Sign in to follow this  
Followers 0
TimWilborne

Virtual Private Networks

17 posts in this topic

I didn't want to get on a tangent question on another post I was just reading so... What is the advantage of a Virtual Private Network over having your Plant and Office network separate besides cost? You see people having trouble with this all the time. So what are they gaining by doing it?

Share this post


Link to post
Share on other sites
I'm also interested in the reason, as we are in a current battle with IT over this issue.

Share this post


Link to post
Share on other sites
I'm not sure I understand your question, TW. Most applications I've seen for Virtual Private Networks are for a secure link across the Internet into a dedicated process network. Whether or not that process network is linked to the main business network is of secondary importance. I have never seen a VPN used internally to separate process from business LAN's. I've seen VLAN's used for that purpose (a different topic entirely) but not VPN's. In my view these issues are not really a product or technology issue but rather a glimpse of the IT/IS and networking worlds from the controls side.

Share this post


Link to post
Share on other sites
I think Ken pointed you to the right direction: VPN normally used: - to connect 2 business networks via secure Internet link - allow remote users to access business network from rmote location via Internet. VPN creates secure tunnel over the internet that allow encrypted businnes data safely travel over Internet to the business network. Example: Customer connects company laptop to a home DSL network and using VPN client connects to the company business network VPN server so he can have same network resources as sitting one the real network.

Share this post


Link to post
Share on other sites
From what I inferred, I think he meant VLAN. Maybe I shouldn't speak for him, but I did.

Share this post


Link to post
Share on other sites
Ok, I'm probably using the wrong terminology or don't understand what some are trying to do in their post, but it seems some are wanting to use the same physical wire for their plant and office network Is this correct? Whats the term for it? Why?

Share this post


Link to post
Share on other sites
You probably talking about VLAN (Virtual LAN). It is more like sharing same switch between 2 networks, not a wire. I guess some switches/routers will let you share wire as well over VLAN see ENET-AP001 page 2-3 http://literature.rockwellautomation.com/i...ap001_-en-p.pdf

Share this post


Link to post
Share on other sites
So I am getting that the only real advantage is the cost of not having to run the separate network. Is this correct?

Share this post


Link to post
Share on other sites
After thinking about it a little more, I might see a few advantages for doing this on an I/O network. But I still can't understand why you would mix the Plant and Office Networks this way.

Share this post


Link to post
Share on other sites
I do agree with you...however...:) One of the last jobs i did they had a a machine conneceted to the network for remote troubleshooting (It was made in italy and they wanted to be able to download/troubleshoot from there..) The set up was a compact logix with HMI using Ethernet and it had a router built in to the cabinet..IT just plugged in a cable to the LAN from the existing router and gave me the IP addy's to use..after i programmed it i wandered around the plant and set up in an office on the second floor..Plugged my lap top in started RSlinx and There was the PLC..Its kinda cool knowing that no matter where i was in the plant i could connect but a little scary to know someone can take control and program without seeing the machine.. I guess i can see the pros and cons..but i think there are more cons than pros...

Share this post


Link to post
Share on other sites
Did you get your question resolved? Were you referring to VLANs or VPNs? Basically, VLANs are TCP layer 2 options that makes your switch "feel" like they're separate isolated switches. VPNs are secure communication sessions between a host or a network and a foreign network over a shared network (IE computer connected to corporate network over the Internet). ---- Nathan Boeger Integrator, Microsoft Certified Systems Engineer Inductive Automation "Specializing in SQL and web based HMI systems"

Share this post


Link to post
Share on other sites
Yes, I incorrectly used the term Virtual Private Network for a Virtual LAN. I understand the difference now. Thanks for everyones help

Share this post


Link to post
Share on other sites
On 3/16/2006 at 9:10 PM, Wordman said:

I'm also interested in the reason, as we are in a current battle with IT over this issue.

The reason is simple, VPN is a service that protects you from internet threats/viruses and also to unblock BBC Iplayer and other Geo-restricted services.

Share this post


Link to post
Share on other sites
On 3/24/2020 at 6:37 PM, Lindaawilsoon said:

The reason is simple, VPN is a service that protects you from internet threats/viruses and also to unblock BBC Iplayer and other Geo-restricted services.

I agree with you, but know 100 percent, VPN can help you bypass Geo-restricted content, but it will not help you remove viruses; for that, you have to download the Antivirus program. However, I am using ExpressVPN to bypass Geo-restricted, and I am very satisfied with its services and speed, I highly recommend ExpressVPN.

Edited by markophillips

Share this post


Link to post
Share on other sites

Since this thread just was "resurrected"  I want to post a link to a very good article that explains the model that IT has used for years in designing Plant Networks and Business Networks.  It also talks about how the IIOT push and edge computing are affecting the historical model.

https://www.automationworld.com/factory/iiot/article/21132891/is-the-purdue-model-still-relevant

 

Share this post


Link to post
Share on other sites
On 3/16/2006 at 4:09 PM, TimWilborne said:

I didn't want to get on a tangent question on another post I was just reading so... What is the advantage of a Virtual Private Network over having your Plant and Office network separate besides cost? You see people having trouble with this all the time. So what are they gaining by doing it?

I am also interested in the cause, because we are currently in a battle with IT on this issue.

Edited by ulrichneilson

Share this post


Link to post
Share on other sites

BEWARE : This posts generalizes a lot, but the point is valid.

The push these days from IT and Accounting is SECURITY, SECURITY, SECURITY.  And in case you missed my point IT is worried about SECURITY.

OT or Process Control Folks on the other hand are most concerned about PROCESS UPTIME and PROCESS ACCESSIBILITY.   "If it ain't running we wain't making money no matter how secure it is"

The struggle and sometimes unfortunately war is to find the happy medium between these two.forces.

Keep it secure so the evil actors are kept out, but keep is open so the good guys can keep it running.

If you question the committment of the bad guys just google SOLARWINDS HACK.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0