Industrial automation secure remote access

What is claimed is: 1. A system for providing secure remote access to industrial assets, comprising: a memory that stores executable components; and a processor, operatively coupled to the memory, that executes the executable components, the executable components comprising: a device interface component configured to communicatively connect, via a cloud platform, to gateway devices deployed at one or more industrial facilities, wherein the gateway devices are communicatively connected to industrial assets that operate at the one or more industrial facilities, and the gateway devices respectively execute secure remote access runtime services; a user interface component configured to serve, via the cloud platform, a front-end interface to a client device and to receive, via interaction with the front-end interface, request data comprising a user identity and credential information; an access management component configured to, in response to determining that the user identity and the credential information permit access to a subset of the industrial assets, establish a virtual private network connection between the client device and the subset of the industrial assets via a gateway device, of the gateway devices, that is communicatively connected to the subset of the industrial assets; and an analytics component configured to apply analytics to contextualized industrial data obtained from the subset of the industrial assets based on a virtualized plant that executes on the cloud platform and that comprises digital asset models of the subset of the industrial assets, wherein the contextualized data comprises industrial data and contextual metadata added to the industrial data by the gateway device, and the user interface component is configured to render, on the client device via the virtual private network connection, a unified presentation of the subset of the industrial assets based on the industrial data and to render results of the analytics via the unified presentation. 2. The system of claim 1 , wherein the access management component is configured to establish the virtual private network connection without opening an inbound port through a firewall at an industrial facility in which the gateway device resides. 3. The system of claim 1 , wherein the user interface component is further configured to render, on the client device, data stored on the subset of the industrial assets via the virtual private network connection. 4. The system of claim 3 , wherein the data is at least one of asset status data, asset operation data, asset performance data, asset diagnostic data, or production statistics. 5. The system of claim 1 , wherein the user interface is configured to, in response to the determining that the user identity and the credential information permits access to the subset of the industrial assets, render a list of the subset of the industrial assets for selection, and in response to selection of an industrial asset from the list, deliver a presentation of data retrieved from the industrial asset to the client device. 6. The system of claim 1 , wherein the user interface component is further configured to receive, from the client device, a remote control instruction directed to an industrial asset of the subset of the industrial assets, and the access management component is configured to send the remote control instruction to the industrial asset via the virtual private network connection. 7. The system of claim 1 , wherein the access management component is configured to execute one or more algorithms that determine an optimal connection path from the client device to the gateway device for establishment of the virtual private network connection. 8. The system of claim 1 , wherein the contextual metadata at least one of defines a correlation between two or more items of the industrial data, identifies machines from which the industrial data was generated, or applies a synchronized timestamp to the industrial data. 9. The system of claim 1 , wherein the digital asset models define visual representations and functional specification data for their corresponding industrial assets. 10. A method, comprising: communicatively connecting, via a cloud platform by a system comprising a processor, to gateway devices installed at one or more industrial facilities, wherein the gateway devices are communicatively connected to industrial assets that operate at the one or more industrial facilities, and the gateway devices respectively execute secure remote access runtime services; serving, by the system via the cloud platform, a front-end interface to a client device; receiving, by the system via interaction with the front-end interface, request data comprising a user identity and credential information; in response to determining that the user identity and the credential information permit access to a subset of the industrial assets, establishing, by the system, a virtual private network connection between the client device and the subset of the industrial assets via a gateway device, of the gateway devices, that is communicatively connected to the subset of the industrial assets; applying, by the system, analytics to contextualized industrial data received from the subset of the industrial assets based on a virtualized plant that executes on the cloud platform and that comprises digital asset models of the subset of the industrial assets, wherein the contextualized data comprises industrial data and contextual metadata added to the industrial data by the gateway device, and rendering, by the system on the client device via the virtual private network connection, results of the analytics via a unified presentation of the subset of the industrial assets generated based on the industrial data. 11. The method of claim 10 , wherein the establishing comprises establishing the virtual private network connection without opening an inbound port through a firewall at an industrial facility in which the gateway device resides. 12. The method of claim 10 , further comprising rendering, on the client device, data stored on the subset of the industrial assets via the virtual private network connection. 13. The method of claim 12 , wherein the rendering of the data comprises rendering at least one of asset status data, asset operation data, asset performance data, asset diagnostic data, or production statistics. 14. The method of claim 10 , further comprising: in response to the determining that the user identity and the credential information permits access to the subset of the industrial assets, rendering, on the client device by the system, a list of the subset of the industrial assets for selection, and in response receiving, from the client device, an indication of a selection of an industrial asset from the list, delivering, by the system, a presentation of data retrieved from the industrial asset to the client device. 15. The method of claim 10 , further comprising: receiving, by the system from the client device, a remote control instruction directed to an industrial asset of the subset of the industrial assets; and sending, by the system, the remote control instruction to the industrial asset via the virtual private network connection. 16. The method of claim 10 , wherein the establishing comprises executing one or more algorithms that determine an optimal connection path from the client device to the gateway device for establishing the virtual private network connection. 17. A non-transitory computer-readable medium having stored thereon instructions that, in response