Abstract: A system, computer program, computer-readable medium and method for providing a redundant relay, particularly routing function in a network, wherein a superordinate subnetwork is connected to a subordinate subnetwork via redundant relays, particularly routers, a maximum of one of the redundant relays is operated in an active mode at any one time, while the remaining relay(s) are in standby mode, each redundant relay forms a relay redundancy module for controlling the relay mode and a DHCPv6 client for processing a prefix delegation, particularly in accordance with RFC 3633, and the redundant relays each include a relay control module, to which the relay redundancy module of the particular relay signals the current relay mode, and the relay control module of the active relay synchronizes a virtual DUID of its DHCPv6 client and/or a prefix delegated to the active relay to the (or each) relay in standby mode.

Abstract: A system, computer program, computer-readable medium and method for providing a redundant relay, particularly routing function in a network, wherein a superordinate subnetwork is connected to a subordinate subnetwork via redundant relays, particularly routers, a maximum of one of the redundant relays is operated in an active mode at any one time, while the remaining relay(s) are in standby mode, each redundant relay forms a relay redundancy module for controlling the relay mode and a DHCPv6 client for processing a prefix delegation, particularly in accordance with RFC 3633, and the redundant relays each include a relay control module, to which the relay redundancy module of the particular relay signals the current relay mode, and the relay control module of the active relay synchronizes a virtual DUID of its DHCPv6 client and/or a prefix delegated to the active relay to the (or each) relay in standby mode.

Abstract: A controller cluster for controlling a technical device with a redundant first automation device and second automation device, wherein a virtual network interface controller is arranged in the automation devices between a first network interface controller and a protocol stack, and wherein the network interface controller administers a cluster hardware address in addition to a standard hardware address and thus the controller cluster, despite there being two automation devices, presents itself externally as one device.

Abstract: A controller cluster for controlling a technical device with a redundant first automation device and second automation device, wherein a virtual network interface controller is arranged in the automation devices between a first network interface controller and a protocol stack, and wherein the network interface controller administers a cluster hardware address in addition to a standard hardware address and thus the controller cluster, despite there being two automation devices, presents itself externally as one device.

Abstract: A method for allocating network addresses for network subscribers in a segmented network having a plurality of subnetworks that are each connected via a subnetwork router to a busbar system that connects them. In one aspect, the subnetwork routers determine a shared address range locally by exchanging router messages that are distributed via the busbar system. Network addresses for the network subscribers are determined within the address range.

Abstract: An automation network connected to an automation installation configured to perform an automation process executable in at least two states, where the access protection accessory comprises network ports, a digital storage medium configured to store at least first and second rules, and a processor configured to read the at least first and second rules, process the rules and receive and forward data via the network ports, and receive at least one signal comprising advice of a change in the state of the automation process. The first rules, in a first state of the automation process, define which received data are forwarded and which received data are not forwarded, and following reception of the at least one signal the second rules define which received data are forwarded and which received data are not forwarded.

Abstract: A method for allocating network addresses for network subscribers in a segmented network having a plurality of subnetworks that are each connected via a subnetwork router to a busbar system that connects them. In one aspect, the subnetwork routers determine a shared address range locally by exchanging router messages that are distributed via the busbar system. Network addresses for the network subscribers are determined within the address range.

Abstract: An automation network connected to an automation installation configured to perform an automation process executable in at least two states, where the access protection accessory comprises network ports, a digital storage medium configured to store at least first and second rules, and a processor configured to read the at least first and second rules, process the rules and receive and forward data via the network ports, and receive at least one signal comprising advice of a change in the state of the automation process. The first rules, in a first state of the automation process, define which received data are forwarded and which received data are not forwarded, and following reception of the at least one signal the second rules define which received data are forwarded and which received data are not forwarded.

Abstract: A method for spreading a computer data structure to nodes of a network is provided. The computer data structure has at least one interface for the interaction with the nodes of the network and useful data. After integrating the computer data structure into a first node, the useful data is installed on the first node of the network via the interface. The first node then detects at least one second node of the network. The computer data structure is then transmitted from the first node to the at least one second node. The useful data is then installed on the at least one second node via the interface. The above-mentioned steps carried out for the second node are repeated for a third, fourth etc. node; the third, fourth etc. node correspond to the second node, and the second node corresponds to the first node.

Abstract: A system and method detect and display a security status of appliances, in particular automation appliances and/or systems. The appliances have a detector mechanism for identification of a security status, as well as an external display and an internal display for the respective status. The internal display can be accessed with the aid of simple network management protocols via a management information base. The status of the internal display is passed on via a data transmission apparatus within the system, and is processed with the aid of a central security server for automation. Joint displays can display the security status of the respective lower-level appliances and/or appliance complexes at any desired hierarchy level in the system. Appliances without any security function can be integrated in the system by a representative.

Abstract: The invention relates to a mechanism and a coupling device, a so-called secure switch, for securing data access of a first subscriber to a second subscriber, wherein the secure switch has a port that is configured to provide an endpoint of a tunnel to the second subscriber through which data can be securely transmitted via an insecure network. The tunnel is established in the secure switch in place of the downstream first subscriber. The invention is advantageous in that security functions can be integrated into existing networks at a later point in time by inserting secure switches.

Abstract: The invention relates to a system and a method for virtual on line process interfacing for distributed engineering systems in automation technology based on a remote desktop protocol. A communication channel is established from any client within the system to a server via the RDP by means of online access. Process data and project planning data are tunneled via the channel. Quasi peer-to-peer communication between random clients in the system is made possible by means of routing on the server.

Abstract: A system and method detect and display a security status of appliances, in particular automation appliances and/or systems. The appliances have a detector mechanism for identification of a security status, as well as an external display and an internal display for the respective status. The internal display can be accessed with the aid of simple network management protocols via a management information base. The status of the internal display is passed on via a data transmission apparatus within the system, and is processed with the aid of a central security server for automation. Joint displays can display the security status of the respective lower-level appliances and/or appliance complexes at any desired hierarchy level in the system. Appliances without any security function can be integrated in the system by a representative.