Remote Access Solutions for Industrial Devices

strantor

Member
S
Join Date
Sep 2010
Location
katy tx
Posts
401
Hello,
I am looking for a solution to remotely access any kind of device securely across the internet. I know this has been done in piecemeal fashion since the days of dialup and I am not a total stranger to this kind of thing myself, but I have never come across one device that covers all the bases. I have used Proxicast Pocket Ports and E W O N devices to establish remote Ethernet connection but that does not help if a serial connection is waiting on the other end. I have used Moxa serial servers to make a serial connection over LAN but that doesn't help if you can't access the LAN. I have used KVM over IP devices and some of them have USB ports, but I'm not trying to look at remote video displays. Some of my jobs involve a laptop on the other end that I can access via TeamViewer or RealVNC, but doling out laptops gets expensive and/or counting on 3rd parties to have the needed software on a laptop that hasn't been crippled by their IT department is hit-or-miss.

To boil it down, I need some sort of magic box (or magic method) having all or most of the ports used for industrial comms, anywhere it's located, replicate its ports in a way that is accessible to my laptop as if those ports were physical ports on my laptop. It needs to work with VMware Workstation the same way that the ports on my laptop do. Serial, USB, ethernet, all of the things, and preferably more than one of each. Use cases:

- Someone plugs a Siemens Profibus/MPI adapter into the magic Box's USB port and my laptop detects a new USB device connected. I can access that Profibus adapter from a Siemens VM running on my laptop, and go online with a Siemens PLC 500 miles away.
- Someone connects an ethernet cable between the magic box and the isolated LAN of a Rockwell-based production line with an IP scheme like "10.10.100.xxx," and if I set the IP address of network adapter in my Rockwell VM, I can go online with any PLC, VFD, HMI, or other device on that LAN.
- Someone connects the RS485 port of a Toshiba soft starter to the box's RS485 port, a USB cable between a Click PLC and the box's USB port, and an RS232 cable from a EA9 HMI to the device's RS232 port. Now I can go online with all 3 devices and map MODBUS addresses between the PLC and soft starter and add displays for that data to the HMI. (from 1000 miles away, and using software in two different VMs)

It would be cool if the magic box had the option to access the internet over the LTE network but I assume that WiFi and/or Ethernet solutions are probably the best I can hope for (if I can hope for anything along these lines). If all else fails I could roll my own with a VPN switch in a box with various USB and serial device servers, but I would rather have a simple (looking) single device that requires zero (ok, minimal, realistically) setup from whoever might be on the other end, apart from plugging the thing in. Absolutely zero "Ok now I need you to connect a laptop to it, go into its web UI, and change this to that so that I can access it." Something that George from accounting wouldn't take one look at and throw his hands up, saying "Man I don't know anything about this electronical stuff."

Any recommendations?
 
Possibly this from Moxa:
https://www.moxa.com/en/products/industrial-computing/arm-based-computers/uc-8410a-series#resources
I use it for collecting data, but I know that you can use Real COM to map serial ports, here is a manual:
https://cdn-cms.azureedge.net/getme...-debian-9-arm-based-computers-manual-v5.1.pdf
Depending on the version you can get it with a cellular modem/router and WiFi, it can even have Bluetooth. I haven't used the cellular or Wifi versions, so can't answer questions on those, I don't know if you can have both at the same time. As for whether it will meet all your requirements, that is beyond my knowledge, but it might be worth asking Moxa.
 
BryanG said:
Possibly this from Moxa:
https://www.moxa.com/en/products/industrial-computing/arm-based-computers/uc-8410a-series#resources
I use it for collecting data, but I know that you can use Real COM to map serial ports, here is a manual:
https://cdn-cms.azureedge.net/getme...-debian-9-arm-based-computers-manual-v5.1.pdf
Depending on the version you can get it with a cellular modem/router and WiFi, it can even have Bluetooth. I haven't used the cellular or Wifi versions, so can't answer questions on those, I don't know if you can have both at the same time. As for whether it will meet all your requirements, that is beyond my knowledge, but it might be worth asking Moxa.
Click to expand...

Thanks, I was not aware these existed and I have immediate need of them for other reasons. I was planning to use (gasp) Raspberry Pi for that project, but now I know better.

But as far as the real COM thing goes, the way I interpret the manual starting on page 27, it is describing the Moxa Linux system's ability to read from a separate Moxa NPort device that is running it in real COM port mode. I did not see mention of the Moxa Linux system being capable of hosting its own serial ports over IP.
 
I am impressed and appreciative of how you boiled down the requirements, and I think a lot of us have had similar experiences with VPN routers, rigged-up remote PCs, and terminal servers. I think what you want is what the IoT guys like to call an "Edge Device" before they wrap it in their value-added services and acronyms.

It would be really something if such a device was able to be piped directly to VMWare Workstation and VMWare Tools or the Virtual Network Editor. With the Broadcom acquisition I don't see anything like that happening.

One software product I can endorse is FlexiHub, which is basically a cloud-brokered port redirector.

What I used it for was USB over IP. We had HMI computers around the world running Indusoft Web Studio, connected to ControlLogix. Win7 and Win10 Professional boxes, with TeamViewer to give me VPN access to the PLC network and the remote desktop.

FlexiHub allowed me to also install the IWS development environment on these computers, but keep my expensive hard activation dongles at home. I would connect up my local USB ports to the remote computer using FlexiHub, and then remote in to their desktop and start up IWS Development.

(Yes, there were other ways to do that with IWS but I had reasons.)

For me, a small Linux box with ZeroTier and FlexiHub might tick all those boxes. Maybe some of the other industrial VPN routers with a serial device server will do the job with some dependency on a third party cloud service.

Anecdata: I do remote access frequently, and consider myself good at it. But Murphy's Law dictates that your most sophisticated customer with billions of dollars at their fingertips will also have one bar of cellular signal in their factory and a guest WiFi system with 2-factor authentication that defeats all automatic connections, and an enterprise LAN more jealously guarded than Jenny Dunlop's dress zipper on prom night.
 
Thanks, I was not aware these existed and I have immediate need of them for other reasons. I was planning to use (gasp) Raspberry Pi for that project, but now I know better.
Click to expand...
I am just starting the journey the other way round :ROFLMAO:. I no longer need so many serial ports and have just bought a couple of Pi Computes and motherboards.

On earlier versions of this (UC7410) Moxa had a software utility that allowed you to graphically set up multiple Serial to IP channels, I can't find that for the UC8410a. However the UC8410a device is just an embedded computer that is running Linux Debian 9, so it should be pretty easy to set up Serial to IP connections. Raspberry Pi also runs Debian, so I web searched for 'rapspberry pi serial to ethernet':
https://stb-tester.com/blog/2016/10/28/build-your-own-serial-to-ethernet-server
https://forums.raspberrypi.com/viewtopic.php?t=313423
https://sourceforge.net/projects/ser2net/
https://serverfault.com/questions/490477/windows-linux-socat-to-share-a-serial-device-over-ip
https://www.baeldung.com/linux/make-virtual-serial-port
Of course you still need to create the Virtual COM port on your Windows computer, and you need a secure way to access the UC8410a over the Internet.
 
Regarding this requirement:
strantor said:
- Someone plugs a Siemens Profibus/MPI adapter into the magic Box's USB port and my laptop detects a new USB device connected. I can access that Profibus adapter from a Siemens VM running on my laptop, and go online with a Siemens PLC 500 miles away.
Click to expand...
The regular Siemens USB-to-MPI/DP PC-adapter cannot be used with routing, and the high-end CP5711 USB-to-MPI/DP adapter is quite expensive. Also it is a clunky solution.

I strongly recommend to go for an Ethernet-to-MPI/DP adapter such as sold by Deltalogic, Helmholz and others. This makes it straightforward to go online with legacy Siemens S7 PLCs that do otherwise not have an Ethernet connection. And it isnt very expensive either.
 
Ken Roach said:
I am impressed and appreciative of how you boiled down the requirements, and I think a lot of us have had similar experiences with VPN routers, rigged-up remote PCs, and terminal servers. I think what you want is what the IoT guys like to call an "Edge Device" before they wrap it in their value-added services and acronyms.
Click to expand...
"The IoT Guys" - what's with those guys, anyway? Is there a "boot camp" they go to, where they learn how to all talk the same? They remind me of "the UX guys" and "The Alternative Energy Guys." Talk for an hour without saying anything, or at least saying everything except what their tech actually can and can't do, but imply that literally anything is possible. They change the names of things to make them sound like new innovations while driving off folks like me who would have otherwise been more engaged by association with things already familiar. Their websites and presentations seem to all come from the same source of noninformation, just a bunch of sleek minimalist graphics with obligatory cumulus cloud icon and reimagined 1995 server database icon pasted into each and every slide.


Ken Roach said:
It would be really something if such a device was able to be piped directly to VMWare Workstation and VMWare Tools or the Virtual Network Editor. With the Broadcom acquisition I don't see anything like that happening.
Click to expand...

I like the way that Moxa does it with the NPort devices. They have a software (NPort Administrator) that sets a virtual COM port which appears to windows as a physical COM port. This software can be installed in a VM and doesn't need any integration with VMWare itself. The integration is already handled at the network level by Virtual Network Editor.


Ken Roach said:
One software product I can endorse is FlexiHub, which is basically a cloud-brokered port redirector.
Click to expand...
Thanks, I came across that last night and thought it looked promising. The only issue is that to host a physical serial port, the remote machine must be a Windows machine. So Something like the Moxa ARM Linux box or RPi wouldn't work unless you use a USB-Serial coverter (and I didn't actually see confirmation that that would work either). It's still doable but would require a more expensive SBC/IPC capable of running Windows.

Ken Roach said:
FlexiHub allowed me to also install the IWS development environment on these computers, but keep my expensive hard activation dongles at home. I would connect up my local USB ports to the remote computer using FlexiHub, and then remote in to their desktop and start up IWS Development.
Click to expand...

Well, that's something I hadn't thought of (sharing devices in the other direction) but now that you mention it, I can think of cases where that would be handy too.

Ken Roach said:
Anecdata: I do remote access frequently, and consider myself good at it. But Murphy's Law dictates that your most sophisticated customer with billions of dollars at their fingertips will also have one bar of cellular signal in their factory and a guest WiFi system with 2-factor authentication that defeats all automatic connections, and an enterprise LAN more jealously guarded than Jenny Dunlop's dress zipper on prom night.
Click to expand...

I felt that in my core just now. You know what, the client that deliberately creates this digital hellscape is the client I don't feel bad about billing for a round trip plane ticket, hotel, and 2 days onsite for a 90 minute task.
 
BryanG said:
I am just starting the journey the other way round :ROFLMAO:. I no longer need so many serial ports and have just bought a couple of Pi Computes and motherboards.

On earlier versions of this (UC7410) Moxa had a software utility that allowed you to graphically set up multiple Serial to IP channels, I can't find that for the UC8410a. However the UC8410a device is just an embedded computer that is running Linux Debian 9, so it should be pretty easy to set up Serial to IP connections. Raspberry Pi also runs Debian, so I web searched for 'rapspberry pi serial to ethernet':
https://stb-tester.com/blog/2016/10/28/build-your-own-serial-to-ethernet-server
https://forums.raspberrypi.com/viewtopic.php?t=313423
https://sourceforge.net/projects/ser2net/
https://serverfault.com/questions/490477/windows-linux-socat-to-share-a-serial-device-over-ip
https://www.baeldung.com/linux/make-virtual-serial-port
Of course you still need to create the Virtual COM port on your Windows computer, and you need a secure way to access the UC8410a over the Internet.
Click to expand...

Thanks for those links! I was reading up a similar tree last night but you found a couple of things that I didn't. It's all more involved than the "out of the box" solution that I would have liked but if it avoids paying for cloud services and buying expensive IPCs then it's worth digging into. I have a couple Raspberry Pis I could test with, and just see if it's not as hard as it seems. Setting up Socat on the remote machine seems easy enough but the hard part as I see it, will be turning it back into an emulated COM port on the laptop, in a way that plays nice with (for example) RSLogix 500 that already has plenty enough quirks talking to devices that are physically connected.
 
JesperMP said:
Regarding this requirement:
The regular Siemens USB-to-MPI/DP PC-adapter cannot be used with routing, and the high-end CP5711 USB-to-MPI/DP adapter is quite expensive. Also it is a clunky solution.

I strongly recommend to go for an Ethernet-to-MPI/DP adapter such as sold by Deltalogic, Helmholz and others. This makes it straightforward to go online with legacy Siemens S7 PLCs that do otherwise not have an Ethernet connection. And it isnt very expensive either.
Click to expand...

Well isn't that something... Before I even get started I stumble upon a scenario where it doesn't work. It was only an example but I suppose that should serve as a red flag.

When you say routing are you referring to the routing built into Siemens software? Because that's not what I am talking about; I mean to fool Siemens software into thinking that the USB is plugged physically into the laptop. Or is there something about the TX/RX timing that precludes transmitting it over IP? If so, do you know of any other devices which would also not work remotely? I imagine some of the old AB stuff wouldn't work; the stuff that requires a Windows XP desktop with a physical COM port for example.
 
strantor said:
When you say routing are you referring to the routing built into Siemens software? Because that's not what I am talking about
Click to expand...
Yes that was what I meant.
For example if you want to debug some device that is on another port on the PLC than the one the PC Adapter USB is plugged into, then that wont work.

strantor said:
I mean to fool Siemens software into thinking that the USB is plugged physically into the laptop.
Click to expand...
I honestly dont know if that will be an issue or not. Theoretically it should work the same as if plugging a USB into a VM host and letting the VM guest use it. That works OK with the Siemens PC Adapter USB. One potential drawback is that the USB gateway has to be placed right next to the PLC.
 
chud said:
We use Secomea and they have serial port options as well as mobile network, wifi,Lan,etc
Click to expand...

Can you confirm that Secomea routers allow you to actually program devices across the internet? Because the datasheet doesn't come right out and say that it's possible, and certain wording makes me suspect this is only intended for data collection. Also do you have any ballpark idea what the subscription cost is per unit?
 

Similar Topics

BobB
Remote access and control
I have to provide remote access and control to a touch screen. I was thinking about using Weintek and the Weincloud. Does anyone know if this is...
Replies
11
Views
600
atc222
A
M
Toyopuc PCWin & ScreenWorks Remote Access
Hi everyone, I have a project involved with Toyota whereby the customer would like to be able to control devices within a booth using a portable...
Replies
0
Views
239
Mintycakes
M
K
Esp8266 Based Remote Access Device Project
Hello everyone, nowadays i am working on a project for remote access to our machines. We are using a remote access module, but i want to make my...
Replies
0
Views
397
Kizilelma
K
D
Remote SCADA access to S7-1200 (V14 TIA)
Hello PLC Friends, I'm starting my final year project with a given rig and I'm thinking about incorporating a remote access feature where I can...
Replies
2
Views
369
JesperMP
JesperMP
K
remote access with or without ping
We need to access a Plc remotely (from another country) to troubleshoot and assist. The Plc is connected to an Ethernet Switch which has a port...
Replies
9
Views
1,478
DaDaDadeo
DaDaDadeo
Back
Top Bottom