PLC Remote Access

Lots of vendors out there

Wow- A lot of vendors out there. Will throw a couple more in the mix. Netbiter by HMS has similar functionality. Believe they have just bought out e*** which is blanked out above.

My experience has been more on the cellular connected units. In that realm, superiority in terms of price( < $300) and functionality - as of late - has been with a product from InHand Networks. Was able to use both a direct connection to the field device and a server routed connection without too much hassle. The direct connection was used for data monitoring ports and all other connections( e.g. PLC download ports) were routed through the server. This allows for the central controller that is within the remote PLC network to poll it and also for me to perform other functions such as update the PLC program through the server based connection. Some other platforms allowed for one or the other.

This way, there is no monthly data subscription fees to be paid to use the remote gateway device for data monitoring. Believe InHand also has a configurable switch product that will perform similarly for non-cellular situations where internet access is available onsite, as described by the OP.
 
The outright best method is to do the following:
1. Have the customer reserve a range of IP addresses on their network for all the devices you want to have access to; (I simply put all my devices on their range).
2. Request a Client-to-Site VPN with access(peering) to your range.
3. Update all your devices to the given range and include the GATEWAY that the site/customer should supply.

The benefits are;
1. It is the Site/Customers responsibility to secure the device network from their local network and the WAN.
2. The Site/Customer can keep an eye on the VPN.
3. If you need to connect for support simply connect to the VPN with your programming PC and you will now have access to all your devices as if you just plugged into a switch in the panel.
 
why does somebody need a remote access to PLC code apart from backup / code view reasons ? I guess these remotely setup people do not want to download or edit the code ?
 
Codeblue Quote "The outright best method is to do the following":
I wonder if people with maybe more knowledge will agree with your option.
Personal,
I would have thought the outright best method is NOT TO allow internet access, of course no one would hack any thing surely.
 
Remote access is of course to provide support and troubleshooting. And programming as well.
I work remotely a lot of the time - usually making changes to systems that are running.

It a time saver on-site as well. In plants that have hundreds of PLCs it's a lot faster to connect over the LAN to check something than to physically have to go and hook up to the PLC itself. From there to having remote access is a small step.

The only way I would allow remote accesss is over VPN with two-factor authentication. So you have the VPN connection with password etc but also something like an RSA key or smartcard or similar.

.
 
Last edited:
duckman said:
Codeblue Quote "The outright best method is to do the following":
I wonder if people with maybe more knowledge will agree with your option.
Personal,
I would have thought the outright best method is NOT TO allow internet access, of course no one would hack any thing surely.
Click to expand...

I see where you are coming from and in an ideal world an air-gapped system is the way to go but in my line of factory automation we have always needed remote 24/7 support and normally need to interface with ERP or WMS systems.

At least with a proper VPN the local IT team can manage the risks and take the blame :p
 
DINT2 said:
why does somebody need a remote access to PLC code apart from backup / code view reasons ? I guess these remotely setup people do not want to download or edit the code ?
Click to expand...

Remote access can be a fantastic diagnostic tool for an OEM. If the customer calls and requests service, normally the OEM would have to send out a service guy to even find out what the problem is. It could be simply that one of the e-stops has been pushed, or it could be that a part needs to be replaced.

With remote VPN access, the OEM can dial in (with the end user's consent) and go online with the PLC to see what is going on. This allows them to filter out the calls where nothing is actually wrong, ans save the cost of a service call for the cases where it is actually required. In addition, it means the service tech can be prepared with both materials and knowledge needed for the repair.

This allows the OEM to provide the same service to the End User at a much lower cost, which will proably be shared to the End User, a win-win.

It is often considered a best practice to have the VPN endpoint tied to a keyswitch on the panel, which allows the customer to manually enable/disable the VPN tunnel. The access is only available as the customer desires it, and the connection still requires a high level of encryption to keep hackers out.
 
mk42 bollocks.
PLC once commisiones and bought code, runs its code intil line breakdowns.

once line breakdowns you can not fix it remotely without being onsite unless you some sort of cameras etc.
 
Almost all places have VPN access, if at least for the office side. IT should (but they often fight this) setup a VLAN for the controls side to keep office isolated from controls. They should give your VPN account access to strictly the controls VLAN. This tends to work out well and keeps you from accessing things you shouldn't.
 
DINT2 said:
mk42 bollocks.
PLC once commisiones and bought code, runs its code intil line breakdowns.

once line breakdowns you can not fix it remotely without being onsite unless you some sort of cameras etc.
Click to expand...

You are correct, one the PLC has its code, it keeps running practically forever. But other parts can break (like a limit switch), and sometimes operators are just stupid.

It costs money to send a service tech out, even if the problem is that the operator doesn't know how to press the "Cycle Start" button, or how to reset the estop. If the OEM can remote in, they can see what is stopping the sequence and give advice. Problem solved in 5 min instead of 5 hours.

If the problem is that the operator IS pushing the button, but the contact is broken, they can remote in, and watch the status not change in the PLC, and then make sure the field service tech has the correct parts when he is sent out.

It isn't about FIXING things remotely, its usually about being able to DIAGNOSE remotely. Can something be fixed over the phone, or is it actually worth sending a guy onsite? It's the same reason that your IT guy asks if your computer is plugged in as step 1 of troubleshooting. No point in coming out, if the problem is something the customer can fix for himself.
 
mk42,
my logic is: if company uses PLCs ---> there is a Controls Engineer employed by the company.
if there is no Controls Engineer ---> company runs @risk & remote connection will not help.
 
DINT2 said:
mk42,
my logic is: if company uses PLCs ---> there is a Controls Engineer employed by the company.
if there is no Controls Engineer ---> company runs @risk & remote connection will not help.
Click to expand...

The companies I work with usually have entire staffs of engineers, electricians and maintenance personal. But sometimes they can't figure out the problem - within a reasonable amount of time. If it causes a production stop (all of them are 24/7/365 plants) they will call. If it is possible to diagnose the problem remotely it saves them time and money. Usually it's done together with personal that are there and can measure, check and operate whatever is needed.

PLC and control systems come in different sizes. Some of them are small and don't have much I/O or complexity while others are huge and very complex.

I also work with industrial IT and also DCS systems and then it makes even more sense with remote access because the problem is usually not solved any better by being there.

.
 
Last edited:
DINT2 said:
mk42,
my logic is: if company uses PLCs ---> there is a Controls Engineer employed by the company.
if there is no Controls Engineer ---> company runs @risk & remote connection will not help.
Click to expand...

Quite narrow logic... In our case we often install where there are no other pieces of equipment or where the engineers on site don't have extensive knowledge of the system.

PLCs don't need a lot of maintenance so not surprisingly many production and process plants don't see the point of paying good money for a controls guy to sit around waiting for a rare failure, especially as any decent controls guy would be bored to death of a job like that and bugger off somewhere more interesting. More often you get a maintenance electrician or instrumentation engineer who calls in support from the supplier if it's beyond their knowledge. Then you need remote access, especially if the customer is in Turkey, Russia, Iraq, Thailand etc. and the supplier is in England...
 
amberman said:
Quite narrow logic... In our case we often install where there are no other pieces of equipment or where the engineers on site don't have extensive knowledge of the system.

PLCs don't need a lot of maintenance so not surprisingly many production and process plants don't see the point of paying good money for a controls guy to sit around waiting for a rare failure, especially as any decent controls guy would be bored to death of a job like that and bugger off somewhere more interesting. More often you get a maintenance electrician or instrumentation engineer who calls in support from the supplier if it's beyond their knowledge. Then you need remote access, especially if the customer is in Turkey, Russia, Iraq, Thailand etc. and the supplier is in England...
Click to expand...

I think this is pretty accurate and is the use-case for a lot of companies.

I am the automation (and network, audio, et al) for our company. We install escape rooms across the country. It's absurdly silly to pay a control guy to sit around and wait for something to possibly fail. If I get a call from a location manager saying "XYZ isn't working", I can VPN in and look at the status monitors to see what is going on. Then from there over the phone, I can take someone who has next to zero technical knowledge and troubleshoot over the phone with them. Oh look, this switch has failed. Why did it fail? Did the customer smash it to bits, did it die of old age, or was it just a low quality switch in the first place?

I can usually fix in a few minutes over the phone (or at least diagnose the problem) what used to cost a flight, hotel, rental car and two days of labor or calling in a local service technician (who is used to plant automation, not amusement automation) at $80/hr.

I'll take the first option, Alex!
 

Similar Topics

Mas01
Remote access to PLC...
I asked my manager recently if I could have remote access to the PLC, so that, if ever the need arose, I could do code updates remotely without...
2
Replies
16
Views
5,064
James Mcquade
J
Dayvieboy
Remote access to an Allen Bradley PLC without RsLinx Enterprise
Besides a $3,000 license to purchase a RsLinx Gateway License for every remote computer network that I work on. Is there another way to get to a...
Replies
4
Views
2,689
Dayvieboy
Dayvieboy
T
Remote PLC/HMI access 4G/WiFi/LAN
Hi all, What is everybody using for getting access to remote machines PLC/HMI local network for snagging and debugging from their desk ? We...
2
Replies
21
Views
9,852
Ken Roach
Ken Roach
N
Omron PLC and HMI Remote access.
Hi All, We are looking at installing remote access for a client so that we can log-in remotely and troubleshoot the PLC but also so that the...
Replies
7
Views
2,612
Bobobodopalus
B
M
PLC Remote Access with same subnets/IPs on PLCs
Hey Everyone, I hope someone can help me. I have softether running on windows server on a VPS. I have successfully setup up server and clients and...
Replies
6
Views
2,800
matt303
M
Back
Top Bottom