS alert Creating an alert on Alerts window of Center Component
ServiceNow alert Create an incident in an MSS integrated ServiceNow instance
Email notification Send an email notification
 MSS alerts
An alert created by MSS Automation rule can be viewed in Center Component via ‘Alert view’.
Alerts generated by Automations per site are consolidated and shown in Alert view.
● ServiceNow alerts
For advanced incident management, MSS integrates with ServiceNow. MSS can securely create incidents in
ServiceNow from OT assets using Automation rules.
After creating an incident, it is synced back to Center Component’s Alert view. The synced alerts are read-only and can
only be modified from ServiceNow. MSS tracks all the changes that happen inside ServiceNow and auto-closes the
alert once the incident is resolved in ServiceNow.
ServiceNow
Cloud instance where alert related to
application is created and managed

Creates Incidents based on Automation
rules and asset conditions
VPN
HTTPS
MSS Site Component Data Sync

Syncs asset data to Center Component Incident sync
Specifies Automation Rule
Computer asset
Figure 9 MSS ServiceNow integration
 Email notification
Automations can also be configured to send out email notification in case there are issues with a device. By default,
MSS sends out email notification to Asset custodians. But it can be configured to send out emails to other email
addresses if required.
To prevent spamming users with multiple emails in case of issues, MSS has a limit of sending out one email for every
21
60 minutes per asset per Automation rule.
22
 TRADEMARKS
･ CENTUM, ProSafe are registered trademarks of Yokogawa Electric Corporation.
･ PRM is a registered trademark of Yokogawa Electric Corporation in the United States and Japan.
･ Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and other
countries.
･ McAfee and McAfee ePolicy orchestrator are registered trademarks of McAfee, Inc. in the United States and other
countries.
･ VMware and VMware vSphere are registered trademarks of VMware, Inc. in the United States and/or other
jurisdictions.
･ “FOUNDATION fieldbus” is a registered trademark of the FieldComm Group.
･ “HART” is a registered trademark of the FieldComm Group.
･ Veeam, Veeam Backup & Replication are registered trademarks or Veeam Software, Inc in United States and/or other
jurisdictions.
･ All other company names and product names that appear in this document are trademarks or registered
trademarks of the respective companies.
All Rights Reserved. Copyright © 2021, Yokogawa Electric Corporation GS 43D07N10-08EN Jul. 27, 2023
Subject to change without notice.

GS43D07N10-08EN - 005 Oprex Managed Service - Cloud Edition

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GS43D07N10-08EN - 005 Oprex Managed Service - Cloud Edition

Uploaded by

Copyright:

Available Formats

OpreX Managed Service

 CLOUD EDITION, PURPOSE

Managed Service Delivery

Yokogawa Electric Corporation GS 43D07N10-08EN

 Managed Service Delivery

 MSS platform features

 Yokogawa subject matter expert on-demand online services

< Center Component >

< Site Component >

< Network Operations Center (NOC) >

Network Operations Center

<< Public DC >>

Yokogawa Central Data Center

Customer A Site Customer B Site

<< Local Site >> << Local Site >>

Figure 1: OpreX Managed Service -Cloud edition- Deployment

MSS Center Component

Industrial Security Industrial Security

Figure 2: OpreX Managed Service -Cloud edition- Deployment example

Handover to Managed Services

 FEATURES [Release R1.6.2]

Table 4: Supported single sign-on protocols

Figure 3: User authentication/authorization interface example

< Asset discovery >

< Field asset discovery >

< Customizable data fields >

 Unified web interface across multiple applications

Figure 4: Example of unified web interface (Site map, Dashboard)

 Data collection for various asset types

< Computer assets >

* No End of Support (EOS) is supported by MSS

Table 11: Data collected from Compute assets

< PLC/DCS assets >

*1 For monitoring PLC/DCS system, a project connected to CENTUM VP R6 is required.

Table 13: Data collected from PLC/DCS assets

< Field assets >

* No End of Support (EOS) system or hardware component is supported by MSS.

*1 Private MIB is available at Network assets listed in Table 16

Table 16: Supported Network asset for private MIB

Table 17: Supported Network asset whose Configuration is collected

< Environmental assets >

 Data collection for various application types

< Security applications >

Table 21: Supported Security applications

Table 23: Supported Control applications

< Asset Management application >

Agentless data Configuration Events

Table 25: Supported Asset Management applications

< Analyzer Management application >

MSS Center Component

MSS Site Component

RDP, VNC SSH

Figure 5: Remote Access

Remote Access options

MSS Center Component

MSS Site Component

Figure 6: File Transfer

File Transfer options

 Windows Update Server and Anti-Virus software server

< Windows update server >

Yokogawa Network Operations

Replication XMLfiles of Microsoft Security Update