TechnologyJuly 23, 2024
Remote connectivity focus on performance and cybersecurity
A series of technology trends are driving the latest solutions for industrial remote connectivity by leveraging innovations such as OpenVPN to simplify management of multiple remote connections. More companies are looking for solutions to connect to their machines/devices remotely and security remains a highest priority.
INDUSTRIAL REMOTE CONNECTIVITY SOLUTIONS enable the ability for engineering and service personnel to connect securely to automation machines from anywhere in the world. Secure connections provide a vital link to implement data collection, programming and troubleshooting tasks, creating an effective method to collect and visualize machine data on user-friendly dashboards, with KPIs and alarms to prevent downtime.
For this Remote Connectivity update, the Industrial Ethernet Book reached out to industry experts to gain their perspectives on how remote connectivity technology is continuing to move ahead with a focus on improvements with connectivity software and an ongoing focus on cybersecurity.
Secure remote connectivity
Growing use of encrypted OpenVPN or IPSec tunnels for secure connections.
A series of technology trends and innovations are driving the latest solutions for industrial remote connectivity leveraging innovations such as OpenVPN to simplify management of multiple remote connections, Jeff Marcum, Sales Engineer for Red Lion Controls, told the Industrial Ethernet Book recently.
“More companies are looking for solutions to connect to their machines/devices remotely. Remote connectivity has been used for several years, many times using a cellular modem/router on site, with the cellular modem/router in front of the devices and doing a port forward of incoming traffic to those devices. In recent years, security has become a higher priority, and companies are adopting encrypted tunnels for connection – normally OpenVPN or IPSec tunnels,” Marcum said.
“Remote connections are commonly used by engineers, technicians and OEMs for regular maintenance of devices, programming changes of a PLC or HMI (for example), troubleshooting and data collection or monitoring,” Marcum added.
Although remote connectivity is often used for accessing equipment in remote locations (an oil field for example), that is not always the case, Marcum added. Remotely connecting to a machine on the factory floor can be a big advantage for technicians and engineers as well, allowing them to make configuration changes, troubleshoot and maintain equipment without having to travel to multiple sites.
Leveraging technology
Red Lion’s FlexEdge platform provides the ability to easily access company assets remotely by offering an optional cellular interface that can be used for direct connection to the unit or port forwarding through the unit to end devices. OpenVPN tunnels are easily created on the FlexEdge as well (on any active interface) allowing secure / encrypted connectivity to not only the FlexEdge itself but equipment behind the unit.
Users can create Point to Point tunnels, Many to One tunnels (where one FlexEdge acts as a server to multiple clients), or tunnels to a company owned OpenVPN Access Server.
Marcum said that what makes this technology unique is the ability for Red Lion’s FlexEdge to operate as an all-in-one protocol converter, router, cellular gateway, VPN tunnel endpoint, and more, that will displace multiple pieces of hardware in an application.
“Being a Layer 3 device, the FlexEdge is a router and firewall that can sit between different networks providing routing capabilities and security,” Marcum said. “With its modular design the user can select the type(s) of network interface is needed for each application, including cellular, Wi-Fi and additional Ethernet interfaces.”
FlexEdge can serve as an OpenVPN client, server or both simultaneously, providing secure connectivity wherever it’s located. If VPN tunnels aren’t necessary, the cellular interface on the FlexEdge can allow users to remotely access the FlexEdge itself as well as equipment behind it.
“The FlexEdge is more than a network device however. With Red Lion’s Crimson® software, not only can it provide connectivity to equipment in remote environments, it also provides a suite of automation capabilities including protocol conversion, system control, virtual HMI, data logging, MQTT communication and more,” Marcum said.
Applications and industries
Almost any type of application or industry can benefit from remote connectivity solutions. Examples include Oil and Gas, Water/Wastewater, Utilities and even the factory floor. Many companies or machine builders have equipment at truly remote locations or multiple remote locations (e.g. Oil and Gas).
Having the ability to connect to the devices on site without the need to travel to those locations can offer huge savings in time and expenses. Mobile equipment, such as Frac Trucks, are another example use case for remote connectivity. If needed, engineers or technicians can connect to the devices on the truck for maintenance or necessary configuration changes no matter where the trucks are located.
Engineering challenges
Most companies have equipment in multiple locations. Those locations can be spread out over a region, country or even around the world. Engineers and technicians need the ability to access on site equipment (PLCs, HMIs, etc) for regular maintenance, configuration or to quickly resolve an issue. Being able to remotely connect to assets can greatly save on the time and cost of someone having to drive (or even fly) to the site.
“Challenges that arise when considering remote connectivity include deciding what type of network connection is available or needed (cellular, local Ethernet connection, etc), are tunnels needed, what type of tunnel and how many? The type of hardware needed to facilitate that connection has to be decided on as well. Lastly, once those decisions are made, someone has to understand how to provision that remote access device and methodology being used,” Marcum stated.
Red Lion’s FlexEdge is designed to make setting up communication easy. FlexEdge offers a cellular interface that can be used for direct connection to the unit or port forwarding through the unit to end devices.
“OpenVPN tunnels are easily created on the FlexEdge as well (on any active interface) allowing secure / encrypted connectivity to not only the FlexEdge® itself but equipment behind the unit,” Marcum said. “Users can create Point to Point tunnels, Many to One tunnels (where one FlexEdge® acts as a server to multiple clients), tunnels to a company owned OpenVPN Access Server.”
Increased complexity to support IoT and IIoT devices
Robust connectivity and seamless integration a priority to address AI, machine learning, encryption and firewall requirements.
According to Lars Walpurgis, Product Owner Sinema Remote Connect at Siemens, remote connectivity solutions are moving forward to leverage 5G communications and accommodate new IIoT requirements while also addressing heightened security concerns.
“The latest solutions for industrial remote connectivity are driven by several key technology trends. For instance, 5G integration offers high bandwidth and low latency for real-time data transfer. Furthermore, edge computing brings processing power closer to data sources, reducing latency and improving efficiency,” Walpurgis told IEB recently. “Also, advanced cybersecurity measures ensure data integrity and secure remote operations. A key for that is a unified Identity and Access Management (IAM) to securely authenticate and maintain users and machines.”
“The increasing demand of IoT and IIoT devices necessitates robust connectivity solutions for seamless integration. The latest AI and machine learning technologies enable predictive maintenance and process optimization, while software-defined networking (SDN) allows flexible, centralized network management, enhancing scalability and adaptability in industrial environments,” Walpurgis said.
He added that industrial remote connectivity technology is unique due to its comprehensive security measures, such as advanced encryption and multi-layer firewall protection, which ensure data integrity and secure remote operations. Its high reliability and seamless integration with various existing systems and network protocols make it adaptable and versatile for different industrial needs.
Remote connectivity focus
Walpurgis said that remote connectivity solutions are predominantly focused on industries like manufacturing, process industries, energy, and public infrastructure.
These solutions are critical for applications such as remote monitoring, which allows for the observation of industrial processes from a distance; predictive maintenance, which uses data analytics to predict equipment failures and schedule timely maintenance; decentralized control systems, which distribute control functions across various devices for increased reliability and efficiency; and real-time data processing, which enables immediate analysis and response to data collected from industrial operations.
Siemens offers the SCALANCE M series of industrial routers, which provide secure remote access to machines and plants. This solution supports VPNs, 5G communications, firewall functionalities, and various mobile and broadband connections, ensuring reliable and secure communication.
Key benefits include reduced downtime, efficient maintenance, and enhanced data security.
Moreover, SINEMA Remote Connect, Siemens’ management platform for remote networks, is a server application which facilitates simple, secure remote access to widely distributed machinery and plants, such as for remote maintenance.
SINEMA Remote Connect ensures the secure administration of VPN tunnel connections between the control centers, the service engineers and the installed systems. Secure remote maintenance can then be carried out via the TIA Portal, for example.
This avoids direct access to the corporate network in which the machine to be maintained is integrated. The stations that are to communicate with one another “meet” at a neutral location—the SINEMA Remote Connect Server, also known as a rendezvous server.
This then verifies the identity of the individual stations by an exchange of certificates before access to the machine via the corporate network or cellular network and the dedicated SCALANCE industrial router becomes possible.
Addressing customer pain points
“Automation engineers face several challenges, including ensuring secure remote access to sensitive industrial systems, managing the complexity of network configurations, and minimizing system downtime,” Walpurgis said. “Modern remote connectivity solutions address these challenges by providing secure and encrypted communication channels that protect against unauthorized access and cyber threats. They also offer user-friendly configuration tools that simplify network management and setup. Upcoming European security regulations like Cyber Resilience Act (CRA) and NIS-2 are additional challenges.”
The vital importance of cybersecurity solutions
Remote solution leverages IEC 62443 security standards.
Sébastien Thinnes, Product & Marketing Director at Ewon, underscores the significance of cybersecurity and IEC 62443 for customers.
“The security of our IIoT solutions is paramount,” Thinnes said. “By implementing IEC 62443 standards, we ensure that our products provide robust protection against emerging threats, safeguarding our customers’ industrial operations.”
Ewon remote solutions from HMS Networks have always prioritized security. Recently, the Ewon Cosy+, a solution for remote access, was assessed against IEC 62443-4-2 criteria by NVISO, a globally recognized cybersecurity expert, for cybersecurity. As the industry evolves, so do the standards of excellence, with IEC 62443 emerging as the benchmark for cybersecurity in industrial automation technology.
Understanding IEC 62443 standards
The IEC 62443 standards provide a comprehensive framework for safeguarding industrial equipment against cyber threats, complementing the already established ISO 27001 framework, which focuses primarily on IT security. The IEC 62443 standards outline the essential requirements for protecting industrial systems from security breaches. For machine builders, systems integrators, and plant operators, compliance with IEC 62443 is crucial for IIoT security.
According to Cédric Bassem, Senior Manager Application and Product Security at NVISO, “One of the strengths of IEC 62443 is that it provides a framework that IIoT manufacturers can use to align their device’s security requirements with the cybersecurity ambitions of the factory owners.”
How to implement IEC 62443 standards
According to eWon, developing a secure automation solution begins with identifying risks through a detailed threat analysis for the involved systems and components. This leads to the creation of a robust security plan. The next step involves establishing appropriate processes and ensuring staff are trained in security protocols. Security extends beyond technology to encompass well-defined processes and qualified personnel.
Given the evolving nature of cyber threats, it is vital that protection systems adapt over time. Continuous monitoring, maintenance, and updates are essential to maintaining security.
IEC 62443-4-2 criteria
With Ewon remote connectivity solutions from HMS Networks, security has become the cornerstone priority for product developers. And this commitment to cybersecurity is demonstrated through compliance with certification standards such as ISO 27001.
To maintain the highest cybersecurity standards, HMS Networks has partnered with NVISO, a leading independent organization specializing in industrial cybersecurity. Nviso strengthens the Ewon security measures by conducting regular testing, providing trainings and other recurrent security verifications.
Recently, with the support of NVISO, the Ewon Cosy+ was evaluated against IEC 62443-4-2 standards. Based on the assessment results provided by Nviso, Ewon reports that its product will seamlessly integrate into customer environments and support their IEC 62443 implementation and roadmap.