Remote access to PLC over Internet via VPN

Problem description

The company for which we have realized the project is mainly engaged in electrical installations, configurations, startup, debugging and monitoring of air conditioners in various facilities such as drug stores, hospitals, sterile environments, etc. The above-mentioned PLCs are used to control the air handling systems in these areas, which must be installed and properly configured. After the first start-up and initial debugging of all variables, over time there were requests to modify some parameters and so on. Before designing our solution, it was necessary for the responsible person to travel to the installation site and to remedy the problem, regardless of the time, distance and complexity of the operation. Often times these were trivial situations that were resolved in a few minutes. Therefore, there has been a demand to propose a solution that eliminates the need for such interventions.

Requirements

  • access to device from anywhere and anytime
  • security (let's imagine what might cause the attacker to control the air conditioning of the drug store)
  • flexibility
  • in-house solution

Solution

After consulting and understanding the issue, we came up with the following solution.

We used the VPN server / VPN client architecture to connect a PLC that has a built-in Ethernet port.

VPN Server

Since the customer may only have dsl connections, we recommended that they obtain a fixed IP address available from the Internet for that connection. Another element of the VPN server consists of a router that takes care of dialing dsl, network, routing, VPN services, packet filtering and the like.

VPN Client

The VPN client is also made up of a router capable of dialing a secure connection and thus creating a secure network tunnel. When designing, we took into account the fact that it was not always possible to provide an Internet connection to the PLC at the place of the air-conditioning. We've solved this problem with mobile internet. The device is able to use such Internet (usb modem with sim card) without problems and connect. Subsequently, we also created a vpn access to the client, which enabled it to realize the configuration of the PLC device almost immediately and from any location.

Summary

  • time and money savings (no need to travel)
  • flexibility
  • 24/7 device monitoring
  • low implementation costs
  • security
  • possibility of remote device management
en_USEnglish
sk_SKSlovak en_USEnglish