InTech

JAN-FEB 2018

Issue link: http://intechdigitalxp.isa.org/i/935787

Contents of this Issue

Navigation

Page 29 of 53

30 INTECH JANUARY/FEBRUARY 2018 WWW.ISA.ORG AUTOMATION IT vendor. Including these key features ad- dresses the issues, while excluding them may present problems. These key features include data logging, widgets for config- uring remote access screens, a Web-based platform for router configuration, and a digital input for enabling or disabling remote access. The traditional VPN solu- tion requires a third-party HMI, either PC based or embedded (figure 4), to provide data logging and widgets for configuring remote access screens. Data logging provides collection, stor- age, and display of data via a cloud-based platform. Users can store and access a nearly unlimited amount of data, while only paying for the capacity required. Us- ers can start with a small amount of stor- age, and scale up as needed. Cloud-based data logging typically requires an addi- tional license or subscription from the router vendor to collect and store the data in the cloud, and this cost must be con- sidered, particularly since the traditional VPN option does not have this expense. Some cloud-based data storage and monitoring solutions allow users to con - figure dashboards using widgets for re- mote access viewing on their PC or mo- bile device. Alerts and notifications can be configured to inform users when pa - rameters fall outside a predefined range. If this feature is not provided, designing remote access viewing screens can be cumbersome. A Web-based platform lets users quickly and easily configure the VPN router, often as simply as registering an account, con- figuring and down- loading router set- tings, and installing a secure client on a PC. The main ad- vantage of a Web- based platform over a PC-based configura- tion is that platform updates can be made without the user having to reinstall a new version. This is particularly useful when new features are added regularly. An important safety feature for the VPN router is a digital input for a switch to lo- cally enable or disable communications, preventing remote control of a machine during maintenance periods. If this op- tion is not provided, it should be added, which will add cost and design time. Option 2: Traditional VPN This option requires a local VPN router to connect through the Internet with a secure VPN tunnel to a second remote VPN router or software client (figure 5). Once connected, remote users can access automation components connected to the local router through the VPN tunnel. Unlike option 1, there is no cloud serv- er between the two devices with either method of connection: VPN router to VPN router, or VPN router to VPN software cli- ent. This option is preferred when large amounts of data need to be continuously exchanged between the local and remote sites, as to view local video remotely. This solution is widely used, and it was the only method of secure two-way access before the introduction of cloud- based remote access solutions. It can be complex and costly in terms of internal resources required for support, both at the local and the remote sites. Traditional VPN design considerations The main design consideration for this option is the capability and willing - ness of an IT team to support this solu- tion at both the local and remote sites for each installation. For example, an original equipment manufacturer (OEM) machine builder must consider every customer site, and make sure all of its cus- tomers are willing to provide IT support. If not, the OEM will have to customize its remote access solution for each customer. This solution is often more expensive up front than a hosted VPN because of in - creased hardware costs and the IT resourc- es required to configure the connection. Some companies have a dedicated IT staff to provide this support, but many smaller companies do not. Ongoing external costs are lower, because there are no monthly cloud service fees, but internal costs are higher due to the need for IT support. IT must open an inbound VPN port on the firewall. This provides full remote control and monitoring, as it effectively creates one network joining local and remote users, but also presents a secu- Figure 5. A traditional VPN solution using two routers is shown in this diagram. IT support is required both locally and at each remote site. Figure 4. Traditional VPN solutions often use a local HMI running on an embedded platform, like this C-more panel.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - JAN-FEB 2018