How to set up secure remote access for industrial machines
What is industrial remote access?
With remote access to industrial machines you can remotely troubleshoot and program programmable logic controllers (PLCs), view and control Human Machine Interfaces (HMIs), connect to an IP camera for assistance or support field technicians with specific problems. About 90 percent of operating problems faced by industrial machine builders, original equipment manufacturers (OEMs) and manufacturing companies can be solved by industrial remote access to a machine’s control system. This is beneficial to both machine manufacturers and manufacturing companies.
For machine manufacturers, troubleshooting machines remotely without going on site drastically reduces support costs and travel time. The recovered time can now be spent dealing with other support questions. Because it's hard enough to find good staff at the moment, this is a huge bonus. For manufacturing companies it means their machine problems are solved more quickly, which improves their overall equipment effectiveness. In this article we show you how to set up remote access and give you a bit more background. You’ll learn what security issues we’ve solved for you, how we did it and how easy it is to use IXON Cloud for remote access.
→ Use our ROI calculator to see how much you can save with remote access
→ We give you 4 reasons why you should choose IXON as your IIoT partner
→ Read what information you can get from your machine data
Set up secure remote access (VPN) to industrial equipment
The IXrouter, our industrial VPN gateway, is designed to offer you easy remote access across the internet to machines and installations on customer sites or in the field. It’s fully integrated with the IXON Cloud and automatically connects to the IXON Cloud platform. Your machines are remotely accessible in just minutes with our Quick Start Guide. Check out the 3 Step Setup video or below a short demo video.
Video: how to set up the IXrouter and connect it to the IXON Cloud platform in 3 minutes
That’s it! Now you can access your machine from anywhere on any device. And you get instant access to all other features, like Cloud Access (watch the video), Cloud Logging (watch the video) and Cloud Notify (watch the video).
Although we’ve focussed on remote access and VPN, IXON Cloud also provides you with easy and secure access to a VNC or HTTP server that runs on your PLC, HMI or other hardware, without requiring a VPN connection. With your IXON account you can quickly access the VNC or HTTP server on any mobile and desktop device with an internet connection over HTTPS.
How does remote access over VPN work exactly?
A prerequisite for remote access is that machines can be accessed from the internet in a secure way. After all, nobody wants to undermine the security or daily operations of the parties involved.
IT departments are loath to grant blanket network access to third parties. To qualify as a solution, it’s therefore imperative that the security of an IoT solution meets their expectations. IXON deflects security concerns by using three key technologies: firewalling, VPN and cloud computing.
Different models of the IXrouter allow you to choose the most appropriate connection type, ethernet, wifi and/or cellular. This way customers have great flexibility to pick the most appropriate technology to allow secure remote connection within their operation. As high-speed local area network (LAN) with fast broadband internet connections are omnipresent, ethernet or wifi usually are the first to be considered. If this is not possible due to local conditions, a cellular connection can be used.
Defending your network with a robust firewall
As the IXrouter is connected to machine PLC’s, we have to make sure it’s secure from the start. After all, machine controllers were never designed for security. Their operating systems are not updated and do not contain the latest security mechanisms. It’s imperative that machine controllers are never connected to the company network while linked to other devices.
The IXrouter isolates these out-of-the-box with its built-in firewall. By default, the machine network and corporate networks are completely isolated by our remote access gateway. Only if you explicitly changed it during initial configuration, traffic can be forwarded. This way the IXrouter completely secures machines against unwanted access from actors outside the PLC-network (LAN).
Secured with a Virtual Private Network connection
While the firewall protects the PLC-LAN from unauthorized access, it does nothing to protect the confidentiality and integrity of traffic from the router itself. For securing this traffic we use a VPN (Virtual Private Network) to connect to our own cloud environment, IXON Cloud.
This VPN ensures that all traffic to the IXON Cloud is sent across an encrypted tunnel. Because the VPN connection is initiated by the IXrouter, no incoming ports need to be opened by the customers’ IT department in either the corporate firewall or the one in the IXrouter, which dramatically lowers the security impact. Apart from the IXrouter, no additional hardware or software needs to be bought, set up or maintained, which significantly reduces implementation time.
As soon as the IXrouter is started, it sets up a network connection and starts the routers' VPN client to connect with the VPN server in IXON Cloud. IXON Cloud exists of a network of more than 50 servers distributed worldwide, that’s robust, secure and reliable. It contains different types of databases, services, user management and infrastructure and offers a highly reliable, secure and scalable VPN service enabling OEM, machine builders to connect at anytime from anywhere.
In IXON Cloud you can have your own private account. You individually add customers and configure machines. We make sure the networks scalability, integrity and reliability is ensured, so you can focus on what you do best: building machines!
Once the VPN connection with IXON Cloud is established, two ‘tunnels’ are used – one between your browser and IXON Cloud and another one between IXON Cloud and the IXrouter. This way the complete connection is fully secured.
- Read our Security Whitepaper for a detailed look at the IXON Cloud infrastructure
- Learn how Dylan Eikelenboom, security officer at IXON, protects and secures our cloud platform
Remote access to machines the easy way
You can access PLC’s remotely on a desktop computer, notebook or mobile device. We support all major PLC brands and robot/cobot brands, such as: Siemens, Beckhoff, PLCnext (Phoenix Contact), Lenze, ABB, B&R, Wago, Allen Bradley, Rockwell Automation, Sigmatek, Festo, Panasonic, Universal Robots and many more…
Just start your browser, log in to IXON Cloud and go to the machine you want to connect to and work remotely. The unique combination of a username and password establishes your identity and associates you with your machine(s). Just click on a machines VPN button to set up a VPN connection with the desired machine.
It’s really that simple. Our remote access solution is the most secure and simple solution you can think of.