We hardly ever use Siemens. Most of the time it’s AB (Allen Bradley Rockwell), if not, Omron or Beckhoff. I hardly see any Siemens PLCs out there (located within Ontario).
no.
does your client have an actual IT department?
who manages the process network?
No, you need some kind of device to serve up VPN. Here’s a bunch of VPN routers that should work, I’m sure there’s other options out there as well.
Use EWON’s really good, was recommended by someone on here.
Are you expected to VPN into the clients network and then go online with the processor? If so - you will need to have the programming software on your maching.
Are you VPNing into the network - and from there running VNC/Remote Desktop software to a programming terminal?
I’ll look into the security audits. We looked at secomea but it was expensive and we like the hardware key feature of the tosibox - nothing more secure than locking the key in a safe. We actually were the first US users and were responsible for pushing them to get it UL listed. If you don’t mind my asking…what state are you located in?
Ah, I’m from the UK where I see lots of Siemens and Mitsubishi! I don’t really use AB as I’ve always found it a pain to use (just like the Siemens but I have no choice…) I think AB had a Stratix as an equivalent of the Siemens teleservices. Lots of manufacturers make their own for their own PLC’s as they know what ports they need - I’d stick to the manufacturers for simplicity though.
I’m not sure what kind of IT they have at the plant. I’ve never met anyone there who’s job was specifically IT. They could possible hire it out. They have an network for internet/business side of things, but none of the machines are actually on a network. They are given IP addresses but just for local ethernet connections.
Thanks for the recommendations. Someone mentioned eWon, so I think I’ll check them out as well.
I have all the programming software on my laptop. We normally go onsite whenever we need to connect to a PLC, but we’d like to eliminate the travel. Right now, there are no expectation on how to do this. It definitely needs to be secure. From what I was told, we can use the VPN in our office to communicate with a plant’s network, but they would have to be preconfigured to allow for the connection. Any PLC’s that we want to connect to will have to be connected to the internet. If I’m following correctly, the goal is ultimately to be able to open up RSLinx and see a whole network or different PLCs and can just click on the one we want, and connect to it.
In Ontario actually. We just got a demo unit from secomea to test out!
Interesting! I will have to check that out, thanks!
Is the client requesting you do remote work via VPN - or this is something you want to propose to them?
The way we do this is using TeamViewer. From my experience, our customers did not like the fact that we could just connect remotely to their machines at any time, this is obviously a big security issue.
We would have a laptop with the programming software installed that was physically at the plant, then use teamview to connect to that laptop. We would have the customer connect the PLC and the laptop and we could work with them remotely.
If the customers actually do let you connect to those PLC’s via the internet, you still need some PC that is on the VPN network and connected to the PLC. Beckhoff for example, runs windows right on the PLC and could be configured to connect to the VPN when on the internet. With other PLC’s I’m less experienced.
There are again multiple ways - depending on how the clients IT department want to allow you access to the process network.
Depending on the IT infrastructure you may VPN into their Enterprise network - then jump through a firewall (using rules set up by their IT) that will allow your laptop to communicate with the process network.
If its a smaller outfit (just because IT may not be as strict) you can recommend they purchase an Ewon Cosy VPN device. You can then log into the Ewon securely and your laptop will appear to be on the process network, you would then be able to browse RSLinx, etc to find the PLC in question.
edit: Don’t mention putting the process network on the Internet - that is not what you are doing, and will freak IT and Management out. If you use VPN access from their IT - they are allowing you (and only you) onto their process network.
It’s something we’ve been asked about, not specifically asked for. But something we want to start proposing to customers, especially those not located close to us.
If the client allows you to connect to the process network via VPN - you do not need a PC connected to the PLC. The VPN connection will put you on the same network as the PLC - the connection is transparent to RSLinx on your laptop.
We use a remote log-in software right now, where we remotely gain control of the plant’s PC, or any PC that is registered with the LogMeIn software. Usually it’s to help out a coworker onsite who is having trouble with software. We hardly ever have the customer connect the PLC, as that usually requires going into the panel and having a basic understanding of RS, which most won’t.
We would like to eliminate anyone having to physically go up to the PLC and connect to it, so we would probably want the second option you mentioned, which is having the PLC’s connected to the internet. I realize that that could increase security risks, but I did read in the past that a VPN would eliminate most of those risks.
We are a Systems Integrator - we provide remote assistance services.
If the client has a capable IT managed network - we ask them to provide a VPN connection to the process network. There are many different ways they may provide this to you. (Depending on their infrastructure). But it is up to IT to give you the VPN software, and username/password - and set it up on their end.
If the client has an IT department that is hands off - we recommend the Ewon. And it is up to the client to connect the Ewon to the internet on one port, and the PLC/Process network on the other ports. If required - we will goto site and set it up for them. Or we add it on new panels and commission it as part of the overall startup.
Yeah, you’re right. That’s assuming that the VPN is the customers and he is connecting to the plant. I read it as he has a VPN for his office network, separate from the customer plant, and that the PLC’s would have to be pre-configured to connect to the office VPN.