Remote internet connection to HMI (on the same network as the gateway.)

[AutomationTechBrian]

Alright, Okie, you've got my curiosity. It's been so long since I've worked with that customer's setup... I can't remember the details. I just remember setting up the 2nd Ethernet port so he could see the HMI on his office laptop, and then thinking it would be nice if I could see it as well. But I just assumed I'd have to be on that network to do so.

A little bit later this afternoon, I'll hook up to my Stride account and dial into their machine. They power down the panels on the weekend, but the PLC and HMI and all the switches should still be on.

For some reason, I can't update the HMI program through the Ethernet port on this re-branded Red Lion. They included a note when I installed the HMI several years ago that said I couldn't use the Ethernet port for programming. So I have a serial cable with a USB converter that I just leave there for making changes. I don't know the details why... I just accepted that fact and moved on.

I remember feeling a little envious of everyone here using Crimson 3, while I was stuck with Eurotherm's "GUIcon 2.0". Red Lion has pretty good tech support, but Eurotherm was understandably a little weak for the HMIs they sold. I quickly found that I had to pretend I had a Red Lion HMI to get some of my questions answered. It was fine to ask some general questions... until the Red Lion tech would ask to see my file. Then I'd mention that I'm using the re-branded HMI, and they'd say he wasn't supposed to help me. ...ouch!

So while I would do another Red Lion HMI in a heartbeat, I'd probably never choose a re-branded HMI again. (Tangent: I remember a servo manufacturer salesperson giving a presentation on their system. He pulled out the HMI with their name on it, and I could see it was another re-branded Red Lion. I made a quick comment about it being a Red Lion HMI, then realized there's no way I'd go this route again.)

I'll poke around and get back. I'd like to nail some of this down a little more, whichever route I end up taking.

 

[AutomationTechBrian]

Okie: Ok!!! I set up the web Server service in Stride (thanks for that!), adding port 80. But now how do I get my browser to dial in that IP address? Just to see what would happen I put the http://192.168.1.100 in Chrome, on the VM attached to the Stride Account, but not surprisingly it could not find that location. How does this work?

 

[AutomationTechBrian]

...I'm reading the manual about it now.

 

[OkiePC]

Okie: Ok!!! I set up the web Server service in Stride (thanks for that!), adding port 80. But now how do I get my browser to dial in that IP address? Just to see what would happen I put the http://192.168.1.100 in Chrome, on the VM attached to the Stride Account, but not surprisingly it could not find that location. How does this work?

1. Your HMI must have the web server enabled.

2. What version of Crimson are you using? In 3.0 the default settings are fine.
In 3.1, I had to change a setting to get good results. On the Advanced Tab, set Compression > Compress Reply to "Never". Also, in 3.1 you can choose HTTP or HTTPS...this changes the port number you would use in the Stridelinx...my screen shot in my previous post is for the standard HTTP.

3. Inside the network, you would just use your browser like you described....compatible IP address, type the HMI IP into the URL bar. Chrome sometimes makes you spell out the prefix (HTTP://xxx.xxx.xxx.xxx) but usually it will fill that in for you...

4. Outside the network via the Stridelinx router, you use the Stridelinx website to connect. You have to enter your credentials to gain access to your configured routers, then click on the router you are concerned with. The service you have configured will be listed by name. Click on that, and a new tab will open up with the URL created by the router.

 

[AutomationTechBrian]

...and there it is!! I don't get to design HMI screens very often, but there is the first one I did after school. (Looks like I could clean it up a little.)

Thanks, Okie! I'm a very visual learner, so your screenshots were helpful.

 

[OkiePC]

More...

 

[OkiePC]

and my HMI

 

[AutomationTechBrian]

Okie: your last post happened while I was busy reading.

Two things I had to accomplish
1. I had to push the config to the router.
2. Green dot means it's not connected, blue means it's connected. Make sure it's blue.

After I turned the dot blue, I pinged the HMI... success! It's always the dang details!

 

[OkiePC]

...and there it is!! I don't get to design HMI screens very often, but there is the first one I did after school. (Looks like I could clean it up a little.)

Thanks, Okie! I'm a very visual learner, so your screenshots were helpful.

Excellent. Now you just have to add the supervisor to allow him/her to access that router. It is super easy to do with Stridelinx...but not so easy to find where...It's obvious how to add users to access all devices, but if you have multiple stridelinx routers, you just want them to access theirs and not all your other clients.

In the Devices view, click the ellipses next to the router they need to access. A popup will appear with a button labeled "Invite". Then you just enter the email address for the new person. I think it gives you the option to edit the default invitation email, but it will send the new person a link to create a password and that's it. Have them download the Stridelinx app for their phone and add a browser bookmark to stridelinx.com on their PCs.

 

[OkiePC]

Okie: your last post happened while I was busy reading.

Two things I had to accomplish
1. I had to push the config to the router.
2. Green dot means it's not connected, blue means it's connected. Make sure it's blue.

After I turned the dot blue, I pinged the HMI... success! It's always the dang details!

The dot color refers to the VPN status. You don't actually have to connect to the VPN in order to load the HMI webpage, but that reminds of some other details I omitted other than having to push the config change. On the router firewall settings I think you have to have "LAN>WAN Allow access to Internet" enabled in order to view the HMI webserver without turning on the VPN first...I may be mistaken on this though. My routers are all set up to allow the HMI to send email alerts, so I have to turn that access on anyway.

The other thing I normally do is set up the gateway address of the HMI and the PLC(s) as the LAN IP address of the router. If you forget to do that...no worries, there is a button called "Source NAT" in the router that you can enable that will allow you to access them any way. I forgot to set up the gateway addresses in a Micrologix once, then they had a fault but I could not connect. I was delighted to find that I could turn on that setting, push the config, and then monitor the PLC via RSLogix without having to jump in the truck and drive for two hours. While I had the opportunity, I went ahead and set up the gateway address in that machine.

 

[AutomationTechBrian]

This opens up a whole new set of possibilities... I see I can download all the .csv files of the trend screens. That could come in handy! I just need to figure out how to easily view the raw data in a graphical format. I'm sure there's an easy way, I've just never tried.

I've never taken the time to try to configure either SMS or SMTP for messages. With the machine being started remotely, this might be the perfect time.

Thanks for taking the time to help, Okie and everyone! This is good stuff!

 

[OkiePC]

See here for email alerts:

http://www.plctalk.net/qanda/showthread.php?t=113460

IIRC, since I posted that example, Verizon and perhaps also Pioneer (Enid) Cellular has altered their sms gateway name...it's easy enough to fix that though. Just edit the format tab of the tag for the value related to that carrier.

A few years ago I looked for a good csv to graphical chart utility and found one or two that were "okay", but the really good ones were not free. I rarely have to plot or trend csv data outside of the HMI itself, so I didn't pick out a favorite tool for that yet.

 

[gbradley]

It sounds like you got this already working great.
You mentioned that the Work computer in the office was working fine, and he wanted to be able to access it from home.
I'm sure there are plenty of options, but Chrome Remote Desktop is quick and cheap.

 

[AutomationTechBrian]

That'll be another thing to check out.

One of my Tech/Sales contacts was promoting Tosibox instead of Stride. Not sure what to think at the moment. Stride doesn't charge monthly service fees for my type of usage, so it's easy to promote to my customers. But there is a dash of skepticism whether they will continue to do so in the future. Evidently E.W.O.N. didn't charge at first, either... or so he says. If they started charging, it would make Tosibox more appealing. I haven't looked into Tosibox beyond a quick search here to get the flavor. Maybe there's something about it that I don't appreciate yet.

 

[ojz0r]

I've been looking into using wireguard on a raspberry pi for remote VPN connection professionally, so far i've only played around with it privately.
The biggest problem is that you need a dedicated port redirected from the firewall to the wireguard server, which usually includes involving IT-department.
I read somewhere that you can use the DNS port (53), which is usually opened without interference, but i havent been able to test it yet.