Integrator Update: Remote access programming

Internet promises of better remote access, monitoring, and tweaking of automation systems have been slowed by malware and other security issues; options are available for secure remote access programming.


Talk2M is a smart, Web-based remote access method from eWon. Talk2M provides one-click Internet VPN access to remote machines and sites worldwide. Courtesy: River Heights ConsultingThe concept of remotely accessing, monitoring, and tweaking automation systems has been around since the late 1980s, and the Internet seemed to be the “Promised Land,” just around the corner. Just about the time we were ready to perform a happy dance atop the Internet bandwagon, malware and security issues reared their ugly heads and ruined the party.

In the beginning

The year 1988 was about the time the major PLC manufacturers first made noise about remote access. It was a good idea, but back then, the only option available was a dial-up modem. This required a lot of tinkering and faced three obstacles.

First, the connections were slow—really slow, and even after 20 years of progress they didn’t get better. According to Leslie Adams of Chicago’s MAAC Machinery (in 2012), “I remember the frustration associated with trying to monitor machines when it took a long time for information to make its way back via the modem connection. In one instance, we were working with a machine in Australia and the delay ran up to 15 seconds.” With speeds like that, any thoughts of actively making changes on the fly are pretty much shot.

The coups de grace was when the search began for a telephone line on the plant floor. There are issues with getting an analog line down to a machine. When dozens of machines were scattered throughout a manufacturing facility, it was nearly impossible. Even today, phone lines can be iffy. James Alongi, MAAC’s president, noted, “Those of us in the U.S. and Canada take solid phone infrastructure for granted. This is not true in other parts of the globe.” Developing countries in Asia, Latin America, and even some first-world nations regularly suffer from spotty phone service.

So modems were applied on some mission-critical systems, ones that could shut down a whole plant. Things like the main ammonia chiller inside a food processing plant might justify having a line, but the rest of the applications went begging, and engineers continued to go on expensive unplanned trips.

Let there be Internet

The late 1990s brought an Internet explosion followed by a logarithmic proliferation of Ethernet devices. In a couple of years, it was Ethernet everything. And in 2001 when companies like Rockwell Automation began introducing Ethernet-enabled programmable controllers (and then drives, operator interface devices, and other components), it looked like remote connectivity problems were over.

Using plant wide networks hooked to the Internet, it became possible to sit in a comfortable office and fine-tune processors wherever they may be. Expensive and physically exhausting last-minute trips to customer sites would be a thing of the past.

Paradise lost, devils in malware

In the early days of the Internet, most of us had no way to imagine the evils of spyware, malware, and code capable of bringing whole companies to their knees. As businesses became networked, one bit of this nasty stuff could shut down million-dollar operations. A hell-bent hacker worming into a plant-wide network could conceivably access sensitive information, such as private human-resource information, trade secrets, and more. Proprietary processes, formulas for new products, and sensitive e-mail correspondence are choice targets. U.S. IT departments switched from utility providers to private detectives. We’re still basking in the red light warning of a new heightened state of security. Security can create a barrier for those who had hoped to use the Internet to monitor machinery.

An eWON industrial VPN router combines a modem, an IP router, drivers for serial and Ethernet PLC protocols, and a processor for autonomous management of communication tasks. It offers additional services for PLC parameters. Courtesy: River Heights ConsuCurrently, the virtual private network (VPN) is the most common method for allowing employees remote access to a company or plant network. If you can access company e-mail or other files (that aren’t cloud-based) from home or a motel room, it is likely via a VPN. When you joined your organization, someone from the IT department created an encrypted certificate for you that provides secure network access.

VPN is defined as a network that uses public infrastructure (like the Internet) to provide remote offices or individual users with secure access to a private company network. It aims to avoid an expensive array of private or leased lines that can only be used by one company at a time. VPNs encapsulate data transfers between two or more networked devices that are not on the same private network. This keeps the transferred date secure from devices on one or more intervening local or wide area networks.

VPN also is used for remote access to factory machines to allow the machine builder to work remotely. There are four main problems:

  • A PC must be installed near the machine with the necessary software to connect to a remote desktop.
  • The machine builder must be given a username and password to reach the PC.
  • Depending on architecture, this “outsider” also may have the ability to access the rest of the factory network, which makes most companies very nervous.
  • There is a lack of traceability. Without appropriate software, it is impossible to verify who has been on the system and when and where they made changes. 

Simply stated, access through the network and VPN is (or should be) highly guarded. Once a user is on the VPN, he may have access to the whole network. And that’s the problem. Corporate IT groups spend enormous resources setting up new users and regulating access to the VPN. Nearly every company has a procedure that automatically informs the IT group if someone quits or is terminated, and they close off network access immediately.

In most company environments the VPN will be open to automation providers for only a couple of days before or after they work. While this minimizes risk to the customer’s network, it eliminates chances of taking a proactive look at the customer’s system. Worse for the engineer involved, once on the customer’s network, the engineer must remember a long string of IP address numbers to find the right PLC. The 30-plus-year war of wills between control engineers and corporate IT departments can add difficulties.

See the future from here

Promising technologies are pushing into the remote access arena. Many come on the verge of Stuxnet and an inherent escalation of the computer-securities war. One such new technology comes from Belgium-based eWon (a systems integration company turned manufacturer). It uses unique hardware, cloud computing, and VPN router technologies (LAN, PSTN, GPRS, 2G, 3G) in an industrial case. The product establishes a secure Internet connection between the user and the machine with minimal effort using the factory LAN. The eWon Talk2M (talk to machine) is a smart Web-based remote access method integrating IT security standards by enabling Internet tunneling between the user and the remote machine without requiring changes to IT network security settings at either end. This allows easy deployment while hiding the complexity of the IT network infrastructure. Since cloud connections are outbound, firewalls remain intact to protect the network against malware and viruses, like Stuxnet.

A California-based systems integrator specializing in water treatment systems is among early adopters of the eWon technology. Darian Slywka of American Water Technology said, “VPN network connections used to be a major hassle. As you might imagine, there are significant issues with security relating to utility infrastructure. Opening ports in a firewall creates concerns for both the customer and our own systems.”

American Water Technology uses eWon Talk2M and related services to assign engineers and programmers based on workload, project dynamics, and business requirements. They monitor equipment access and log the time they spend working remotely. They can monitor, debug, and later troubleshoot literally any device with an Ethernet connection; things like PLCs, drives, instrumentation, and other devices can be connected as easily as if they were within arm’s reach.

The eWon device automatically grabs an IP address, so there are no issues with assigning one, saving time and effort. Talk2M Pro service manages control access between users and the machine. Plus, the software only allows communication with eWon devices, resolving security issues.

Economic impact

Remote connectivity is a good economic decision. With last-minute airfare and a hotel room pushing the thousand-dollar mark, travel costs justify a remote access strategy. When the lost productivity from being out of the office is factored in, costs skyrocket.

According to MAAC Machinery’s Leslie Adams, eWon use eliminates “50%-70% of our support cost, in addition to significantly reducing hours of machine downtime normally associated with waiting for a service technician. Travel time wasted on field trips equates to a lot of money. Sitting in airports and driving out to customer installations means a whole lot of unproductive time—time we prefer our programmers spend working on new machines or fine-tuning existing systems. When these guys are gone, they simply aren’t working on the important stuff.”

Other companies share similar justification. Joe Reilly, VP of technology at Comtec Industries, a manufacturer working with commercial bakeries, said, “In the baking business, downtime is expensive. With the Model 2900 operating at 3,600 crusts per hour, downtime could easily reach upwards of $7,000 per hour in lost revenue. With numbers like this, it’s safe to say we will save hundreds of thousands of dollars in lost production over the life of these machines. And, the money we save our customers when we eliminate a field trip is just icing on the cake (no pun intended). When we drop everything and rush out to a field emergency, our costs skyrocket.”

Frank Hurtte is founding partner of River Heights Consulting. Courtesy: River Heights Consulting

At last, engineering elegance meets economic impact with practical remote access of automation equipment. We’re at the gates of Nirvana.

- Frank Hurtte is founding partner of River Heights Consulting. Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering and Plant Engineering,

Go Online for the Safety and Security channel 

Key concepts

  • Remote access to machinery decreases downtime
  • External access needs to be secure
  • Tools can reduce remote access risk

Consider this

One downtime incident or security breach could justify enabling remote access connections to critical plant assets.

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Your leaks start here: Take a disciplined approach with your hydraulic system; U.S. presence at Hannover Messe a rousing success
Hannover Messe 2016: Taking hold of the future - Partner Country status spotlights U.S. manufacturing; Honoring manufacturing excellence: The 2015 Product of the Year Winners
Inside IIoT: How technology, strategy can improve your operation; Dry media or web scrubber?; Six steps to design a PM program
Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial
Digital oilfields: Integrated HMI/SCADA systems enable smarter data acquisition; Real-world impact of simulation; Electric actuator technology prospers in production fields
Special report: U.S. natural gas; LNG transport technologies evolve to meet market demand; Understanding new methane regulations; Predictive maintenance for gas pipeline compressors
Warehouse winter comfort: The HTHV solution; Cooling with natural gas; Plastics industry booming
Managing automation upgrades, retrofits; Making technical, business sense; Ensuring network cyber security
Designing generator systems; Using online commissioning tools; Selective coordination best practices

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
This article collection contains several articles on the vital role that compressed air plays in manufacturing plants.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.
This article collection contains several articles on strategic maintenance and understanding all the parts of your plant.
click me