There are several ways to perform IIoT remote monitoring of PLCs and HMIs, with VPN connections providing the highest level of security.
Bill Dehner, Technical Marketing Engineer at AutomationDirect, wrote an article for the Jan/Feb 2019 issue of InTech magazine titled IIoT Remote Monitoring. A summary is below, please click here for the full text.
Dehner says remote machine monitoring is becoming a common feature of automated equipment as part of industrial internet of things (IIoT) implementations. The software and hardware required to do this varies from vendor to vendor, but most use the same intranet- or internet-based technologies.
The use of these maturing technologies is making it easier and less expensive to implement remote monitoring connections to machines and processes. These remote monitoring connections are usually made to PLCs and HMIs via internal intranets or the internet, often via a virtual private network (VPN) router. On the other end of these connections are devices such as PCs, smartphones and tablets. Each of these devices includes built-in digital communications with Ethernet connectivity.
Many embedded and PC-based HMIs can provide remote access via PCs, smartphones and tablets. The low cost and small footprint of an embedded HMI provides a good example of common remote access connectivity via the HMI’s web server to remote devices. Because the HMI has web server functionality, web pages can be configured to reside in it, and these web pages can be accessed by any device capable of running a web browser.
HMI mobile apps enable remote users to connect using Wi-Fi, cellular and Ethernet connections. These remote users can operate and monitor the local HMI system with limited access to functions and controls of the HMI application.
TEmbedded HMIs provide much of the functionality of a PC-based HMI, including remote monitoring, and are designed for industrial use in harsh environments. Ethernet and wireless technologies—along with defense-in-depth, authentication and firewalls—are making remote monitoring of HMIs through smartphones and tablets part of an operator’s, manager’s or engineer’s daily routine.
This AutomationDirect C-more HMI touch panel provides remote access functionality, as well as local control and monitoring.
PLC Remote Control
Dehner says many, like HMIs, can provide remote access through features such as an embedded web server and push notifications.
Some best in class controllers include seven or more communication ports including USB, serial and Ethernet. EtherNet/IP and Modbus TCP/IP protocols are usually used to create remote connections among the internet, PLC and smart devices.
VPNs and Security Layers
Cybersecurity is more important than ever as threats continue to rise, and as more systems are monitored and supported remotely.
For any automation system where an HMI and/or a PLC are connected to the internet, a firewall should be used. A firewall is a common feature found in most routers, and it greatly reduces the risk of unauthorized access.
Modern controllers, such as this AutomationDirect Productivity3000, have data handling capabilities including built-in data logging, along with extensive communication features to enable remote monitoring via email, web browsers and mobile apps.
Another layer of security is a VPN (virtual private network) connection. The encryption used in a VPN ensures data cannot be intercepted and only authorized users can access the HMI, PLC or other networked devices. A VPN is part of a defense-in-depth strategy to greatly reduce the chances of malicious behavior and unauthorized connections to automation systems.
A hosted VPN solution starts with the connected devices, such as a PLC or HMI, connected to a VPN router at the plant. This router also connects to the company (business) network and, through a corporate firewall, to a VPN server in the cloud. VPN clients, such as smartphones or tablets, then connect to the VPN server to remotely access data).
Remote Monitoring in Action
In one application, personnel at a municipality needed to monitor multiple water/wastewater pump stations remotely. They used HMIs for local operation including troubleshooting and making changes to the pump control system and set points. Remote access to these HMIs was available via smartphones and tablets at any location with internet access.
A dedicated HMI can provide local control as well as remote access at a very reasonable cost.
A dedicated HMI can provide local control as well as remote access at a very reasonable cost.
Remote monitoring enabled quick notification and response to pump system problems, as well as to related process and equipment faults. The embedded HMI’s remote access functionality provided low-cost and simple monitoring via smartphones and tablets.
Dehner says PLCs and HMIs can save data locally and format it as required, while providing some degree of security when this data is accessed by remote devices such as PCs, smartphones and tablets.
PLCs often have some data handling capabilities built-in including data logging, a key requirement considering today’s quest for more data storage. Some controllers include built-in and removable storage for many gigabytes of data, and remote access to same.These types of IIoT-based solutions are common and work well in many instances, especially in applications where access is one way only, from the PLC or the HMI to the remote devices. For added security, often needed when control from remote devices to PLCs and HMIs is required, the use of firewalls and VPN access are a best practice.
To read more articles about the IIoT, click here.
Originally Published: February 2019