Benefits of Wireless Machine Connectivity | Why Remote Access?
Posted by Mike Wojda in Networking
Machine builders, OEM’s and system support teams can take advantage of remote connectivity for support maintenance and diagnostics of complex equipment through remote access. All diagnostic and software tools can be used remotely (without need for local site copy) from anywhere in the world. Here are a few reasons why you should explore wireless machine connectivity for your organization!
Why should I allow Access?
With complex machines and costly processes, many times issues arise, or downtime occurs that may require timely response to expedite recovery. Allowing remote access may significantly reduce response times and problem resolution.
What is the eWON?
eWON is a remote access router/gateway that is used with a web server (Talk2M), designed for OEM’s to connect to user machines via the Internet. This hosted application acts as a secure broker and relays the communications originated by the OEM to the user’s site via an encrypted VPN tunnel. It is designed for and intended to be used in the industrial automation sector.
What is VPN and tunneling?
VPN (virtual private network) and tunneling are techniques that allow encrypted data links between your location and another (remote) computer. Tunneling encapsulates a specific stream of data within an encrypted protocol, making everything that travels through the tunnel unreadable to anyone along the transmission path. Using this technology, eWON only allows access to the machine network it is connected to, not any other devices on the host network.
What do I need at the machine site in order to use the Talk2M system?
All that is required is an Internet connection via your LAN (Local Area Network). Your LAN (connected to the WAN port of the eWON) should have permission to allow users to browse the Internet. The eWON uses this LAN to connect to the Talk2M server. The eWON needs the same type of settings as a PC connected to the same network (IP address, subnet mask and gateway, plus any optional proxy settings). The eWON is a DHCP client, so it can be, and typically is setup by the OEM, to be assigned a LAN IP address automatically. Unlike other VPN access schemes, the eWON needs NO SPECIAL PORTS OR FIREWALL SETTINGS to work. The assigned IP actual address is not restricted in range, nor does not even need to be known.
What if I cannot use DHCP Addressing?
The eWON can be set up to use a STATIC IP address that is assigned and controlled by the IT department. Also as previously noted, the eWON can work with most proxy servers, if required.
The Talk2M service is hosted on the Internet. Can anyone in the world can access the machine in my factory?
NO! Each eWON connected to your machine connects exclusively to the Talk2M server. An authentication mechanism ensures that each eWON talks only to the Talk2M server with the proper 32 character encryption key. Each user is authenticated with a unique user name and password. This ensures that an authorized user can only communicate with a specific eWON. All data exchanged via the Talk2M server and the Internet is encrypted, so the data remains secure. All traffic is monitored so a report can be generated at any time to show who had access, when it occurred and how much data was transferred.
The eWON is connected to my LAN. This means the OEM can see my entire network?
NOT TRUE! As noted above, each eWON is a router/gateway device that only allows encrypted traffic to the machine side (sub-net LAN) with the four (4) ports. The WAN side of the eWON only connects exclusively to the Talk2M server.
What does my IT department need to do to use the eWON?
Typically nothing! Talk2M tunnels are initiated by the eWON and use only outgoing connections. No incoming connections are made (in other words, the Talk2M server does not initiate tunnels), so no ports need to be enabled in your corporate firewall for incoming connections. In addition, Talk2M is designed to be minimally intrusive. This means that it uses the outgoing ports that are already enabled, which are usually the HTTP port (80) and the related secure HTTPS port (443) or UDP port 1194, and all firewalls remain intact.
A Talk2M tunnel can be configured to be always on. This means that the machine builder can access the PLC and make changes without my knowledge?
It is possible to configure the eWON with full user control for access. A switch connected to the eWON digital input can be configured so the VPN connection can be enabled or disabled. A static IP can be assigned and controlled by the IT department. Lastly, unplugging the WAN port denies all remote access.