The world of automation would be inconceivable without remote access to machines. System operators expect mechanical engineers to service their machines remotely or connect to the machine via remote access in the event of a fault so as to provide immediate assistance. The times at which remote access was only used after malfunctions are long since past, as once remote access is set up securely and reliably, the communication channel offers diverse opportunities for new data-based services, such as prognostic maintenance, optimisation of process sequences and cross-site collaboration between production centres. The added value created in this way compared to pure remote access is considerable and opens up new business fields for system operators and mechanical engineers in the context of IIoT/Industry 4.0.
With the eWON product family, the company offers a scalable complete solution for secure remote access and data services in industrial applications. In contrast to manufacturer-specific solutions offered by some PLC manufacturers, who only support their own control system, the solution is available platform-independently and worldwide supporting almost all the popular brands and protocols. In other words, these solutions can integrate control systems of all familiar manufacturers in a platform independent and globally accessible overall concept. For mechanical engineers, this has the advantage of providing a uniform system for remote access to their plant and machinery, irrespective of which control has been installed in the relevant machine and what country the machine is located in.
Component 1: The hardware
The hardware basis is formed by a product series of industrial VPN routers, these offering significantly greater functionality than conventional IR routers. The eWON VPN router is installed in the machine on site and connected to the relevant control as a serial connection, via Ethernet, by WLAN or USB. The eWON routers ‘talk’ the language of the relevant PLC/Controller at one end and are integrated in the system via a secure VPN connection at the other end.
Depending on requirements, various VPN routers are used. The eWON Cosy is a VPN router for simple applications, with an emphasis on remote maintenance. The eWON Flexy is oriented to users with more demanding applications and enables individual adaptations for data processing, for instance, filtering the data to be transferred, thereby, enabling extensive data services.
Component 2: Talk2M server
As a cloud-based server, also called ‘broker’, Talk2M server is the integral part of the eWON solution, which guarantees an availability of 99.6%. The server manages the VPN connections and enables connections to be established easily between the PC in the control room and the machine in the remote system. The Talk2M service is available globally and comprises a networked, distributed group of currently 26 high-availability servers, which manage the VPN connections and provide protection against unauthorised access. The networked server group allows Talk2M to support redundancy and load management as well as international, guaranteed availability. Each eWON VPN router that is connected to a machine establishes an exclusive connection with the Talk2M server. An authentication mechanism ensures that each eWON router communicates with the Talk2M server that has the same key. A similar mechanism guarantees that each user can only communicate with the specific eWON routers for which he has been assigned access rights by the administrator.
Component 3: The software
The eWON software eCatcher is the openVPN Talk2M client for remote access as well as for the administration of systems and users. The software is installed on a Windows PC. Versions for mobile devices such as tablets and smartphones are also in preparation. The eCatcher allows users to connect to the eWON VPN router in the remote system from their PC – via the portal Talk2M – in order to access their machines.
Addressing security issues
Access to machines and systems via the internet brings many advantages, yet also entails new risks. The utmost attention has, therefore, been paid to security for Talk2M. The eWON technology consistently utilises the guidelines for cyber security in industrial applications according to ISA62443 and NIST SP800 following the ‘defence in depth’ principle for multiple lines of defence.
Key security features of the eWON technology include:
The entire data traffic is communicated in certificate-based and encrypted form via VPN connections corresponding to the openVPN standard proven and accepted in industry
Only outgoing connections are allowed. That means there is no need to make firewall ports accessible for incoming data in the Internet.
No static IP addresses are used
Access is via a 2-stage authentication (optional) and a graded user administration
Remote access enhancing business models
Once secure access is established for maintenance and commissioning in a remote system, both the system operator as well as the machine manufacturer can realise further applications via the same connection (remote services), thereby, creating real added-value. Remote services form the basis for more intelligent, smart and flexible factories, while enabling new digital business models with a focus on life cycle and service optimisation. Companies can offer their products in a whole new way within the conceptual framework of Industry 4.0 or create additional customer benefits through value-added services over the product life cycle and beyond.
The value added potentials can be illustrated on the basis of an inverted pyramid:
Connection and access: The focus here is on the physical connection via the internet to the remote machine and its control on site. The remote access to the machines and field equipment is realised via this connection. Field service technicians can be assisted during commissioning via remote access. Fault localisation, troubleshooting or PLC programming are also typical tasks that can be solved via remote access. Prognostic maintenance begins on this level and flows seamlessly into the next stage of monitoring.
Monitoring: Machine and system data can be visualised online and error messages can be sent automatically via the monitoring and alarm system. Not only does this help during troubleshooting, the user also receives information on the machine status and most important parameters, thanks to a summary of the machine data having been indicated — Is the wear within the typical scope? How many (non-critical) fault messages have accrued? This information allows appropriate decisions to be taken for prognostic maintenance.
Collection: The next stage involves the collection of machine or system data. The key term Big Data is appropriate here. At this stage, HMS recommends the eWON router Flexy, which preprocesses data, thereby making it easier for the user to analyse the prepared data.
Integration: The last stage involves integration of the solution in ERP systems and software on the company level. Stages one to four concentrate on establishing a connection, visualising live views and real-time data. But that alone is not enough. Integration of the eWON solution in other environments is indispensable for a complete IIoT/Industry 4.0 application.