Beckhoff: Get ready for the next automation revolution
Industrial Ethernet Book Issue 75 / 39
Request Further Info   Print this Page   Send to a Friend  

VPNs and mobile networks for building access control

Innovative solutions for building automation access control, alarm systems, remote maintenance and remote control are relying on secure data transmission and virtual private networks. Using advanced protocols and automatic Layer 3 encryption, DORMA's door system solutions provide secure, uninterrupted communications that produces both reliable access control and fast fault clearance in the event of failures.

DORMA's door systems use custom-tailored remote communications to secure data transmission via a virtual private network over the Internet or mobile networks.

Automatic door systems by DORMA combine design excellence and use of secure remote network communications as critical parts of their product offering. Advanced control and telecommunications components, secured by Ethernet networking and technology solutions, are used in these systems to provide reliable access control and fast fault clearance in the event of failures.

DORMA Holding GmbH & Co. KGaA is based in Ennepetal in the south of Germany's Ruhr region, and sells sophisticated door systems to hotels, office towers, airports, and shopping centers all around the world. The family-owned business offers a wide and versatile range of automatic doors that are automated using Phoenix Contact components.

The integration of new automation solutions results in building designs that leverage secure networking technology to ensure that busy entrances can be implemented with a high level of security. A building's entrance area is very much its calling card. As well as providing a great first impression, it also needs to ensure a secure, uncongested traffic flow in and out of the building.

For this purpose, DORM A fits its automatic KTV SECURE access control systems with card readers. After access is granted to an employee or visitor, the entrance is unlocked via a pulse signal. Once the person has passed through the door, the system relocks the access until the next pulse signal is received. Inline compact controllers (ILC 1xx) are at the core of the access-controlled KTV SECURE revolving doors. These controllers provide all the relevant functions and interfaces required for smooth traffic flows and high reliability.

Secure Data Transmission

DORMA's customer service provides a significant advantage over competing solutions. The DORM A technicians not only install and set up the doors on site, they also offer custom-tailored services. These include secure data transmission via VPN (Virtual Private Network) over the Internet or mobile networks which is facilitated using mobile routers. One of the great advantages of mobile telecommunications is that data can be sent all over the world. Of course, the data is never transmitted directly from the sender to the receiver. In essence, the data transfer proceeds as follows: The mobile transmitter wirelessly sends the data to the nearest cell tower. From there, it is forwarded to the core network of the telecommunications provider and sent to the recipient via the Internet.

This requires mobile services to transmit the IT-based data packets via the mobile network. These services include the standards of the third mobile generation (3G), such as UMTS and HSPA, as well as GPRS and EDGE, which operate within the GSM network. These all segment the data into small packets and then send them - a process known as 'packet switching.' Volume-based billing of IP data packets helps to lower the transmission costs, as this means that only the actual amount of data that is sent or received is being paid for.

Access via VPN Connection

In order for industrial data communications within mobile networks to be secure and reliable, several aspects need to be taken into consideration. For one, the mobile network needs to provide sufficient coverage, and an industrial-grade mobile router is needed that has an IP address within the mobile network. A dynamic IP address such as those that most mobile providers give out for Internet access suffices for this.

UMTS/HSPA and GPRS/EDGE mobile services are set up so that the router initiates the communication process within the mobile network, connecting to an Internet server outside of the mobile network. The provider supplies a firewall between the mobile network and the Internet. This prevents data being sent into the mobile network from the Internet, protecting mobile users from unauthorized access. This way, the router can communicate with the Internet, and any replies to the router's queries are permitted to pass through the firewall. However, it is not possible for an Internet user to initiate data exchanges with users inside the mobile network.

Software visualization tools provides a transparent overview of the on-site situation to simplify system management.

Continuous monitoring of every single automatic door is not necessary. This is why the DORMA maintenance technicians have mobile remote servicing boxes at their disposal. When needed, these can be installed very quickly. A remote servicing box contains a mobile router which has Ethernet ports for easy connection to ILC 1xx Inline compact controllers installed on site. Should the technician not be able to clear the fault on location, one of the experts from the Ennepetal headquarters can access the Inline controller via an encrypted VPN connection.

Compact controllers provide uninterrupted communications from the sensors in the door systems to headquarters.

The controller features a Web server for this purpose, providing a low-cost visualization system. This is set up very easily using the WebVisit software tool and stored on the ILC 1xx. The visualization system displays accurate status information, records detailed logs, and provides a range of testing routines. This way, the remote expert can obtain via VPN remote access an accurate profile of the fault and assist the on-location technician with targeted advice.

All that is needed to access the visualization system is a Web browser, which is provided as part of any standard operating system.

Automatic Layer 3 Encryption

The Internet is a universal medium for transporting many different types of data. However, non-encrypted Internet connections are considered to be insecure. Adequate security measures are absolutely necessary when it comes to exchanging in-house company data, as is the case with remote maintenance access. Data transmission via a closed VPN tunnel as well as the well-proven IPsec protocol has turned out to be the most effective solution in this regard. VPN is a type of network that is physically operated within another network, such as the Internet.

Cryptography is used to ensure the integrity,trust, and authenticity of communications within the VPN, and securely isolates the virtual network from the host network. IPsec is a Layer 3 IP protocol extension that encrypts and authenticates information and ensures its integrity. Every data packet that exits a system or is sent from another system needs to pass through Layer 3. Here, it is automatically encrypted, and access on both sides of the tunnel is secured by firewalls. Layer 3 does not contain any software, scripts, or operating systems that could be manipulated.

Two IPsec protocols are used for protecting Internet communications: ESP and AH. Tunnel mode protects the IP packet as a whole by hiding it inside another IP packet and adding an IPsec header. With this type of encryption, the destination addresses of the IP packets cannot be read as they pass through the Internet. Information about the encryption and authentication process is needed in order to unlock the packets for further processing.

These attributes are stored within the devices as security associations. IPsec uses the IKE protocol for exchanging SAs in two stages. In the first stage, a secure tunnel is created for communication to exchange the SAs in the second stage. As a consequence, the tunnel connections are transparent for all applications, and they are encrypted and authenticated on the network level.

The mobile remote servicing box is installed in close proximity to the door system, and simplifies the process of maintaining the system's performance

Uninterrupted Communications

In the door systems, the ILC 1xx compact controllers function as the central link between the sensors and the drive components. These special PLCs can be flexibly expanded with the standard and function modules of the Inline automation range, enabling DORMA to accommodate all the specific requirements of each application. The controllers, which are programmed via the PC Worx Express software, also support all the relevant automation and IT protocols.

This facilitates an uninterrupted communication path from the sensor right through to DORMA's headquarters in Ennepetal. As mentioned above, the built-in Web server and the WebVisit software provide easy authoring of user Web pages which can be loaded into the controller. As a result, DORMA can operate and monitor the door systems remotely via a standard Web browser. There is also a built-in FTP (File Transfer Protocol) server, which can be used to write data to the controller via the network and to import application data logs.

Standardized Programming

All of the Phoenix Contact controllers used in this application are programmed in accordance with IEC 61131-3 using the company's PC Worx engineering tool. The software works with the programming languages Structured Text, Function Block Diagram, Ladder Diagram, Instruction List, and Sequential Function Chart. PC Worx provides an engineering tool for managing workflow that facilitates getting users working effectively in the programming environment. A free version of PC Worx Express is available for small to medium-sized applications and was specifically designed for compact controllers like the ILC 1xx.

A feature of the controller technology that proved useful in this application is the ability to make a full and complete migration of all controller classes in one engineering step. What that means is that all units ranging from compact controllers through to high-end PLCs can be uniformly programmed via PC Worx. This can be particularly useful when staff resources are limited. If the controller needs to be upgraded to meet new application requirements, all the user needs to do is replace the PLC. The workflow and programming remain unchanged, in turn making programming more efficient.

Andreas H. Schmidt, Communication Interfaces Product Marketing for Phoenix Contact Electronics GmbH works in Bad Pyrmont, Germany

Source: Industrial Ethernet Book Issue 75 / 39
Request Further Info    Print this Page    Send to a Friend  


DINSpace fiber optic and Cat 6 patch panels
Siemens IWLAN  the WLAN for challenging industrial applications
Accelerate your HART data at the speed of Ethernet
Industry of Things World

Get Social with us:

© 2010-2019 Published by IEB Media GbR · Last Update: 21.10.2019 · 19 User online · Privacy Policy · Contact Us