InTech

JAN-FEB 2019

Issue link: http://intechdigitalxp.isa.org/i/1079769

Contents of this Issue

Navigation

Page 19 of 55

20 INTECH JANUARY/FEBRUARY 2019 WWW.ISA.ORG FACTORY AUTOMATION HMI mobile apps enable remote users to connect using Wi-Fi, cellular, and Ethernet connections. These remote users can operate and monitor the local HMI system with limited access to functions and controls of the HMI application. Proper control, security, and safety procedures should be considered and implemented when using any remote access feature. Connecting an HMI on an enterprise network or the Internet exposes it to security risks. HMIs have many ways to control, limit, and log re mote users. As a minimum in an HMI application, a user must log in and enter a password to access an HMI remotely. Also, default IP addresses, user names, or passwords should never be used. For additional security, an encrypted VPN connection is recommended for re- mote connections. Using a VPN, which is discussed later, greatly reduces the chances of malicious behavior and unau- thorized connections. PLC remote control As with the HMIs discussed above, remote access to local PLCs is possible via PCs, smartphones, and tablets. This remote access can provide control functions as well as access to logged data, or direct access to a PLC's tag data. Note that much of the HMI monitoring is of data created, read, or collected by the PLC. It is the PLC that connects to most of the sensors, motors, valves, and other field devices to perform its control and monitoring functions. Therefore, access to a PLC often will provide connectivity to all the data required, with additional functionality in terms of control and access to PLC data not transmitted to the HMI. Like HMIs, many PLCs have remote access through features such as an embedded web server and push notifications. PLCs often have some data handling capabilities built in, including data logging, a key requirement considering today's quest for more data storage. Some controllers include built-in and removable storage for many gigabytes of data, and remote access to same. Connecting an OPC server running on a PC to a PLC's OPC client software provides a means of data interaction between the PC and standard databases found in mid- to enterprise-level platforms, such as material resource planning and enterprise resource planning systems. Remote access may include connectivity to this collected data to retrieve, update, add, and delete records in a standard database such as SQL Server, Microsoft Access, or ODBC. Much of this peer-to-peer or business system networking and eventual remote access is enabled by a controller's communication capabilities. Some best- in-class controllers include seven or more communication ports, including USB, serial, and Ethernet (figure 2). EtherNet/IP and Modbus TCP/IP protocols are usually used to create remote connections among the Internet, PLC, and smart devices. Email and web server functionality are standard features on many PLCs, allowing the controller to send an email with text or embedded data to email recipients via the PLC's Ethernet port. With built-in programming instructions, adding an IP address, email address, subject, message text or embedded data, and recipient email address is all it takes to send an email from the CPU module through an SMTP server. This gives technicians or operations simple monitoring of machine status or alarms. Web server functionality is also available on some controllers for remote monitoring purposes. With an Internet connection and a device capable of hosting a web browser, remote users can view system tags, error logs, and event history. They can also view any data logged to the controller's internal memory, thumb drive, or MicroSD card. This web server functionality can of- ten be accessed by a remote monitoring app running on a smartphone or a tab- let. Apps simplify remote Wi-Fi or cel- lular connections to smartphones and tablets from PLCs. Users can monitor the local PLC system via tags configured for remote access inside the tag database of the controller. Security log-on require- ments are provided to protect the data, but that is not enough in some critical applications, where a VPN connection is needed for a higher level of cybersecurity. VPNs and security layers Leveraging the IIoT requires a secure remote access solution to collect, store, and share data. Cybersecurity is more important than ever as threats continue to rise, and as more systems are monitored and supported remotely. For any automation system where an HMI or a PLC are connected to the Internet, a firewall should be used. A firewall is a common feature found in most routers, and it greatly reduces the Figure 2. Modern controllers, such as this AutomationDirect Productivity3000, have data handling capabilities, including built-in data logging, and communication features for remote monitoring via email, web browsers, and mobile apps.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - JAN-FEB 2019