Remote Access options for Control Systems

Remote Access OptionsA common client question these days is, “what is the best remote access option to connect to my control system?”

There’s no single answer to this question as different sites often had unique infrastructure and connectivity challenges. With that in mind, in this article I’ll review five different remote access options used in industry today.

Virtual Private Network (VPN)

VPN LoginWhen a Systems Integrator (SI) or Original Equipment Manufacturer (OEM) works with an End User who has a modern IT infrastructure, the End User will commonly have remote access via Virtual Private Network (VPN) connection available for the SI or OEM to use upon request.

In this scenario, when the SI or OEM asks for remote access, the End User’s IT department sets up a VPN login with access strictly to the Ethernet control system devices the SI or OEM needs to connect to. Once setup, and the login credentials shared with the SI or OEM, they will be able to connect directly to their control system devices via the internet and VPN connection. And by connecting directly to their equipment, they can program or configure them with any software they have installed on their PC.

While typically VPNs are only an option with larger firms, it is a quick, easy, and secure means of remote access (and my preferred choice.)

Remote Desktop, Terminal Services, Citrix

Remote Desktop ConnectionSimilar to the above VPN option, the Remote Desktop / Terminal Services / Citrix option differs is so far as it does not allow direct access to control system itself. Instead, the End User’s IT department grants the SI or OEM an Internet login to a “remote desktop” or Terminal Server/Citrix session hosted on a server in the End User’s facility.

The Automation School – PLC Basics – Sidebar Banner
In this scenario, since the SI or OEM is “remotely logging in” to a “remote desktop” session, all the software and licensing needed to program and configure the control system needs to be installed on the Remote Desktop / Terminal Services / Citrix server within the End User’s site. This provides the End User with a much higher degree of control and security as he controls the programming environment, including permissions and software available, which the remote user will have access to after logging in.

The advantage of this remote access option is how the End User could institute restrictions on remotely connected users as needed. For instance, by changing the virtual desktop control system software permissions prior to starting a critical phase of production, they could in fact limit the remote user’s ability to make any changes to the control system, essentially putting the remote user into a “monitor” only mode. Once the production phase was completed, if needed the End User could once again allow remote users the ability to make control system changes.

In contrast, when using a VPN the remote user’s computer is directly connected to the control system, and the permissions on the remote user’s system determines his capabilities when interfacing with control system devices the End User selects. This results in the End User being limited to allowing or disallowing the connection, but doesn’t allow for controlling what can be done once connected.

Remote Access and Control software

PCAnywhereFor decades controls engineers have been using packages like “PC Anywhere” to remotely connect and control PC’s. This was originally accomplished using the plain old telephone system (POTS,) but for the last decade it’s been predominately done using the Internet. One advantage of this method is you only need a phone line or Internet connection and a PC stationed with the control system, and no other setup or management needed from the on-site IT department.

These days you no longer need to buy a shrink wrapped product Like “PC Anywhere” to achieve this functionality. Websites likes GoToMyPC, apps like LogMEin, and freeware like VNC, all allow for the same functionality at little or no cost.

The way these packages work starts with installing the software on the PC you wish to remotely control. You then identify the PC by giving it a unique name, and setup user accounts, passwords, and permissions to allow remote access the PC. Then on your remote device (PC, tablet, or smart phone) you install the client software used to remotely connect and log into the PC.

Like the Remote Desktop option, with Remote Control software all the licenses and software needed remotely must be installed on the PC located with the control system as you are just remotely that PC across the Internet.

Remote Access Hardware: Internet Gateway

Spectrum Controls WebportWhen it’s not possible or cost effective to install a remote PC with software licenses at the end user’s site, and there is no It department to manage a VPN or Terminal Server, the next best thing is to install a remote access internet gateway.

These devices, like the Spectrum Controls Webport pictured on the right, act much like the GoToMyPC service but without the remotely installed PC and software licenses. You simply install he device remotely with the control system and provide an internet connection. The you login to the device, and setup users, passwords and access options.

Once configured you can remotely connect with your PC and be connected to the control system devices on the same Ethernet network as the remote access gateway.

Remote Access Hardware: Cellular Access

Cellular Remote AccessSimilar to Remote Access Internet Gateway devices, the cellular version only requires a strong cell signal, where the internet gateway required internet access at the control system.

The down side is the need for a strong cellular signal, any antennas and antenna cables needed to get that signal, and the cost of a cellular data plan with enough data for the predicted usage.

But when you need to communicate to remote locations where no internet or phone service is available, and line of sight is prevented by the terrain, cellular remote access can be the most affordable remote access option.

Remote Access Hardware: Dial-up Access

A-B RadkitsWhile Remote Access via Internet Gateway or Cellular Modem rely on modern technologies, some applications will still be best served by a legacy POTS phone line, and that’s where dial-up access comes in.

Having used several different “over the counter” modems I can say without a doubt that the Rockwell RADKIT’s pictured to the right are by far a much better solution for A-B PLC’s as they are guaranteed to work, come with all the necessary cables, and select the settings is as easy as flipping a dip switch.

The Ethernet Switch version is especially suited to today’s control systems which many OEM’s and SI’s ship into areas where only standard phone lines are available.

 

I hope this article about remote access options for control systems was helpful. If you have any questions or comments please use the “Leave a reply” form at the bottom of this page to comment on this article.

Sincerely,

Shawn Tierney
Automation Blogger and Trainer

Need personalized help? For as little as $25 per month you can get direct access to ask me Rockwell PLC, HMI, and SCADA questions! Learn the details at Patreon.com/Automation

The Automation School – PAC Basics – Article Banner Top

Check Also

Best of 2013 PLC Blogs Featured Image

The Automation Blog's "Best Of 2013" Programmable Controller blogs

Welcome to the first article in our “Best of 2013” series. Today we focus on …

RSLinx Classic Topic for Excel Featured Image

Getting Allen-Bradley (A-B) Programmable Controller data into Excel using RSLinx Classic

If you would like to display data from your Allen-Bradley PLC or PAC in Microsoft Excel, …