White Paper: Internet Access in a Process Control Environment

WAGO Corp. Apr 21, 2006


Industrial automation is no longer limited by the walls of a production facility. More and more automation is being handled via remote communication, whether it's from the office or from the comfort of your own home. Today's PLCs give you the ability to access your control system to handle such tasks as monitoring via a website to determine the condition of a machine or check other statistics. With the latest PLC technology, almost anything that can be accomplished next to the machine can be accomplished wherever there is an Internet connection.

Connecting to the PLC from a Remote Location.

The latest generation of PLCs have an integrated Ethernet port on the controller for two main operations. The first is controlling remote I/O on Ethernet based protocols like EtherNet/IP,Profinet, or Modbus/TCP (UDP) to name a few. The second is to program and/or debug the internal program of the controller. With these features, and utilizing the Ethernet's other services such as a web and ftp server, remote administration of a control process becomes possible.

The first step in connecting remotely is to setup the controller to handle communication from both the local network as well as, handle messages from a wider network such as the Internet. This is accomplished by adding a gateway address to the Ethernet communication settings on the controller. Thereby, allowing the controller to send and receive IP messages that are not established inside the local network.

This gateway address is usually assigned to an Ethernet router. Routers provide a way of directing, or "routing," IP traffic to the correct Ethernet device inside the LAN (Local Area Network). Routers come in all shapes and sizes; from a computer (with two NIC cards and routing software) to an off-the-shelf broadband router, both handle the communication traffic pretty much the same way. The most common way of routing network traffic between a LAN and wide area network (WAN) is to use a network address translation (NAT). NAT provides a way of taking a single IP address, supplied by the Internet service provider (ISP), and allowing multiple devices to share the same Internet connection.

Unfortunately, the NAT does not provide a true end-to-end connection. This means, by default, that a TCP connection established outside the local network may not be able to connect with the destination device - due to the fact the IP address of the destination device is hidden behind the router. In order for this type of communication to occur, the process of port forwarding must be used. Port forwarding occurs when communication from outside the network sends a message to the router's IP address; the router determines where to send the packet based on the port number. NAT lack of end-to-end connectivity may be considered a problem in some circumstances but it also provides a simple means of network protection.

Protection

By attaching a programmable logic controller to a network with Internet access, the device will be exposed to all of the same possible security threats as a computer.

One of the best security measures is to select a controller that utilizes an embedded operating system not popularly used by the consumer public. This helps keep the PLC from being vulnerable to attackers using known exploits to the operating system because the knowledge base is much smaller. "Security through Obscurity" is the phase coined by this type of security measure.

In addition, a properly configured router can provide effective protection for the control network from potential attacks. Utilizing the lack of end-to-end connectivity prevents most unsolicited requests for communication outside the local area network. When setting up a router, be sure to limit the amount of open ports. For example, an open FTP port can lead to a possible exploit by uploading a program to override the operation of the controller. The best rule of thumb is never keep a port open that is not being used regularly.

For increased protection, a virtual private network (VPN) can be setup to increase the security by encrypting the data transmission when traveling over a public network - such as the Internet.

Instead of opening all the ports that are needed to handle communication to the control network, one single authenticated network port passes the encrypted communication so the user can have all of the access as if they were inside the local area network.

Summary
By applying these simple techniques to modern day control networks, new options are available for the control design. Data collection over great distances is one of the best uses for this technology. Control systems can be more easily integrated within a business network for couplingthe supply chain management to the factory floor.

Author Information:
Paul Reszka, Application Engineer
WAGO Corporation
Tel: (262) 255-6333 ext. 154
Email: paul.reszka@wago.com/

WAGO Corporation N120 W19129 Freistadt Road P.O. Box 1015 Germantown, Wisconsin 53022-1015
Telephone 262.255.6222 o Facsimile 262.255.3232 o info.us@wago.com o www.wago.us
ISO 9001:2000 Registered.

White Papers & Case Studies

View All White Papers & Case Studies

View All Resources

All Topics

Manufacturing Innovation

Industry Trends

Engineering & Design

Sales & Marketing

Supply Chain

Career & Workforce

Company News

New Products

Thomas Index

Daily Bite

Find Suppliers, Insights, Tools and More...

Become part of North America's largest and most active network of B2B buyers and industrial/commercial suppliers.

Select From Over 500,000
Industrial Suppliers

Find and evaluate OEMs, Custom Manufacturers, Service Companies and Distributors.

Receive Daily
Industry Updates

Stay up to date on industry news and trends, product announcements and the latest innovations.

Search Over
6 Million Products

Find materials, components, equipment, MRO supplies and more.

Download 2D & 3D
CAD Models

10+ million models from leading OEMs, compatible with all major CAD software systems.
Start Sourcing Suppliers Claim Your Company Profile ico-arrow-default-right
Cookie Policy
Close
Thomas uses cookies to ensure that we give you the best experience on our website. By using this site, you agree to our Privacy Statement and our Terms of Use.
Accept