What are you looking for?
15-04-2020
8 min. read
Sjors de Kleijn

Frequently Asked Questions from our Remote Access Webinars

All questions and answers from our webinar-series How To Get Most Out of Remote Access

Our webinars on ‘How To Get Most Out of Remote Access’ caught a lot of interest. Due to the high turn-out and the number of questions, we were not able to discuss everything during the webinars. In this article, you’ll find all questions and answers grouped by category.

Jump to answers:
IXON Cloud & White labelling | Remote Access | Connectivity | Security | Data features | API | Other

If you were unable to join the webinar, please sign up for our on-demand webinars and watch the recorded videos (these are also available in German, Dutch, French, Italian and Polish).

 

IXON Cloud & White Labelling related questions

What does white labeling cost? Is it possible to order white label routers one at a time?

Below you’ll find the pricing model for white labelling. You can order an IXrouter one at a time. The front foils can be ordered per batch of 250 pieces. A full list of included features and add-ons can be found on the pricing page.

White labelling - Premium company account branding
(custom URL, branded emails, custom support information)

One time purchase

White labelling - Mobile application

One time purchase + yearly subscription for maintenance costs

White labelling - IXrouter with branded front foil

One time purchase per 250 pieces

 

Does the custom URL for white labelling link to your servers? Or does it need to be hosted internally?

You can redirect the custom URL to IXON's servers with a DNS (CNAME) modification. We take care of hosting the platform.

How long is your cloud free to use? What are the paid services?

The IXON cloud portal is always free to use. We deliberately choose not to work with a license model per user. So you can invite an unlimited number of users. Click here for an overview of all included features and add-ons (paid services).

Which cloud environment is used? Do you use your own managed servers or do you use a service like AWS or Azure?

Our cloud environment is completely managed by IXON. We use different hosting providers in different geographical areas, mainly Digital Ocean, Vultr and Upcloud.

What’s the best way to handle sub-companies?

Situation: I want to create a company install for one of our clients. I want to deploy multiple routers for different projects (different end users of our client). Our client is responsible for their end-users. So our client should also be able to add their customers to the routers. However, it should not be possible for our client to adapt the routers. In this way, we always remain in control of the routers configuration and our client can add their end customers independently. Is this possible?

Under each company, you can add one or more sub-companies. As a user of the main company, you always have access to the various sub-companies. For each client, you can create a sub-company with a number of routers. In addition, you can define different projects within a company based on categories.

How to manage user access to devices in the network?

By default, no access is allowed for traffic originating on the IXrouter’s LAN side to the corporate network. However, it is possible to enable this. This may be useful when a PLC in the LAN of the IXrouter needs to be able to communicate with another device in the company network.

Is support provided in languages other than English, p.e. German?

Currently, support is offered in English and Dutch. In the near future, this will be extended with German.

Is the purchase order customizable for each customer?

We can add a purchase number for reference. 

Can we use device templates? How does it work?

Yes, you can. After configuring a device with the correct settings, you can save the device as a template. Click on the “Edit” button at the top right and select “Save as template”. Open the new device and choose “Load from template”. It’s as simple as that.

 

Remote Access related questions

I wanted to know more about remote access to the HMI panel. How is this implemented? Is a sm@rt server license required on the panel in the case of Siemens panels?

For Siemens, yes a SmartServer license is required. This usually comes as standard in Comfort and above ranges, but may be an add-on for Basic range. For this to work with IXON Cloud, a VNC server has to be running on the HMI panel. Most HMI brands have embedded VNC server software installed on their panels. If not, you have to install free VNC server software such as RealVNC or TightVNC onto the HMI panel.

Can I move to other HMI pages from remote than those displayed by the machine operator?

Any HMI, VNC server or HTTP service can be linked to the IXON Cloud as long as they are connected to the IXrouter or IXagent. Any user with the right user permissions can set this up and make it accessible to other users that have permission to see a specific (type of) service.

Is it possible to make a remote access connection to a PC?

Yes, there are several ways to connect to a PC for remote access. The most common one is to install a VNC server (like TightVNC) on the PC, connect the PC to the IXrouter and connect to it via the VNC service of IXON.

Is there a solution to take over two screens next to each other, or zoom in on one of both screens?

Unfortunately, it is not possible to indicate whether you want to display one screen, the other screen, or both. A generic VNC connection will be set up and you will see what will be returned by the VNC server. We have noted this as a feature request, because it does indeed include options for expanding our service. 

As an alternative or temporary solution, it might be good to know that in many VNC servers it is possible to set which screen you want to see remotely. So you can limit it to 1 screen.

  • TightVNC: right mouse click on the VNC server> configuration> video> screen areas
  • UltraVNC: DO NOT right-click the VNC server, but search for "UltraVNC server settings"> screen capture> advanced> show primary / secondary display
  • Other VNC servers have similar settings.

On my mobile I downloaded the IXON app and I can see the portal with all devices. Unfortunately I can't establish a VPN connection even though I can see the devices online? How can I solve this?

As the name "Mobile VPN" implies, you can set up a secure VPN connection from your mobile phone to the IXrouter. Once connected, you can freely switch to any other app on your smartphone without losing your VPN connection. If you cannot see the VPN connect button, you might have no access to it.

Would it be possible to add the control panel of an ABB robot?

If the control panel of ABB supports VNC or has a web server running, it can be accessed via our platform.

Does the HTTP service also work for Priva Building Management Systems (BMS)?

You can add TC Webvision via HTTP so that you can connect directly to TC Webvision via e-app or browser. Or, for example, access an SX100 via VNC.

 

Connectivity related questions

Is it possible to connect USB devices to the IXrouter?

The USB port in the IXrouter is for setup purposes only. It cannot be used to connect other peripheral devices.

Does the IXrouter work in China and Russia? Do I need a special type of router for this to work? You used to have a special US variant, now you don't?

In this article you can read where IXON is used worldwide by our customers. This includes China and Russia. In the past, we had 3 variants for the 4G routers, but these have been merged into the 4G-global model. View all IXrouter models here.

Is it possible to download from and upload to a Siemens PLC or HMI in China when I’m not located in China? Or has the Chinese government blocked access?

Yes, it’s possible to deploy software from outside of China by using our special Stealth mode. This mode masks VPN traffic as normal internet traffic. This way you can modify the software of your Siemens hardware in China without any problems.

We intend to swap the current SIM cards in the router and switch to M2M sim cards with fixed IP addresses. How can we change the SIM configuration? 

This can be done in 2 ways:

  1. Create a configuration file for the new SIM card in your service portal. Then locally first remove the power from the IXrouter, replace the SIM card, turn the IXrouter back on with the USB stick inserted. The new configuration file will now be copied and installed onto the IXrouter and the IXrouter is online again.
  2. In your service portal at the relevant IXrouter under the heading configuration, you can adjust the WAN settings. Here you can enter the new data of the SIM card. Then when you push the new configuration to the IXrouter, your IXrouter will go offline, because the new settings do not match the settings on the IXrouter. If you first take the power from the IXrouter on location, then insert the new SIM card and then put power back on the IXrouter, it will come back online.

After I installed new firmware on the WAGO PLC, I lost the IXagent module. How do I prevent this?

If you're updating an installation that is already registered on the IXON Cloud, you'll have to back up the IXagent configuration file, which can be found at: /etc/ixon/ixagent.conf

Put this file back after you've finished the installation. You can then skip the "register and activate"-parts of this article, as your IXagent is still registered and activated. More details about the WAGO IXagent can be found at our support website: https://support.ixon.cloud/hc/en-us/articles/360000929611-WAGO-IXagent

Many customers are reluctant to have a dial-up connection via VPN through their system. Do you have more information here about how you are secured to reassure these customers? Or do you recommend the SIM card module?

All our security measures are documented in our Security Whitepaper. For a specific question please contact our support team and they will be more than happy to assist you. To avoid using the company's internet connection, you can use the 4G model with a SIM card. For questions about SIM cards or providers, please contact our support team.

Are B&R or Rockwell PLCs also accessible?

Yes they are, both B&R and Rockwell are supported. As long as the PLC controller has an Ethernet port it can be used for PLC remote access.

At another solution it is possible to run your own software on the device? Is this possible with IXON?

For some brands, like WAGO, Procentec and Phoenix Contact we have an IXagent module. This firmware can be installed directly on the controller (view all IXagents here). You can’t install or run your own software on our IXrouter device for fog or edge computing purposes. Some customers build their own configuration using our IXagent and a custom piece of software on a mini PC.

Can GSM be used as a fall-back connection when Ethernet or WiFi fails??

Yes, simply configure your preferred connection method (wired, 4G/LTE or Wi-Fi), the first fallback option and the second fallback option. When the preferred connection option is lost, the IXrouter will automatically try to connect via one of the fallback connections. 

Is it possible to set up a network between different routers over VPN? For example, machine A in plant A connects via VPN to machine B in plant B?

Yes you can via our M2M Cloud Cluster solution. 

Is there a starter kit to test the product?

Yes, you can request a free starter kit with our most advanced IXrouter.

Can you also connect serial devices or just Ethernet? Is there a maximum of machines you can connect to each IXrouter?

Only ethernet devices can be connected to the IXrouter directly. The IXrouter has 4 Ethernet ports, but you can also attach a switch to extend the number of devices up to 255. The IXON Cloud account has no limitations regarding the number of devices.

Is it possible to connect more than one controller to an IXrouter?

Yes, see answer above.

If the technician is logged on for maintenance and someone else logs on, who has priority?

You can connect with more than one person simultaneously. There is no priority, both get access.

 

Security-related questions

What about a firewall the end customer can administer?

The IXrouter has a built-in firewall with settings for the company and the Internet. To prevent misconfiguration and exposing machines to the internet, it’s not possible to configure firewall settings manually. Our firewall separates the machine network from the company network, so by default it’s not possible to connect to other devices on the company’s network from within the machines’ LAN.

Is it possible to switch the firewall with a key switch so that there is no possibility to access the customer's network when accessing the machine remotely?

The customer's network is not accessible from VPN. Read all about it in our security whitepaper. If your end-customer wants full control when VPN access is used, they can manually turn off VPN access with a local switch via the IXrouter’s digital input.

Which ports are open from LAN to WAN by default when you have access to the internet and corporate network?

By default all traffic from LAN to WAN is disabled. It is possible to open the connection to the corporate network and access to the internet separately.

Is it possible to spread a virus if a VPN connection is active?

Case in point: The moment you're connected to a customer machine via IXON, it's basically some kind of local network, right? Suppose the customer has a computer in that network that has a virus and spreads it over the network, then in theory we are also vulnerable, right? And we could pass the virus on to other customers as well. 

Yes, like any other network connection, a VPN does not protect against malware infections. It is therefore good security practice to install a virus scanner on all computers connected to a computer network. The risk of infection is then very small. 

Typical malware such as computer worms normally target a very specific operating system, e.g. (embedded) Windows or Linux. If you supply machines to critical industrial sectors that are susceptible to attacks by state actors, it is obviously wise to take additional security measures.

Is it possible to access the IXON portal with two-factor authentication? If yes, how?

Yes, you can. Any user can activate two-factor authentication via authenticator tools like Authy, Google or Lastpass authenticators. Go to your personal profile settings. Click on the edit button at the “Login and security” settings and choose “Two-factor authentication”. Now follow the steps to activate it.

How can we convince IT departments of our end-customer that they should allow an IXrouter in their network? The rules and security regulations of the end-customer are getting tighter as time goes on.

We understand the situation of IT departments and would like to stress the importance of very tight security policy’s in corporate network settings. At IXON we have created several security documents that can tell you more about the security of our products and solutions. In these documents, we explain what the implications are of having an IXrouter in the corporate network, how to give access to the Internet, and what best practices there are in terms of configuring the firewall.

Finally, we also provide IT departments the option to disable the VPN connection locally via the digital input on the IXrouter. Hence, the end-user is able to determine when the IXrouter is accessible remotely.

Read more:
5 arguments that will get IT to approve of the cloud
Security blogs

What about certifications? Do you support EN 62443-3 and CSA (Canada) certification or do you have any ship/boat certifications?

Currently, we have these certifications for the IXrouter. 

We also have an extensive ISO 27001 certified Information Security Management System and the associated best practices guarantee that we always give information security the focus it deserves.

 

Data features related questions

Do end customers have access to dashboards as well? In the future, can you give users access to only a specific dashboard or a selection of dashboards?

Yes, you can grant your customers access to their machine. Just invite them to the device. We are currently extending our permission system to enable this. In the upcoming months, specific user roles can be granted to access specific dashboards.

Is Ethernet-IP supported for data logging?

Yes, it is. At the moment we support Ethernet-IP, OPC-UA, Modbus TCP, Siemens S7 and BACnet for data logging.

Is it possible to get an off-line notification in the default configuration without having to buy a Cloud Notify license? So we can respond to our customers that their machine is not available.

Not, that’s not possible. For alarms and notifications, a Cloud Notify licence is required. This is just a one-time purchase per device. Once activated you can set up and receive alarms when the machine is offline.

Can I see a demo of your reporting tool somewhere?

Yes, sign up for our Free Product Tour and get access to our demo company to browse some example dashboards. Or get in touch for a personalized demo. Note that it’s also possible to support more advanced dashboards by using our API. This one you can use powerful business intelligence tools like Tableau, Power BI or Qlikview.

What are the minimum sample times you apply in your cloud, and how do you ensure time synchronization of the various data variables?

The smallest data logging package is 1000 data points per hour. We distinguish our licenses by the amount of data points / hour that you’re allowed to log, but what actually is the "data points / hour"? Here's an easy example: if you’re logging 1 variable every minute, you're using a total of 1 x 60 = 60 data points per hour.

The time is synchronized via the internal Network Time Protocol server in the IXrouter. This ensures that the Cloud Logging data has correct timestamps even when the IXrouter is offline. We ensure a sample rate of <5ms via IXON Data Push protocol.

IXON can communicate with Siemens S7. Which specific protocol is being used, Profinet?

You can not only connect your Siemens PLC to IXON Cloud for remote access, you can also retrieve data from Siemens PLC's in IXON Cloud by using the Siemens specific protocol.

Is data collected by the machines saved in the cloud? Are there memory or storage limits? 

Yes, when using data logging your data is securely saved on our database servers (in the cloud). There are no memory or storage limits for storing the data. 

Who is the owner of the data in IXON Cloud?

You are (or your customer).

On which cloud solution is the platform based?

In general, our cloud environment is managed by IXON. We use different hosting providers in different geographical areas, mainly; Digital Ocean, Vultr and Upcloud.

Can I retrieve data from my cloud in your reporting tool?

Yes, you can export data dashboards to CSV files. Another way is to pull all data via our API and use it in other applications or BI-tools like Tableau or Power BI to create reports.

 

API & integrations questions

Concerning the API, which protocols are supported?

IXON Cloud consists of a REST API and Webhooks. These modern technologies ensure a hasslefree and futureproof integration with your apps. Consult our Developer portal for all details.

Can the API only be used in conjunction with the Cloud Logging service?

No, it can be used for all features of the IXON platform, like VPN and users. Consult our Developer portal for all details.

 

Do you have other questions?

Try these articles to find you answer:

We are happy to help if you have other questions about our products. Please contact us and help is on the way!

[[Contact us]]