Remote solutions play a central role in machine use or optimising processes, and rely on secure communication channels.
The world of automation would be inconceivable without remote access to machines. System operators expect mechanical engineers to service their machines remotely or connect to the machine via remote access in the event of a fault so as to provide immediate assistance. The times at which remote access was only used after malfunctions are long since past, as once remote access is set up securely and reliably, the communication channel offers diverse opportunities for new data-based services such as prognostic maintenance, optimisation of process sequences and cross-site collaboration between production centres. The added value created in this way compared to pure remote access is considerable and opens up new business fields for system operators and mechanical engineers in the context of IIoT/Industry 4.0.
From the communication expert’s view point, HMS Industrial Networks, IIoT/Industry 4.0 in automation is not merely about developing even more sophisticated devices and machines. What really counts is providing relevant information at the right time so as to be able to make effective decisions faster based on this information. For example, regarding machine use or optimising processes. “Remote solutions” play a central role in this scenario. HMS understands “remote solutions” as solutions and services associated with remote access, remote maintenance and data management. Although “remote solutions” is based on remote access, it extends far beyond this by providing a secure communication channel in order to collect, visualise or prepare data and make it available for superordinate industrial IT systems (e.g., MIS/ERP systems). Alarms can also be sent automatically via this communication channel for status update.
With the eWON product family, HMS offers a scalable complete solution for secure remote access and data services in industrial applications. The eWON solution is available platform-independently and worldwide supporting almost all the popular brands and protocols of FA products. In other words: the eWON solutions can integrate control systems of all familiar manufacturers in a platform-independent and globally accessible overall concept. For mechanical engineers, this has the advantage of providing a uniform system for remote access to their plant and machinery, irrespective of which control has been installed in the relevant machine and what country the machine is located in. The eWON solution comprises three components:
Component 1: The hardware
The eWON VPN router is installed in the machine on site and connected to the relevant control as a serial connection, via Ethernet, by WLAN or USB. The eWON routers “talk” the language of the relevant PLC/Controller at the one end and are integrated in the system via a secure VPN connection at the other end.
Depending on requirements, various VPN routers are used. The eWON Cosy is a VPN router for simple applications, with an emphasis on remote maintenance. The eWON Flexy is oriented to users with more demanding applications and enables individual adaptations for data processing, for instance filtering the data to be transferred, thereby enabling extensive data services.
Component 2: Talk2M Server
As a cloud-based server – also called “broker” – Talk2M Server is the integral part of the eWON solution, this guaranteeing an availability of 99.6%. The Talk2M server manages the VPN connections and enables connections to be established easily between the PC in the control room and the machine in the remote system. The Talk2M service is available globally and comprises a networked, distributed group of currently 26 high-availability servers, which manage the VPN connections and provide protection against unauthorised access. The networked server group allows Talk2M to support redundancy and load management as well as international, guaranteed availability. An authentication mechanism ensures that each eWON router communicates with the Talk2M server that has the same key. A similar mechanism guarantees that each user can only communicate with the specific eWON routers for which he has been assigned access rights by the administrator.
Component 3: The software
The eWON software eCatcher is the openVPN Talk2M client for remote access as well as for the administration of systems and users. The software is installed on a Windows PC. Versions for mobile devices such as tablets and smartphones are also in preparation. The eCatcher allows users to connect to the eWON VPN router in the remote system from their PC – via the portal Talk2M – in order to access their machines.
Security is the essential thing
The utmost attention has been paid to security for Talk2M. The eWON technology consistently utilises the Guidelines for Cyber Security in Industrial Applications, according to ISA62443 and NIST SP800 following the “defence in depth” principle for multiple lines of defence. Key security features of the eWON technology include:
- The entire data traffic is communicated in certificate-based and encrypted form via VPN connections corresponding to the openVPN standard proven and accepted in industry.
- Only outgoing connections are allowed. That means there is no need to make firewall ports accessible for incoming data in the Internet.
- No static IP addresses are used.
· Access is via a 2-stage authentication (optional) and a graded user administration.
Remote access as basic technology for new business models
Once secure access is established for maintenance and commissioning in a remote system, both the system operator as well as the machine manufacturer can realise further applications via the same connection (remote services), thereby creating real added value. Remote services form the basis for more Intelligent, Smart and flexible factories, while enabling new digital business models with a focus on life cycle and service optimisation. The value added potentials can be illustrated on the basis of a pyramid.
Connection and access
The focus here is on the physical connection via the Internet to the remote machine and its control on site. The remote access to the machines and field equipment is realised via this connection. Field service technicians can be assisted during commissioning via remote access. Fault localisation, troubleshooting or PLC programming are also typical tasks that can be solved via remote access. Prognostic maintenance begins on this level and flows seamlessly into the next stage “Monitoring”.
Machine and system data can be visualised online and error messages can be sent automatically via the monitoring and alarm system. Not only does this help during troubleshooting – the user also receives information on the machine status and most important parameters thanks to a summary of the machine data.
The fourth stage involves the collection of machine or system data. The key term “big data” is appropriate here. At this stage, HMS recommends the eWON router Flexy, which pre-processes data, thereby making it easier for the user to analyse the prepared data.
Ticket to the future
With the eWON system, HMS offers a complete solution for industrial remote access to machines and systems in the field. This provides the user with the requisite basic technology to implement new, innovative digital business models following the principles of Industry 4.0 and IIoT (Industrial Internet of Things). Meanwhile over 110,000 eWON routers are connected with Talk2M in 156 countries, having established over 8 million VPN connections. [Link to the live data, http://talk2m-live.ewon.biz/]
HMS Industrial Networks is one of the leading independent manufacturers of products for Industrial Communication, including Remote Management solution. HMS develops and manufactures solutions for connecting automation devices to industrial networks, marketing its products under the brand names Anybus, IXXAT and Ewon.
The author Santosh Tatte is Country Manager of HMS Industrial Networks, India Unit. He can be reached by mail: email@example.com
© 2017 IED All right reserved.