Emerson Exchange 365

Managing multiple passwords is a familiar dilemma for many people these days. But for systems engineers working behind the scenes, meeting all the requirements to balance access with security is critical, especially when multiple systems and thousands of accounts are involved.

To make things easier for end users and IT administrators alike, Merck found a way to authenticate access to its enterprise network, plus the DeltaV distributed control system, with a single login. The results of this project will be presented at the 2014 Emerson Global Users Exchange in Orlando, Florida.

Robert Keyser, senior automation engineer at Merck, outlines a typical scenario faced at the enterprise level. “A lot of DeltaV customers start with one or two systems, eager to build the right system for a specific project and process. Getting it up and running is easy, but usually a system management plan takes time and thought to evolve.”

For companies like Merck in a strictly regulated pharmaceutical manufacturing environment, user activity in the control system process is audited to ensure accountability. Every individual must have a unique DeltaV user account. While the DeltaV login is simple, remembering another user name and password for the enterprise system wasn’t so easy. Why? Because each password had to be changed every 90 days.

Merck has many DeltaV systems, typically concentrated on a single site or regionally. Users from one system are likely to have a role in other, related systems. Each system is usually a self-contained domain. Though a user may have similar or even identical account names on each one, none of those accounts are linked.

“Unlocking and resetting passwords in a DeltaV domain is easy enough, but not exactly what administrators want to spend too much time on,” says Youssef El-Bahtimy, systems integration technologist at Proconex, an Emerson local business partner. “Keeping track of user employment and account access for manufacturing, quality and compliance, metrology, process engineering and automation staff can be a large task. DeltaV administrators may not have time to manage it expeditiously.”

Addressing these challenges, Keyser drove an initiative whereby the DeltaV systems cross-reference account credentials with the Merck enterprise user directory. This approach simplifies authentication for users and, at the same time, streamlines administration for system owners. It also mirrors a larger industry trend to consolidate security, reducing risk while gaining efficiency.

“Our solution lets users enter a single login to access enterprise and DeltaV systems,” Keyser explains. “Tech support calls are minimized. And DeltaV access is automatically blocked when employees leave the company.”

DeltaV users can now access their account using the same credentials they use for email and other Merck business systems. Less IT administration allows automation engineers to focus on other priorities. The company saves numerous hours each month on password maintenance. And security requirements are met with passwords managed at the corporate level, rather than duplicating to the control system. With an efficient and secure solution in place, Merck enterprise systems engineers and DeltaV account holders are enjoying a friendlier user experience.