Remote access of control systems

jman02

Member
J
Join Date
Jun 2011
Location
new orleans, la
Posts
8
I'm looking for advice on ways to remotely access control systems at customer's facilities throughout the world. We use Modicon M340 PLCs and Telemecanique XBTG family of HMIs. Currently we use a modem/router in the control boxes that is connected to the PLC and HMIs through unmanaged switches. Each device has a unique IP address assigned by our company, each customer has a unique range of IP addresses assigned to them. Customers supply a dedicated phone line to the router, and we "call" the router in order to connect to the equipment. Phone lines are slow and unreliable, especially for troubleshooting and making changes.

The only other option I know of is supplying a computer for the customer with the programming softwares for all equipment, and setting up the computer on both the customer's network for internet access and the equipment network. But then we would have to manage software upgrade and any other PC issues that could come up.

Any other options/suggestions? Thanks in advance.
 
There are various options and I am sure that others will chip in. I have found that a simple option is device called an e*W*O*N.
http://www.e*w*o*n.biz/en/e*w*o*n-2005cd-4005cd.html?ewp=4
The filters here don't like the name of the device, remove the *s to get the right web address.

You have to provide it with access to the internet, it then makes a connection using OpenVPN to a system in the US. On your computer you make a separate connection to the system and the system then joins the two ends of the network together so that have access to your machine. Internet access can be anything, dsl, leased line, mobile 3G, whatever you have available. If your customer allows it you can use their site internet connection, then it is very easy, they just need to have Port 1194 or Port 443 open on their outgoing firewall.
 
:)

I've worked with these, very good devices and simple. 3G communication = no need for IT dept. 3G on one side and MPI on the other is possible. Some extra features like sms alarming is also possible with these baby's :).

Regards,
Combo


BryanG said:
There are various options and I am sure that others will chip in. I have found that a simple option is device called an e*W*O*N.
http://www.e*w*o*n.biz/en/e*w*o*n-2005cd-4005cd.html?ewp=4
The filters here don't like the name of the device, remove the *s to get the right web address.

You have to provide it with access to the internet, it then makes a connection using OpenVPN to a system in the US. On your computer you make a separate connection to the system and the system then joins the two ends of the network together so that have access to your machine. Internet access can be anything, dsl, leased line, mobile 3G, whatever you have available. If your customer allows it you can use their site internet connection, then it is very easy, they just need to have Port 1194 or Port 443 open on their outgoing firewall.
Click to expand...
 
BryanG,Combo -- thanks for the info, this looks promising. Other than the alarm capabilities, serial port, and other advance features, would a standard router allow me to accomplish the same...i.e. connect to a PLC from the internet. Do routers have the capability of communicating both with the outside internet and with the equipment's static network?
 
We use the SonicWall TZ series quite a bit. http://www.firewalls.com/sonicwall/sonicwall-firewall/sonicwall-tz-firewalls/sonicwall-tz-200/

To do what you need would be less than 500 per unit depending on the options you want.

This will let you do a VPN into the plc network. You can use a air card for access or the companys network.

The difference between this and the **** is IT will need to be more involved for the sonicwall than they would be for the ****.

Tofino is another option that i also use and it is made just for control sytems and gives you VPN function also. DIN rail mount and real nice.

Here is a link to tofino http://www.tofinosecurity.com/products/Tofino-Firewall-LSM

Best thing is to have the company IT dept make a Vlan for the equipment network that goes throught the corporate firewall with minimal scanning and then set a router/firewall on that vlan.

This way all WAN traffic from different machine vendors can be routed to their machines network and thats all that vendor can see is his or her equipment.

Thats what i do.
 
i.e. connect to a PLC from the internet. Do routers have the capability of communicating both with the outside internet and with the equipment's static network?
Click to expand...
You go use a program on your machine called eCatcher which takes you to a site that shows a list of all the machines that you have registered on an account (the basic account is free). You click to connect to a machine and you are connected to the LAN as though you were standing in front of the machine. So you have access to the machine LAN via the Internet. The machine has access to the Internet depending on settings you put in to the e*W*O*N. So the machine can email out, have access to web pages, whatever you want. You can access the e*W*O*N device on the machine LAN to change settings, set alarms, view internal web pages, view logs, etc.

The bits it wouldn't do is:
DHCP server ie give out IP addresses to devices on the machine LAN.
To act as a DNS forwarder, so you have to set static DNS servers on each device on the LAN that needs 'descriptive' access to other web connected systems. What I mean by 'descriptive' is www.google.co.uk rather than http://209.85.146.104.

The DHCP bit isn't a big deal because you usually set devices to specific IP addresses so that you know where to find them.
The DNS forwarder is a bit of a pain to me because my machines move from place to place and in theory I would have to change the settings for each move. The workaround is to use a public DNS provider such as OpenDNS whose DNS servers are at fixed public IP adresses.

Their 'Support' isn't perfect, they prefer you to contact the person you bought the e*W*O*N from, who should be an expert.
 
I,ve had great results with the e*w*o*n units, I now have them set up across our group in several countries, I connect through talk to M which has machines set up as individual names/factories... Pretty straight forward to set up to.

Regards

John V
 
Thanks for all of the suggestions. I also stumbled across Red Lion Data Station Plus. Does anybody have any pros/cons on this device and/or company?
 
why not a d-link 3g modem?

I know this was posted a while ago, but I'm looking for a similar solution and wanted to know what the difference was between using the e*w*o*n 3g modem and just a regular 3g modem/router (specifically dir-412)
The d-link dir-412 has an option where you can set up a virtual server and access it from a remote location.
also, the price of the d-link is $60 compared to over $1000 for the e*w*o*n, plus the service.
 
The **** is hardened for a industrial enviroment. Also it can have alarms to email and text and other features. Using the talk 2 M service with it you can access it from anywhere and have multiple users with different levels of authority on the system.

These are the key differences.

In my experience the SOHO gear just does not hold up on the factory floor.
 
They are very different things. The d-link modem gives you an outgoing connection from the inside network to the Internet but it is a lot harder to get an incoming connection from the Internet to the inside network. You can't sit in one place behind a d-link router (say 192.168.1.4) and enter an IP address of a device on another d-link router (say 192.168.0.5) and expect them to connect together, the Router doesn't know where to send the data. You can play with Port Forwarding and Dynamic DNS but it soon gets cumbersome. The e.w.o.n makes an outgoing connection to a server, your computer makes an outgoing connection to the same server and the server joins the two end together so that you can talk to any device attached to the e.w.o.n.

There is supposed to be a new cheaper e.w.o.n.
http://www.****.biz/en/****-cosy-141.html?ewp=33 (replace the **** with the name that cannot be written)
but there seems very little information yet.
 
Beside for remote programing with ***. Can we have HMI on our site to online monitoring with PLC on remote site? Or can we set PLC from site-A communicate to other PLC from site-B ?
 
Since I started this post a while ago I've had good success w/ the ****, and the customer service they provide is pretty good too. Not as easy as plug and play, there's initial configuring to do which can be troublesome the first time, but not too bad after getting the hang of it.

As far as connecting PLC/HMI from home site to monitor PLC on remote site, I'm pretty sure this will NOT work. But if their tech support says otherwise please let us know because that is pretty powerful (and dangerous).
 

Similar Topics

BobB
Remote access and control
I have to provide remote access and control to a touch screen. I was thinking about using Weintek and the Weincloud. Does anyone know if this is...
Replies
11
Views
594
atc222
A
A
Remote Access to PLC to monitor and control?
Hello friends I have a water level control, with ML1400 and PanelView1000 through Ethernet. I need to monitor and control this simple machine...
Replies
5
Views
2,214
einnh
einnh
U
Remote Access to AB Control/Compact Logix
Hi All I did a search of the forum and I didn't find anything that I appeared to be about my issue. A little baskground first. All our machines...
2
Replies
16
Views
9,632
Dravik
D
G
Remote Access to a Control Logix System
Can anyone provide me with a solution to the following? I have been asked to provide remote dial in access to a site 100 miles away from my...
2
Replies
20
Views
11,462
gareth.cantrill
G
M
Toyopuc PCWin & ScreenWorks Remote Access
Hi everyone, I have a project involved with Toyota whereby the customer would like to be able to control devices within a booth using a portable...
Replies
0
Views
232
Mintycakes
M
Back
Top Bottom