Secure Remote Access for OEM Vendors.
OEM vendors and contractors need access to your machines. An open VPN into your production network is not the answer. On-premise bastion host. MFA-enforced. Session-scoped. Fully logged.
Replace VPN with Controlled Access.
Five capabilities that replace risky open VPN tunnels with session-scoped, MFA-enforced remote access — all on-premise, fully auditable.
On-Premise Bastion Host
Purpose-built remote access gateway deployed in your facility. OEM vendors connect through the bastion — never directly into your production network. Zero cloud exposure.
MFA Before Every Session
Multi-factor authentication enforced before any vendor session begins. Works with your existing identity provider or standalone MFA. No exceptions, no bypass.
Full Session Recording
Every vendor session recorded — screen activity, commands executed, files transferred. Playback-ready for incident investigation and compliance audit.
Machine-Scoped Access
Each vendor sees only the specific machines they're authorized to maintain. No lateral movement into the broader factory network. Access expires automatically when the session ends.
No VPN Into Production
Replace open VPN tunnels that expose your entire OT network. The Access Gate creates time-limited, scoped connections — closing automatically when maintenance is complete.
Trusted by manufacturers across the supply chain.
on-site CUI data flows, from engineering designs to production plans, aligned with CMMC Level 2 compliance.
Trusted by leading companies
“The Trout Access Gate gave us a clear path to CMMC compliance without disrupting our manufacturing operations.”
Ready to get started?
Talk to our team to see how the Trout Access Gate fits your environment.
Download the Access Gate Datasheet.
Get the complete product overview including the on-premise bastion host architecture, MFA enforcement, session recording, and CMMC alignment.
What's Inside
Remote access architecture, on-premise bastion host, MFA enforcement, session recording, CMMC Level 2 and NIS2 compliance alignment.
See It in Action
Request a live demo to see how vendor access works through the Access Gate bastion — secure, scoped, and fully logged.
Common Questions About Secure Remote Maintenance.
open VPN tunnels into your production network. The Access Gate replaces persistent VPN with session-scoped, time-limited access.
VPNs grant broad, persistent network access — once a vendor is connected, they can often reach systems far beyond what's needed for maintenance. The Access Gate scopes each session to specific machines, enforces MFA, records all activity, and closes access automatically when the session ends.
Yes. The Access Gate acts as a controlled gateway — vendors connect to the bastion host from anywhere, authenticate with MFA, and get scoped access to only the authorized equipment. The production network itself is never directly exposed.
Every vendor session is recorded — screen activity, commands, files transferred. Recordings are stored on-premise under your control. They're immediately accessible for incident investigation, and can be provided for compliance audits and CMMC assessments.
Sessions expire automatically at a configured time limit or when the vendor disconnects. No persistent access remains. Each new maintenance event requires fresh authentication and re-authorization — no standing access.
Yes. The Access Gate supports concurrent vendor sessions with independent policies per vendor, machine, and time window. Each vendor sees only their authorized equipment — no cross-vendor visibility.
