Programming A Plc Over The Internet

[Chris Elston 78]

I've almost got my own question answered but I figured I'd think out loud. I am designing a machine that is located in another state: me --->internet--->other plant--->my provided router--->their internal network---->SLC 5/05 I am pretty sure all I need to do is convice the customer to give our supplied router a dedicated IP address. So the way I see it: I will start RS Linx, connect to the internet, enter the IP address of the router that we supplied, and the same router will have a real world internet approved IP address that my customer assigned. Inside the router, NAT will be enabled, which will direct my request from the router, to the SLC 5/05 which has an IP address of 192.168.0.1. This is the companies internal network IP structure. But what if the company can not provide a dedicated IP address for my router? What other options do I have then? My customer has already strictly said, no dial in modems...a little wierd, but that was the request. So without the aid of a dial in modem, what other options do I have? Actually they asked that they did not want a dedicated phone line to the PLC, but they did not say I couldn't VPN into there network with my modem. So I guess my second option would be use my own dialup modem and VPN into their internal network, provided that the IT person will create a VPN account on their domain controller server. However this option is not using the internet... Is there a third option? I've heard something like using RS Linx Gateway, what does this product gain me? Anything?

[Guest Controlsguy3]

I usually use PCAnywhere to communicate remotely to an onsite workstation which, in turn, is connected to the PLC network either via Ethernet, DH+ or DF1. This would also work over the Internet. I have also done one application using cable modems and Linksys router/hubs to SLC5/05 PLCs using NetMeeting.

[Guest Anonmyous Guest]

The best solution to problems such as these is to shoot the IT weanie(s). Before they hit the ground, tell them it was for the purpose of plant production and a layoff seemed rather impersonal.

[Ken Roach 194]

Here's how one of my customers has done this: 1. Home/Office PC with dialup or broadband Internet access. This is the PC with RSLogix and RSLinx on it. 2. Netopia DSL Router. This connects to the client's DSL Internet service and provides three dedicated Internet IP addresses, and provides routing services for the internal network. 3. SonicWall SOHO3 VPN Appliance. Provides NAT translation for internal PC's to access the Internet, and provides an encrypted IP tunnel to the Home/Office PC in Step 1, using a software VPN Client program at that home PC. Once we overcame a configuration glitch in his A-B controller (no Default Gateway address configured) this worked like a dream. His client was helpful because they let him dedicate one of their external IP addresses to factory automation use, and in return he implemented a secure system by using a VPN appliance.

[Ken Roach 194]

A separate post to keep the reading light: I think the preferred method for this sort of Internet access to automation networks is to use a VPN Appliance. You can use software VPN from vendors like CheckPoint and Microsoft, but as our Guest pointed out, it's often best to not depend on the IT weenies. At least once a month I have to go to our in-house IT administrator because one or more of my accounts has been disabled, lost, or shut down during maintenance. Hardware VPN can be cheap or it can be expensive; the SOHO3 device I mentioned above runs about $3000 with licensing and support. A home router/VPN applicance from Linksys can be as cheap as $70. It does take some study to be sure you can always get into your VPN from outside while still keeping out hackers and intruders. I think it's worth it because VPN can dramatically reduce your travel costs and reliance on on-site personnell, and it tends to comfort the IT weenies to the point where they will not demand absolute control over your automation networking.

[panic mode 246]

We are using PC Anywere as well. It does work but it is way too slow - even on most basic 100Mb ethernet network (with two PCs only). (Honestly, MS NetMeeting is faster on 28.8kbps connection.) What else is out there? panic mode Edited 23 Feb 2003 by panic mode

[Ken Roach 194]

That's what I like about the VPN method that lets me keep my logic software local to my PC, not at the customer site; the traffic is just PLC data, not video and keystrokes. It doesn't require a dedicated PC and Logix license at the customer site, either.

[Guest Guest]

We use a program called Remote Administrator. Very small works similar to PcAnywhere, without the bells. Site PC is only connected when access is required. ie You must ring controllers first to log your intent to access.

[glaverty 1]

VPN is the way to go, it's fast, easy and secure. Last night I got a call from one of the maintenance guys that one of our machines wasn't working. I told him to give me five minutes and call me back. In that time I booted up my computer connected to the internet via dialup, VPN'd into the corporate network and then connected to my PLC. I had the problem figured out before he called me back. Now I can't tell you how it works, but I think Ken gave a good idea of how you can set one up. But I can tell you it is nice and saved me the hassle of having to get dressed (because I was sleeping) and drive 25 minutes into work to fix a problem that took less than a minute to diagnose.

[glaverty 1]

Plant Engineering had a good article about Building a Secure Network and they talk about VPN. You can check it out here: http://www.manufacturing.net/ple/index.asp...te=02%2F01%2F03

[Guest Guest]

Although the technology does exist to provide safe and relatively secure connections to a control LAN via the internet using any of the above mentioned portals. Keep in mind that larger companies, operating under insurance requirements, might not be able to accept this type of access and still maintain their carrier policies intact. A small 'accident' occuring 'off-site' via a dial-up line (or other), resulting in production loss, equipment damage, or loss of life and limb; could result in a carrier dropping a company. This risk is to great for most sizable manufacturing companies. So... maybe it's not a question of it you can, but, if you should.