Connecting to a PLC via the WWW

Hi fellars,

I have PLC system being set up about 2K miles from my office. In the past I have used regular dial up modems to connect to remote PLCs. I would like to be able to log on to the PLC system from anywhere in the world via the Web for upgrades etc.
What do I need for this to happen besides a fixed IP on the destination PLC and access trough my customers router (server)?.
Is there something called VPN involved in connecting remotely to PLCs via the Web?

Thanks,

It's actually possible to put the PLC on the Internet without using the protection of a VPN but that's a bad idea because everyone in the world can then connect to that PLC. Beside, the plant have to afford a static IP just for PLC.

Most cases, the PLC reside in customer's private IP domain and you access it through a VPN connection. Once VPN is estiblished (there are software and hard VPN), your PC will look just like a local PC in the plant and you connect the the PLC as if you are on their local network.

I access my SLC5/05 at my office from my home via VPN all the time. Works great. The best way I've found is to have hardware VPN endpoints at each end, that way neither the PLC(s) or your computer(s) need anything special. At the very least you need a VPN endpoint(sometimes called a concentrator) at the remote(where the PLCs are) end. This endpoint must have direct IP connectivity to the hosts(PLCs) of interest. This endpoint must then be reachable from the Internet, usually by assigning it a public IP address. Giving that IP a registered domain name would be a nice plus too. Personally I've used Cisco's PIX devices for this purpose with good results. Of course this depends quite a bit on the nature of the network you are integrating in to, but something like their ASA 5505 would probably work. If they already have a firewall and/or router, many commercial grade products(not the $50 Dlink/etc stuff you find at BestBuy) already have VPN termination capabilities.

If the customer has an IT department, ask them to set it up for you. For your, "what's a VPN", do it yourself approach you have a few options:

1. Windows Server based approach. My preference if you only expect a couple of concurrent users. Make sure that you have a dedicated NIC for the VPN (optional) - in that case the operating system will tighten down firewall policies to only those needed. The advantage is that Windows Clients can use the builtin Windows VPN, which is really easy to use without installing any additional software. I've had great experiences with this approach - no security problems.

2. Cheap home routers with VPN capabilities. These have hardware VPN endpoints, which used to only be available for lots of $$$. Still good reason to go with more complex Cisco solutions. These also work well, but often require separate client software to connect, often times that you must buy. I think they use IPSec based protocols.

Orn Jonsson said:

Hi fellars,

I have PLC system being set up about 2K miles from my office. In the past I have used regular dial up modems to connect to remote PLCs. I would like to be able to log on to the PLC system from anywhere in the world via the Web for upgrades etc.
What do I need for this to happen besides a fixed IP on the destination PLC and access trough my customers router (server)?.
Is there something called VPN involved in connecting remotely to PLCs via the Web?

Thanks,

Click to expand...

Depends on the type of VPN you setup, I connect to my Cisco PIX based VPN all the time when I'm on the road. Uses the regular Windows PPP client. At home, I have another PIX, so no client is required.

Really - it supports the Windows PPP client? I've only used the Cisco (software based) client to connect a PC to a remote Cisco VPN.

Good point, VPNs can also be established as permanent tunnels between sites.

I doubt OP is looking for a Cisco Pix. Their more typical application is firewall services, with a price range from about $1000 to $20,000+ (unless you go on ebay).

Jason Valenzuela said:

Depends on the type of VPN you setup, I connect to my Cisco PIX based VPN all the time when I'm on the road. Uses the regular Windows PPP client. At home, I have another PIX, so no client is required.

Click to expand...

You can get a brand new entry level ASA 5505 for around $300. I'd bet it would be cheaper and more reliable than a Windows Server solution.

Another way would be to dust off some 'old' PC and load up Linux/BSD/whatever. Free software is available for those platforms to do VPN termination. Takes a little more time and requires some *nix skills though.

Fair 'nuff. I certainly wouldn't buy a brand new Win 2003 server just as a VPN endpoint. Lots of ways of doing it. I'd ask the IT department to provide that service for you.

Jason Valenzuela said:

You can get a brand new entry level ASA 5505 for around $300. I'd bet it would be cheaper and more reliable than a Windows Server solution.

Another way would be to dust off some 'old' PC and load up Linux/BSD/whatever. Free software is available for those platforms to do VPN termination. Takes a little more time and requires some *nix skills though.

Click to expand...

...and you certainly don't need a fix IP address. Got many ones connected without this. Some through sat linx. Slower but functional.

If you can afford to have a local PC, its even better.