Blog > Automation > Networking with Remote Connectivity Appliances
Remote connectivity is more critical than ever. I believe many of us are faced with new and unusual challenges with the lockdown of the country and the world. Many manufacturers are deemed essential and are in production while the engineering and support staff are working from remote sites. Remote connection challenges include connecting into the plant control network for monitoring, troubleshooting, and making modifications to procedural issues.
There are a few different remote connectivity technologies to remote into a network or controller. In the old days, we had dial-up modems that require a POTS (plain old telephone service) dedicated line. That connection was direct, and security was not as much a concern. In today’s modern times, connections are Ethernet-based, opening many security concerns.
Secure virtual private networks (VPN) are secure connections over public networks that allow remote connectivity. Many companies have VPNs for employees to access business systems, email, and typical office functions. If you want to VPN into your Rockwell Automation® Ethernet network, the firewall must be configured to allow that traffic. Rockwell Automation knowledgebase tech note QA54467 defines ports that need to be unblocked.
So, what if your IT department refuses to open the firewall ports so you can connect to your control system? What are your other remote connectivity options? Remote desktop is where you connect your remote PC to a PC connected to the network inside the firewall. These software packages, while free for personal use, do require a subscription or perpetual license for commercial use. Remote desktop is just that. When connected to the remote PC, all the resources must reside on that remote PC. If you want to go online with a Logix controller on Ethernet, the PC must be connected to that network with an activated copy of Studio 5000®.
Many manufacturers make cloud-based VPN appliances to promote remote connectivity. I am very familiar with the Ewon® product, so I will use it as an example. Cloud-based VPNs use an outbound connection on ports 443 or 1194. For port 443, if you do not recognize it, it’s the port to the World Wide Web (WWW) via HTTPS. This is the exact same secure port you might use to sign-in to your online banking portal. Appliances have a connection to a cloud-based server (WAN) and a connection to the local network (LAN). Using the client software, a secure encrypted outbound connection is established.
There are several advantages to using a remote access appliance. First, only a connection to the web is required, as they typically work with existing firewall rules. Second, only the devices connected to the LAN side may be accessed remotely. Lastly, they work with most major brands of control systems. With the Ewon solution, you can also control the remote connectivity from the factory floor using a physical key switch. The switch can be paired with an email or text notification, so both the equipment manufacturer and the end-user are notified that a remote connection is active. Finally, ensure that whatever VPN solution you choose has third-party cybersecurity certifications and has undergone penetration testing. Security by obscurity is not a strategy!
Your facility requires a unique solution to meet the needs of your business and the employees who support it. Our Automation Specialists are here to help you evaluate your needs and recommend the right technology. Contact us today!