Industrial automation secure remote access

What is claimed is: 1 . A system, comprising: a memory that stores executable components; and a processor, operatively coupled to the memory, that executes the executable components, the executable components comprising: a device interface component configured to communicatively connect, via a cloud platform, to gateway devices deployed at one or more industrial facilities, wherein the gateway devices are communicatively connected to industrial assets that operate at the one or more industrial facilities, and the gateway devices respectively execute secure remote access runtime services; a user interface component configured to, in response to verification of a user identity and credential information, render a list of the industrial assets on a client device for selection; an access management component configured to, in response to selection of a subset of the industrial assets from the list, establish a virtual private network connection between the client device and the subset of the industrial assets via a gateway device, of the gateway devices, that is communicatively connected to the subset of the industrial assets without opening an inbound port through a firewall at an industrial facility in which the gateway device resides; and an analytics component configured to apply analytics to contextualized industrial data obtained from the subset of the industrial assets based on a simulation of a virtualized plant that executes on the cloud platform and that comprises digital asset models of the subset of the industrial assets, wherein the contextualized industrial data comprises industrial data and contextual metadata added to the industrial data by the gateway device, the contextual metadata defines a mathematical correlation between two or more items of the industrial data, and the user interface component is further configured to render, on the client device via the virtual private network connection, a unified presentation of the subset of the industrial assets based on the industrial data and to render results of the analytics via the unified presentation. 2 . The system of claim 1 , wherein the user interface component is further configured to serve a front-end interface to the client device and to receive, via interaction with the front-end interface, request data comprising the user identity and credential information. 3 . The system of claim 1 , wherein the digital asset models define visual representations and functional specification data for their corresponding industrial assets. 4 . The system of claim 1 , wherein the industrial data comprises at least one of asset status data, asset operation data, asset performance data, asset diagnostic data, or production statistics. 5 . The system of claim 1 , wherein the user interface component is further configured to receive, from the client device, a control instruction directed to an industrial asset of the subset of the industrial assets, and the access management component is configured to send the control instruction to the industrial asset via the virtual private network connection. 6 . The system of claim 1 , wherein the access management component is configured to execute one or more algorithms that determine an optimal connection path from the client device to the gateway device for establishment of the virtual private network connection. 7 . The system of claim 1 , wherein the contextual metadata further at least one of identifies machines from which the industrial data was generated or applies a synchronized timestamp to the industrial data. 8 . The system of claim 1 , wherein the digital asset models define at least one of respective kinematic properties or respective mechatronic properties of the subset of the industrial assets. 9 . A method, comprising: communicatively connecting, via a cloud platform by a system comprising a processor, to gateway devices installed at one or more industrial facilities, wherein the gateway devices are communicatively connected to industrial assets that operate at the one or more industrial facilities, and the gateway devices respectively execute secure remote access runtime services; in response to verifying a user identity and credential information, rendering, by the system, a list of the industrial assets on a client device for selection; in response to receiving a selection of a subset of the industrial assets from the list, establishing, by the system, a virtual private network connection between a client device and the subset of the industrial asset via a gateway device, of the gateway devices, that is communicatively connected to the subset of the industrial assets without opening an inbound port through a firewall at an industrial facility in which the gateway device resides; applying, by the system, analytics to contextualized industrial data, received from the subset of the industrial assets, based on a simulation of a virtualized plant that executes on the cloud platform and that comprises digital asset models of the subset of the industrial assets, wherein the contextualized industrial data comprises industrial data and contextual metadata added to the industrial data by the gateway device, and the contextual metadata defines a mathematical correlation between two or more items of the industrial data; and rendering, by the system on the client device via the virtual private network connection, results of the analytics via a unified presentation of the subset of the industrial assets generated based on the contextualized industrial data. 10 . The method of claim 9 , wherein the verifying comprises: serving a front-end interface to the client device; and receiving, via interaction with the front-end interface, request data comprising the user identity and credential information. 11 . The method of claim 9 , wherein the contextual metadata further at least one of identifies machines from which the industrial data was generated or applies a synchronized timestamp to the industrial data. 12 . The method of claim 9 , further comprising: receiving, by the system from the client device, a control instruction directed to an industrial asset of the subset of the industrial assets; and sending, by the system, the control instruction to the industrial asset via the virtual private network connection. 13 . The method of claim 9 , wherein the establishing comprises executing one or more algorithms that determine an optimal connection path from the client device to the gateway device for establishing the virtual private network connection. 14 . The method of claim 9 , wherein the digital asset models define at least one of respective kinematic properties or respective mechatronic properties of the subset of the industrial assets. 15 . A non-transitory computer-readable medium having stored thereon instructions that, in response to execution, cause a system executing on a cloud platform and comprising a processor to perform operations, the operations comprising: communicatively connecting, via a cloud platform, to gateway devices installed at one or more industrial facilities, wherein the gateway devices are communicatively connected to industrial assets that operate at the one or more industrial facilities, and the gateway devices respectively execute secure remote access runtime services; in response to verifying a user identity and credential information, rendering a list of the industrial assets on a client device for selection; in response to receiving a selection of a subset of the industrial assets from the list, establishing a virtual private network connectio