How to set up secure remote access for industrial machines
What is industrial remote access?
With remote access to connected industrial machines you can remotely troubleshoot and program programmable logic controllers (PLCs), view and control Human Machine Interfaces (HMIs), connect to an IP camera for assistance or support field technicians with specific problems. About 90 percent of operating problems faced by industrial machine builders, original equipment manufacturers (OEMs) and manufacturing companies can be solved by industrial remote access to a machine’s control system. This is beneficial to both machine manufacturers and manufacturing companies.
For machine manufacturers, troubleshooting machines remotely without going on site drastically reduces support costs and travel time. The recovered time can now be spent dealing with other support questions. For manufacturing companies it means their machine problems are solved more quickly, which improves their overall equipment effectiveness. In this article we show you how to set up machine remote access and give you a bit more background. You’ll learn what security issues we’ve solved for you, how we did it and how easy it is to use IXON Cloud for remote access.
Learn more about remote access:
→ ROI calculator: See how much you can save with industrial remote access
→ Guide: How to get started with remote access using IXON
→ Case study: How BMO Automation solves 90% of machine issues remotely
Set up secure remote access (VPN) to industrial equipment
The IXrouter, our industrial VPN router, is designed to offer you easy machine remote access across the internet to PLC's and installations on customer sites or in the field. It’s fully integrated with the IXON Cloud and automatically connects to the IXON Cloud platform. Your connected machines are remotely accessible in just minutes with our Quick Start Guide. Check out the 3 Step Setup video or below a short demo video.
Video: how to set up machine remote access with the IXrouter and IXON Cloud platform - Installation in 3 minutes
That’s it! Now you can access your connected machine from anywhere on any device. Establish a secure tunnel via VPN to your machine's PLC to do programming or maintenance from remote. Use your standard PLC software, TIA portal for example, as if you were on site.
Although we’ve focussed on remote access and VPN, IXON Cloud also provides you with easy and secure access to a VNC or HTTP server that runs on your PLC, HMI or other hardware, without requiring a VPN connection. With your IXON account you can quickly access the VNC or HTTP server on any mobile and desktop device with an internet connection over HTTPS.
How does machine remote access over VPN work exactly?
A prerequisite for remote access is that machines can be accessed from the internet in a secure way. After all, nobody wants to undermine the security or daily operations of the parties involved.
IT departments are loath to grant blanket network access to third parties. To qualify as a solution, it’s therefore imperative that the security of an IoT solution meets their expectations. IXON deflects security concerns by using three key technologies: firewalling, VPN and cloud computing.
Different models of the industrial remote access router (IXrouter) allow you to choose the most appropriate connection type, ethernet, wifi and/or cellular. This way customers have great flexibility to pick the most appropriate technology to allow secure remote connection within their operation. As high-speed local area network (LAN) with fast broadband internet connections are omnipresent, ethernet or wifi usually are the first to be considered. If this is not possible due to local conditions, a 4G/LTE cellular connection can be used.
Remote Access with the IXrouter
Our IXrouter, a combined industrial VPN router and edge gateway, is designed to offer easy remote access to machines and installations from anywhere. Works with most PLCs and industrial robots on the market. Main benefits:
- One single device for secure remote access, data logging and alarms. No swapping hardware when your needs change and easy installation.
- Get instant remote access to PLC, HMI and robots to reduce support and maintenance costs. Troubleshoot, configure and access machines from remote using your regular configuration tools.
- Gather machine data (variable data, KPI's, setpoint, production rates, etc.). Easy configurable through a web-interface and no need for coding.
- White labelling options to brand your company account with logos, colors & URL and customize our hardware with labels of your brand.
- Included: remote service webportal to manage all your machines and users. Share access and insights with partners and customers.
Defending your network with a robust firewall
As the IXrouter is connected to machine PLC’s, we have to make sure it’s secure from the start. After all, machine PLC controllers were never designed for security. Their operating systems are not updated and do not contain the latest security mechanisms. It’s imperative that machine controllers are never connected to the company network while linked to other devices.
The IXrouter isolates these out-of-the-box with its built-in firewall. By default, the machine network and corporate networks are completely isolated by our remote access gateway. Only if you explicitly changed it during initial configuration, traffic can be forwarded. This way the IXrouter completely secures machines against unwanted access from actors outside the PLC-network (LAN).
Secured with a Virtual Private Network connection
While the firewall protects the PLC-LAN from unauthorized access, it does nothing to protect the confidentiality and integrity of traffic from the router itself. For securing this traffic we use a VPN (Virtual Private Network) to connect to our own cloud environment, IXON Cloud.
This VPN ensures that all traffic to the IXON Cloud is sent across an encrypted tunnel. Because the VPN connection is initiated by the IXrouter, no incoming ports need to be opened by the customers’ IT department in either the corporate firewall or the one in the IXrouter, which dramatically lowers the security impact. Apart from the IXrouter, no additional hardware or software needs to be bought, set up or maintained, which significantly reduces implementation time.
As soon as the IXrouter is started, it sets up a network connection and starts the routers' VPN client to connect with the VPN server in IXON Cloud. IXON Cloud exists of a network of more than 50 servers distributed worldwide, that’s robust, secure and reliable. It contains different types of databases, services, user management and infrastructure and offers a highly reliable, secure and scalable VPN service enabling OEM, machine builders to connect at anytime from anywhere.
In IXON Cloud you can have your own private account. You individually add customers and configure machines. We make sure the networks scalability, integrity and reliability is ensured, so you can focus on what you do best: building machines!
Once the VPN connection with IXON Cloud is established, two ‘tunnels’ are used – one between your browser and IXON Cloud and another one between IXON Cloud and the IXrouter. This way the complete connection is fully secured.
- Read our Security Whitepaper for a detailed look at the IXON Cloud infrastructure
- Learn how Dylan Eikelenboom, security officer at IXON, protects and secures our cloud platform
Remote access to connected machines the easy way
You can access PLC’s remotely on a desktop computer, notebook or mobile device. We support all major PLC, IPC and robot/cobot brands, such as: Siemens, Beckhoff, PLCnext (Phoenix Contact), Lenze, ABB, B&R, Wago, Allen Bradley, Rockwell Automation, Sigmatek, Festo, Panasonic, Universal Robots and many more…
Just start your browser, log in to IXON Cloud and go to the machine you want to connect to and work remotely. The unique combination of a username and password establishes your identity and associates you with your machine(s). Just click on a machines VPN button to set up a secure tunnel with the machine's PLC.
It’s really that simple. Our remote access solution is the most secure and simple solution you can think of.