Remote access to PLC...

Mas01

Member
Mas01
Join Date
Oct 2020
Location
Leicester, England
Posts
1,109
I asked my manager recently if I could have remote access to the PLC, so that, if ever the need arose, I could do code updates remotely without having the need to be physically in front of the PLC. I thought this would be a good idea, particularly as I live some distance away.

However, this suggestion was met with short shrift, citing potential viruses, firewall issues etc. I can sort of see the argument, but I don't know if it is being overstated.

Do you have remote access to your PLC? What are you able to do remotely (just monitor or do updates too? Obviously, no wiring updates) & what software do you use to establish the connection?

Thanks
 
Last edited:
Mainly use OpenVPN. Can do everything as if you were direct connected next to it with an ethernet cable.

I've also used eWon Cosy which does the setup for you, but you pay for the privilege. OpenVPN is free.
 
I've set up a VM on an ESXI hypervisor that I use for all my PLC programming. I then connect to it via VPN & VNC. I use ZeroTier, but OpenVPN is good, too.
 
I work for an OEM and we routinely use e Won VPN gateway devices but that does come at a cost. You can setup a free account but that would be limited.

An alternative you might look at is I xon cloud products.

Sell it to your production manager as a way to log production data securely to the cloud (additional licence required).

Nick
 
It's a legitimate concern from your manager if I'm honest... but if you have a decent IT department in the company, this can be alleviated by the installation of two firewalls. One that you control and another that they control. Do not, ever, ever, allow IT access to your domain. They don't grant you access to theirs and that is fine.

I currently have access to my plant remotely. I have to connect the company's VPN to enter their network. Then I need to log in to my gateway PC that sits inbetween the two firewalls. From that PC, I can remote into the two engineering stations in my network and if I need to log in to a data or hmi server, I'll jump from the engineering stations. It feels like the movie Inception. LOL

Depending on your contract, you may be able to say no to travel to the plant to sort something out and state that you can't leave the house, but would happily sort it out remotely if you had the access.
 
Also using eWon Cosy.
There is a variant that has its own 4G and SIM card.
And a variant that goes over the companys LAN. In the latter case, the router accesses the company LAN and internet like any other PC. The companys IT may assume the task of managing the router which may help in getting acceptance.
In either case, this gives you a VPN into the machine network, but not to the companys internal LAN.

If the above is unacceptable to the company, then ask them to setup their own VPN. And they can make it so that it is only enabled when there is the need for it, and then only with a time limit.
I bet you that the company IT already have a VPN so they can go online to troubleshoot from home.
 
Last edited:
In either case, this gives you a VPN into the machine network, but not to the companys internal LAN.
Click to expand...
Just make sure that you change the setting to send all data over the VPN, or don't change the setting to block data going from the machine to the WAN connection, otherwise if somebody did get your Login and Password they could in theory use the PLC to access the company LAN. An explanation: I have a headless Linux computer on the machine side of an e WON and a Modem on the WAN side, I have to allow data from the machine side to the modem side so that emails can get through. if I don't change the all data over VPN settings I can access the Modem settings via an SSH connection to the Linux computer over the VPN connection.
 
Go to the IT department of the company and have a VPN client installed on your laptop.

There is no need for firewalls or more antivirus, since VPN is intrinsically secure.

If it is configured correctly it will work the same as if it were in the plant. You can even use the company's printers remotely

For this to work, the server part of the VPN must be installed on the servers, although there are also solutions based on hardware that is attached to the switch rack, for example the one from Fortinet.

If the company does not have an IT department, it will have to be done by an external company.
 
i understand his concern. we used kerio control at a plant.
you log into it, then when logged in, you log into your plant account and gain access to your systems. it logs everything, and even locks you out after a specified number of failed log in attempts.
regards,
james
 
lfe said:
Go to the IT department of the company and have a VPN client installed on your laptop.

There is no need for firewalls or more antivirus, since VPN is intrinsically secure.
Click to expand...

The firewalls are there to avoid IT getting into the controls network... they're the biggest concern usually. Imagine coming in to work one day and all your SCADA clients now have Windows 10 installed obviously not working anymore.
 
cardosocea said:
The firewalls are there to avoid IT getting into the controls network... they're the biggest concern usually. Imagine coming in to work one day and all your SCADA clients now have Windows 10 installed obviously not working anymore.
Click to expand...

Or they installed updates and did a forced reboot that trashed the database on your scada...
 

Similar Topics

Dayvieboy
Remote access to an Allen Bradley PLC without RsLinx Enterprise
Besides a $3,000 license to purchase a RsLinx Gateway License for every remote computer network that I work on. Is there another way to get to a...
Replies
4
Views
2,690
Dayvieboy
Dayvieboy
T
Remote PLC/HMI access 4G/WiFi/LAN
Hi all, What is everybody using for getting access to remote machines PLC/HMI local network for snagging and debugging from their desk ? We...
2
Replies
21
Views
9,861
Ken Roach
Ken Roach
N
Omron PLC and HMI Remote access.
Hi All, We are looking at installing remote access for a client so that we can log-in remotely and troubleshoot the PLC but also so that the...
Replies
7
Views
2,613
Bobobodopalus
B
M
PLC Remote Access with same subnets/IPs on PLCs
Hey Everyone, I hope someone can help me. I have softether running on windows server on a VPS. I have successfully setup up server and clients and...
Replies
6
Views
2,801
matt303
M
P
Remote PLC access
Hello, I'm using a 1769-L33ER, Panel View Plus 7 and a Cradlepoint router COR IBR900 Series. All 3 devices are in the same local network. Right...
Replies
1
Views
1,484
diat150
D
Back
Top Bottom