How to set up IXON Cloud Cluster for M2M communication
The most secure and easy M2M implementation
Industrial Remote Access (VPN) to machines has opened up new ways of thinking about machines and machine interaction and control. With today's MES and SCADA systems, you have the ability to access and control multiple machines at once, which eventually enables remote interaction between machines, using the output from one machine as input for another.
The basics of M2M communication
In a world that’s heading towards Industry 4.0, machine-to-machine (M2M) communication is an essential technology. M2M is commonly used to describe any technology that allows connected devices to exchange information and perform actions without human interaction.
When implemented properly, it enables autonomous remote management of equipment and machines. As you can imagine this is beneficial for many industries, ranging from utilities, logistics and healthcare and automotive. Each of these industries can use M2M communication for specific applications to create added value for their customers.
M2M in building automation: a practical example
Imagine for example a real estate company that could use their building management system (BMS) to have buildings autonomously sense, communicate, analyze, and act or react to people or other machines in a nonintrusive manner. If CO2-sensors detect more people in a room, the building automation system could turn ventilation in certain rooms up and heating down. It could even unlock more toilet rooms, which are normally closed to save on cleaning costs.
Getting started with M2M
To understand how IXON M2M Cloud Cluster works, we need to explain a bit about how remote access works. In the early days, remote access to a machine was facilitated via so-called “out-of-band” management.
A terminal console was connected to a machine over an analog landline telephone and a modem, and you had to dial in to set up a connection (remember the sound?). In some countries and industries, modem access is still popular, although the landlines have been swapped for high-speed cellular networks and wireless modems.
The main advantage of this method from a machine manufacturers point of view is the ability to bypass a customer network, evading security discussions with IT-departments. A big disadvantage though is that, to set up the connection, you need to have an expensive “Fixed IP SIM card” installed in the wireless modem. Unlike an ordinary SIM card that you put in a mobile phone, a so-called Fixed IP SIM Card is provisioned with a ‘static’ IP address by the mobile provider. Hence the name ‘Fixed IP’ SIM card. But Fixed IP SIM cards cost extra, take quite some time to configure and usage fees can quickly add up in a few years time. This makes it rather unattractive from a machine builder’s perspective.
Secure VPN connection over existing network infrastructure
Why even still use SIM cards when almost every customer site has a speedy local area network (LAN) with fast broadband internet access? Just connect every machine to an IXrouter, that’s properly configured to secure your machine and encrypt all internet communication. As soon as the IXrouter is started, it sets up an outgoing VPN connection to IXON Cloud, our cloud infrastructure. The communication between the IXrouter and IXON Cloud is now fully secured, so you don’t have to worry about eavesdropping.
> Check out how to set up a secure VPN connection to your machine
> Read our Security Whitepaper to learn more more about the IXON Cloud infrastructure
> Learn how security officer Dylan Eikelenboom, protects and secures our cloud platform
To set up a connection with your machine, you just need a browser or our mobile app. Now log into IXON Cloud and head to the machine you want to connect to – or use the app on your mobile device. The unique combination of username and password and 2-factor authentication establishes your identity and associates you with your machine(s). Once you click the VPN button, a connection is set up from your browser to the cloud - connecting you securely with the desired machine. It works seamlessly and doesn’t require installing any additional software.
Once the VPN connection with IXON Cloud is established, two ‘tunnels’ are used – one between your browser and IXON Cloud and another one between IXON Cloud and the IXrouter. Each tunnel is automatically assigned a unique VPN address. Using some IXON magic, we make sure the two can talk to each other. This way we establish a site-to-site VPN using the IXON Cloud infrastructure.
How to set up IXON Cloud Cluster for M2M communication
But what if your situation is more complex and you’ll have to manage lots of assets on one or multiple sites that you want to access and control in a simple way? Although this situation is more complex, with IXON’s M2M Cloud Cluster it’s very easy to set up and hardly requires extra maintenance or IT skills. After all, we already did all the hard work, so you and your team can focus on your business operations.
With IXON Cloud Cluster you have your own VPN infrastructure in the IXON Cloud. This way you can securely communicate with multiple installations at once across the internet. This enables automated data exchange and communication between your SCADA or MES system and industrial machines. It’s a complete network infrastructure with all your sites, routers, and automation and control systems in one private cloud environment.
Setting up an IXON Cloud Cluster is not hard. First of all, connect all your machines to IXON Cloud like you would without using Cloud Cluster. Once set up and working, IXON Support will now provide you with the client certificate you need to install in the OpenVPN client software on your SCADA or MES computer. After you’ve started the OpenVPN client on that computer, you can now transparently access your machines via IXON’s Cloud infrastructure.
Permanent VPN Network
Now you can autonomously send, receive and process data of multiple machines at once. The IXrouter will simply fetch the machine data and feed it to the SCADA via the IXON Cloud infrastructure. If you need help, IXON Support will guide you through the process and help you out.
All IXON features, like remote access, data visualization and notifications, are still available. But if you’d like, you can also use your own, because all required data can be managed on premise or by another service – you own the data!
Benefits and features of IXON M2M Cloud Cluster
- Permanent VPN connection for data exchange
- Easy to set up and maintain
- Remote access via VPN to your machines and controllers
- Control multiple machines in one intuitive interface
- BACnet, ModBus and Ethernet/IP protocols supported
- Advanced user and device management
- Alerts & notifications via email and push messages
- Flexible and scalable – add up to 4000 IXrouters as you grow
- 24/7 secured and monitored
- Plus: all common features of IXON Cloud, like a full audit trail and continuous updates and feature releases, etc.
Would you like more information or a quotation?
Case study: IXON Cloud Cluster in Building Automation
They benefit from remote working, user management to provide multiple engineers access at the same time and the M2M Cloud Cluster for a secure VPN infrastructure to control their buildings remotely from one central location.