Features of Managed VPN for Remote Access

Finished IoT machines should have built-in smart manufacturing capabilities, especially machines with advanced features such as motion control. Even if factories are not currently connected to the Industrial Internet of Things (IIoT), you can be sure that they will be in the future. Fortunately, it’s getting easier to connect, monitor, program and maintain machines and motion control systems using cloud-based remote access.

Industrial routers with VPN capabilities can connect to IIoT-enabled field devices, motion control systems, programmable logic controllers (PLCs), and human-machine interfaces (HMIs). The motion bus remains under the control of the motion controller or PLC and is only accessible at the system level for remote access. This means that remote access does not affect real-time control but is primarily used for monitoring and making adjustments.

How machines are getting smarter and how secure connections to the cloud allow people to access data anytime, anywhere. The key to making machines intelligent is accessing them remotely, collecting data, storing the data and making it securely available only to those who need it.

Use a managed VPN for secure remote access

Leveraging IIoT requires secure remote access solutions to collect, store and share data. As threats continue to increase and more systems are monitored and supported remotely, cybersecurity is more important than ever.

Managed VPN solutions have become popular in industrial applications because they provide secure VPN connections while making setup easier by simplifying network configuration. A typical managed VPN solution includes the following components: VPN router, hosted VPN server, VPN client, and connected components.

After the industrial router and VPN client establish connections with the cloud-hosted VPN server respectively, a secure connection can be established between the VPN client and the industrial router. The industrial router establishes this connection immediately after booting, but the VPN client only connects after an authentication request from the remote user. Once both connections are established, all data passing through this VPN tunnel is safe.

Most managed VPN solutions offer a free monthly bandwidth allotment for basic operations, and then offer premium plans for additional bandwidth. Normal troubleshooting and programming needs should fall under the data requirements on the free plan, but data monitoring may require additional bandwidth depending on the amount of data being transferred over the VPN.

DTU/Edge Gateway/IoT Platform/Gateway Module

The industrial router initiates communication with the server through an outbound connection to the standard port used for HTTPS traffic. This typically does not require changes to the company’s IT firewall and can satisfy IT security considerations. In contrast, traditional VPN solutions require opening inbound firewall ports, which are rarely allowed or supported by corporate IT.

Another advantage of a hosted VPN solution is extremely simple router configuration. Since the secure router will connect to a predefined cloud server, the router comes pre-configured and requires only the most basic network information from the user.

Hosted VPN requirements

For a hosted VPN solution, the following requirements should be met:

Single provider of hardware and cloud services

Easy to set up

Web-based configuration platform

Securely Hosted VPN

Custom user permissions

Support cloud data recording

Wireless communication options

Security lock

As opposed to coordinating among multiple vendors, using a single vendor not only simplifies purchasing and implementation but also provides support for the entire system. If different vendors are used (for example, one for data logging and another for remote access), it is often difficult to determine which vendor to turn to for help, and each vendor will often blame the other for any problems. one. Using a single vendor can alleviate these types of issues, especially if the vendor offers free support.

The web-based platform provides quick and easy configuration, often as simple as registering an account, configuring and downloading router settings, and installing a secure client on your PC.

Cloud connections must be secure for both data collection and user access. Proven encryption standards such as TLS 1.2 should be used. Advanced user management, event logging and two-factor authentication (which requires a second time-based password to be generated upon login) are also required for a secure system. The router’s internal firewall keeps the factory floor network isolated from the corporate network.

Routers can be utilized to collect, store and display data in the cloud platform. This method requires an advanced router with data logging capabilities and cloud connectivity. Cloud data logging typically requires additional licenses or subscriptions from the router vendor to collect and store data in the cloud.

In addition to wired LAN options, remote access solutions should include Wi-Fi or 4G LTE connectivity options. Wi-Fi provides a simple access point or client connection, while 4G LTE provides access from remote locations without the need for existing Internet access. An important security feature of a VPN router is a digital input for a switch to enable or disable communication locally, preventing remote control of the machine during maintenance.

Hosted VPN solutions allow users to remotely access PLC, HMI or SCADA systems in manufacturing plants and ultimately motion control systems. Advanced routers also allow data to be forwarded to and stored in the cloud. Once the data is in the cloud, it can be monitored in real time via dashboards or downloaded for further analysis.

Keywords: Industrial router usage environment standards

Contact Us