THE REMOTE ACCESS:

SAFE, INTUITIVE,
FLEXIBLE
 HIGHLIGHTS
• IEC 62443 certified solution for remote assistance in any industrial scenario
• Access to remote supervision and control systems and automation devices through a
VPN optimised for industrial communications
• Easy to install, configure and use, it does not require additional hardware and specific
IT knowledge.
• Speed, reliability and low latency guaranteed by the end-to-end connection
• Access to remote devices connected via Ethernet, USB, and serial interfaces
• Transparent management of remote systems, as if they were connected to their
company network, excluding the intervention of the network administrator on any NAT,
proxy, firewall, public IP, or reserved ports
• Multiple simultaneous connections by multiple remote support technicians to operate
on the same machine at the same time
• Advanced user management with profiles and granular permissions, structured and
flexible organization of devices and users
• Advanced audit of administration activities, connections activities and data traffic
monitoring
• Remote device desktop access with process management, file exchange and chat
• Redundant cloud-based server infrastructure ensuring scalability, service continuity,
load balancing and fault tolerance
• Remote desktop and VPN functionality can also be used in a local network without an
internet connection
• Augmented Reality App with VoIP functionality to assist technicians in the field Web API
for maximum integrability into proprietary applications
• Available as a software solution thanks to the UBIQUITY Runtime for Windows OS, from
Windows CE to Windows 10, and Linux Ubuntu22
• Available as a hardware solution thanks to the UBIQUITY Routers
• UBIQUITY RUNTIME is also included in all ASEM operator panels and industrial PCs
 Firewall
Internet Firewall

Firewall

CONTROL CENTER

UBIQUITY CONTROL CENTER WEB UBIQUITY Server Infrastructure

Available as a web application via the portal
https://ubiquity.asem.it/controlcenter/ and
as a Windows application. It allows remote
support technicians to perform remote
assistance by activating device connection Explorer Map View Company domain: 4

and the VPN to access the automation sub- Domain view

1
11 Device Access VPN

network. It enables to manage of users, their

Devices view
24
Device
Map view
Status
permissions and to register and manage Audit 40 Online

remote devices.
Device IP Addesses
Settings 123.123.123.12
123.123.123.11
Tools 123.123.12
1
Log 6 Client Version
12.1.23
Firmware Version
--
CPU Architecture

Explorer Domain View Company domain: 4

Domain view Search

Devices view
COMPANY DOMAIN Permissions
Map view
COMPANY SUB-DOMAIN Company Admin
Audit NAME Company Admin - sales
User name Company Admin - support
Settings
COMPANY DOMAIN Company Admin - name

Tools COMPANY SUB-DOMAIN Permission operations Allow Deny

Log NAME Access user accounts
User name Manage user accounts
User name Manage folders
User name View Connection Audit
COMPANY DOMAIN View Operation Audit
COMPANY DOMAIN Device Installer
COMPANY DOMAIN Device Access

Explorer Map View

Domain view
Author Name Target type Description
Devices view Name Lastname user Control Center Login
Map view Name Lastname admin Contro Center Login

Audit Company support user Edit notes of device

Company user user Change user access
Operations
Name Lastname admin Change view operation audit
Connections
Name Lastname user Change device status

Settings Company support admin Update Firmware version

Name Lastname user Add company admin user
Tools
Name Lastname user Manage user account
Log Company support user Device installer
Company user admin Change device status
Company support user Add device access
Name Lastname admin Add device
 RUNTIME ROUTER AR APP

SOFTWARE APPLICATION HARDWARE SOLUTION AUGMENTED REALITY APP

Installable on devices based on It provides remote support and Available for iOS and Android
x86 platform and Windows ope- remote access to any automa- smartphones and tablets, it
rating systems, starting with tion device or network where extends and simplifies remote
WinCE and ending with Win- an UBIQUITY Runtime cannot support for both field and sup-
dows10, and Linux Ubuntu22 ei- be installed or where there is no port technicians. The device on
ther or based on ARM platform ASEM operator panel or indu- which the App is installed, whi-
and Windows CE operating sy- strial PC. ch can be downloaded for free
stem. It allows access to the sy- from the App Store and Play
UBIQUITY Router also features
stem itself and the automation Store, can be associated with
digital I/O for physical mana-
subnetwork. It requires no addi- the domain like any UBIQUITY
gement of remote access, in-
tional hardware or network con- Runtime.
tegrates networking features
figuration and uses the existing Remote access makes it possi-
such as Routing, NAT and Inter-
Internet connection. ble to: share the scene framed
net Sharing, and finally can pro-
by the camera, guide the opera-
UBIQUITY Runtime is also inte- vide WiFi and Cellular connecti-
tor using annotations that stay
grated and included in all ASEM vity for models that provide it.
locked onto the framed ele-
operator panels and industrial
ments, and enable voice com-
PCs.
munication via VoIP.

UBIQUITY RUNTIME – FEATURES

UBIQUITY RUNTIME FOR IPC (1) AND HMI (2) BASIC PRO

• Interactive tools: Remote Desktop, Chat , File transfer, Task manager

(3)

• VPN to the device with integrated Firewall and Routing Rules

• Support for multiple connections from different Control Center Web App with separate VPNs for each client
• Local Connection to use interactive tools and VPN without internet access

• VPN to the automation subnet with integrated Firewall and Routing Rules
• Serial and USB passthrough
• Internet connection sharing (ICS) with devices on the automation subnet

(1) any ASEM IPC, includes UBIQUITY Runtime Basic license

(2) any ASEM HMI, includes UBIQUITY Runtime Basic or Pro license depending on the model
(3) available on Runtime for IPC and on Runtime for HMI based on WinCE
 UBIQUITY X - CONNECTIVITY SERVICES
UBIQUITY X is a package of advanced cloud-based connectivity services
perfectly integrated into the infrastructure to meet the increasingly dy-
namic needs of companies using remote assistance for plant commissio-
ning, malfunction analysis, remote training, and for all other activities that
especially today’s people choose to carry out remotely in total security.

BUSINESS MODEL
The sales offer for the purchase of UBIQUITY X services is based on a SaaS
business model, which makes the platform for remote assistance even
more competitive and allows new features to be maintained and develo-
ped more easily and efficiently, and provides users with greater flexibility,
speed of configuration, implementation, and upgrade, accessibility and
scalability in subscription option. In fact, UBIQUITY X services can be pur-
chased upon payment of a fee, which entitles users to be sent an activa-
tion key to access the cloud infrastructure managed by ASEM and whose
value is based on the number of simultaneous connections between field
systems and remote support devices (1, 2, 5, 10 or unlimited connections).
 SECURE END-TO-END
CONNECTIVITY
Secure end-to-end connectivi-
ty for device access and use of
SINGLE SIGN-ON interactive services:
A UBIQUITY X domain can be Remote desktop / You do not
configured to use an exter- need to keep RDP services acti-
LOCAL CONNECTION nal Identity Provider based on ve or install additional utilities
It allows you to take full advan- OpenID Connect (OIDC), such such as VNC.
tage of all UBIQUITY features as Azure AD, Auth0, and so on. File exchange / Complete tool
even on a local network without Integration with the external to download and upload remote
Internet access*. Thanks to this Identity Provider is available in files. No need to open shared
innovation, it is possible to: two ways: authentication only folders or install additional ap-
connect via Remote Desktop where authentication is pro- plications such as an FTP ser-
to the UBIQUITY Runtime local- vided by the external Identity ver.
ly, enjoying advanced features Provider, while permissions are Chat / It is possible in many ca-
such as chat, file transfer and managed in UBIQUITY; authen- ses to avoid using the phone to
process management, overco- tication and authorization whe- communicate with remote ope-
ming the limitations of VNC; ac- re authentication is provided by rators and simply take advanta-
cess via VPN to the automation the external Identity Provider ge of the chat, saving costs.
subnet during the development and in addition, permissions
Multi-client / UBIQUITY Run-
and commissioning of machi- are assigned to users through
time supports multiple simul-
nes integrating UBIQUITY Run- group membership, which are
taneous connections by mul-
time or UBIQUITY Router; use provided by the Identity Provi-
tiple Control Center both with
UBIQUITY to connect to remote der during authentication. It is
interactive sessions (remote
devices integrating UBIQUITY also possible to have a mixed
desktop, file transfer, etc.) and
Runtime or UBIQUITY Router, type of authentication where
in VPN. Furthermore, multiple
even when a third-party VPN some users authenticate throu-
interactive sessions can be
provided by the end customer gh the external Identity Pro-
enabled from the control cen-
is required. vider and others authenticate
tre to different devices but with
with UBIQUITY credentials.
only one VPN connection to a
* The feature is supported to remote device.
date only by UBIQUITY Runtime NOTE: Integration first requires Maximum productivity thanks
for Windows, OptixPanels, and a feasibility study by ASEM. to the possibility to operate si-
UBIQUITY Router RK2x. multaneously on the same ma-
chine.

AUTOMATIC SELECTION OF
PROGRAMMABLE UPDATES THE BEST CONNECTION
UBIQUITY devices can be upda- A simple function that mea-
ted immediately and by schedu- sures the quality of the con-
ling the update within a specific nection on both local and re- DEVICE GEOLOCALIZATION
time interval. The process can mote networks. Performance Geolocalization of devices with
be carried out securely and wi- is measured in terms of latency positioning on geographical
thout the need to be on site. time, jitter, and packet loss. map.
 ADVANCED USER
ADVANCED AUDIT MANAGEMENT
ASSISTANCE REQUEST UBIQUITY allows the creation of
UBIQUITY records on cloud do-
Support for sending notifica- main all the connection acti- an unlimited number of users,
tions for the request for assi- vities to devices and domain user groups, device groups,
stance directly from the system administration operations. The each with different access ru-
in the field. administrator can check at any les. Four different user profi-
The support request is sent di- time the workload carried out les:
rectly from the UBIQUITY Runti- by the after-sales support ope- Administration: allows the ma-
me interface by simply clicking rators, verify the correctness of nagement of users and folders.
a button inside the UBIQUITY the work performed, and obtain Device Installer: allows to add
Runtime control interface. statistics for: new domain devices.
The Control Center user • customer Network security: allows con-
enabled to receive assistance • device figuration and fine-tuning of
requests, will see a visual noti-
fication (pop-up) that indicates
• operator firewall rules.
Remote access: allows to
the request from the field ope-
practice remote access ses-
rator. It is also possible to con-
sions.
figure the sending of an e-mail
following the request for assi- Users can flexibly imple-
stance to the authorized sup- ment their own organisational
port technicians. structure (consisting of users,
administrators, power-users,
third parties involved, limited
users, etc.) to reach in a flexi-
ble and controlled way all plants
worldwide with the possibility
AUGMENTED REALITY to create subdomains, local and
Easy and intuitive to use global users. Useful for separa-
UBIQUITY AR makes visible ting domain management into
in Control Center the scene independent subdomains re-
framed by the camera of the presenting different business
operator’s smart device in the units and/or facilities located in
CONNECTION AUTHORISATION field with the possibility of different geographic areas.
creating 3D annotations, 2D
Through Control Center, it is freehand drawings, and texts
possible to configure UBIQUITY on the scene framed by the
Runtime on a device so that it camera both by the operator
requires interactive confirma- and by the remote support
tion from the field operator on technician from Control Center,
possible incoming connections being able to communicate
from Control Center by remote easily both by voice thanks to
support technicians. Once the VoIP technology and through
incoming connection is accep- the integrated chat.
ted, a widget always appears in
the foreground that will indica- Fully integrated into the WEB API
te the remote users currently UBIQUITY ecosystem, it
Web APIs that enable the inte-
connected and with which it is ensures:
gration of UBIQUITY’s features
possible to interrupt remote • Permission management with third-party web applica-
connections at any time. • Cybersecurity standard tions, enabling an advanced
IEC62443 interoperability level with bu-
• Connection log siness management tools such
as ERP or plant monitoring da-
• Sending of “requests for
shboard.
assistance”
 SERVER INFRASTRUCTURE
To provide excellent service, ASEM has set up a redundant
and globally distributed server infrastructure that ensures
scalability and service continuity.
THE PRIVATE SERVER INFRASTRUCTURE
In the same way, it is possible to replicate and set up a pri-
vate server infrastructure managed independently. The Private Server package allows the user to install
a private server infrastructure in completely inde-
pendently. The private server can be installed on
dedicated machines or cloud servers. There are two
implementation options: Primary Server and Secon-
dary Server.
Primary Server
• Contains data: manages authentication, per-
missions, security
THE UBIQUITY SERVER INFRASTRUCTURE • Manages the licenses of UBIQUITY Runtime, ac-
quired by the client
Through ASEM’s cloud-based public server infra-
structure, each customer, within its domain, is not • Performs the relay function for the implementa-
subject to any limitations regarding the maximum tion of end-to-end communication
number of configurable users, associated devices, Secondary Server (optional)
concurrent sessions, free access to network traffic • Optional package with relay functions. You can
via VPN. buy several secondary servers and install them in
The infrastructure has two servers in Europe, two different parts of the world by building a second
in the United States (West and East Coast), one in server network parallel to the “public” network
South America (Brazil) and two in Asia-Pacific. • Implements the relay function for end-to-end
The ASEM public server infrastructure uses the best communication
security techniques for information exchange such • Multiple geographically distributed instances
as SSL/TLS and public-key encryption to guarantee can be installed to decrease latency and balance
the confidentiality and integrity of the exchanged traffic
data.

PUBLIC PRIVATE NOTES

Remote update of UBIQUITY Router

Only by manual setting the address in the Control

Map localization
Center

VPN Mobile

Augmented Reality

Request of assistance

Request of user authorization

Audit of Connections details

On public server available only with the Unlimited

Concurrent access
concurrent connections

Two factor authentication

 UBIQUITY ROUTER
UBIQUITY ROUTERS complete the range of Remote As- Also available with GLOBAL 4G modem, Wi-Fi interface,
sistance Solutions. The integrated UBIQUITY software and 4-port Ethernet switch, ensuring extensive connecti-
creates a VPN between the remote assistance PC and the vity options. Reliable and sturdy, thanks to the extended
router, enabling access to automation devices connected temperature range, UBIQUITY routers can also be used in
via Ethernet, Serial, or USB interfaces. harsh environments.

Firewall
Internet Firewall

Firewall

CONTROL CENTER ROUTER

UBIQUITY Server Infrastructure

ROUTER RK20 RK21 RK22

WAN 1x Gigabit Ethernet 1x Gigabit Ethernet 1x Gigabit Ethernet

1x Switch Ethernet
LAN 1x Gigabit Ethernet 1x Gigabit Ethernet
(4x Gigabit Ethernet)

USB 1x USB 2.0 1x USB 2.0 1x USB 2.0

SERIAL 1xDB9M 1xDB9M 1xDB9M

Cellular
(not available for RK21 - WiFi
CONNECTIVITY
version)

Wi-Fi

DIGITAL INPUT/ OUTPUT

VPN

NAT/ROUNTING

INTERNET SHARING

INTEGRATED FIREWALL

-20°C + 60°C with radio module

OPERATING TEMPERATURE
-20C + 65°C without radio module
 REQUIREMENTS
UBIQUITY CONTROL CENTER AND UBIQUITY TOOLS

SW REQUIREMENTS OPERATING SYSTEM HW REQUIREMENTS

Windows 10

Windows Server 2008, 2008 R2, 2012, 2012 R2,

.NET Framework 4.0 Client Profile 2016, 2019 512 MB RAM, CPU 1.6 GHz or faster

Only by manual setting the address in the Control

Center

UBIQUITY RUNTIME

SW REQUIREMENTS OPERATING SYSTEM HW REQUIREMENTS

Windows CE 6.0 (x86)

.NET Compact Framework 3.5 256 MB RAM, CPU 500 MHz or faster
Windows CE Compact 7.0 (ARM, x86)

Windows XP SP3

Windows Embedded Standard 2009 (XPe)

Windows Embedded Standard 7 (7E and 7P) 32-bit

NET Framework between 4.0 and 4.7.1 and 64-bit
(4.0 is distributed with the setup)
Windows 7 32-bit and 64-bit
512 MB RAM, CPU 500 MHz or faster
Windows 10, Windows 10 IoT Enterprise

Windows Server 2008, 2008 R2, 2012, 2012 R2,

2016, 2019

Linux Debian 10
X Window System (X11)
Linux Ubuntu 20

VPN MOBILE

HARDWARE OPERATING SYSTEM SW REQUIREMENTS

Please check Android compatibility

Android 4.1 or later
documentation

UBIQUITY VPN MOBILE APP

HARDWARE OPERATING SYSTEM SW REQUIREMENTS

Please check Android compatibility

Android 7 or later Please visit https://developers.google.com/ar/
documentation
discover/supported-devices
Please check Apple compatibility documentation iOS 11 or later for a complete list of supported devices

UBIQUITY PRIVATE SERVERS

HOSTING OPERATING SYSTEM SW REQUIREMENTS

PRIMARY SERVER:
Microsoft SQL Server 2012 Express or later
2 public IP addresses,
Windows Server 2008 R2 SP1 x64 (with .NET Framework 4.6.1 Client
one of them associated to an Internet Domain
KB2533623) .NET Core Hosting Bundle
name
Windows Server 2012 R2 x64 (with KB2999226) Web server: IIS 7.5 or later (with TLS 1.2)
SECONDARY SERVER:
SMTP Server
1 public IP address
SSL certificate
 UBIQUITY / 01.2024
Copyright © ASEM 2024

ASEM S.r.l.
Via Buia 4 Phone: +39/0432-9671 email: industrialautomation@asem.it
33011 Artegna (UD) | Italia Fax: +39/0432-977465 website: www.asemautomation.com