PLC remote communications

R

Thread Starter

rookieca

Hi Gents,
I have been tasked with communicating with remote controllers, which itself is not really an issue, AB CompactLogix, with 9300-RADES.

However, the customer ties all of their units to their network. They won't allow us to get on their network to see the machines. I'm working on some ideas but need some good ones!

Thanks
 
You might want to google COSY141 VPN router. I switched from 9300-RADES last year and haven't looked back. It sets up a VPN tunnel to your control system and doesn't require any special settings on customer's firewall. VPN tunnel keeps them from messing with your stuff and you from messing with their stuff.
 
I'm not surprised that a company doesn't allow unfettered access to their business LANs and control systems remotely by a third party.

The company I work for uses a Citrix application to present the control systems (CS) to their business LAN (a GUI or RDC or whatever). The CS to Citrix connection is secure, point to point and DMZ/firewall protected.

Access to the Citrix application from the business LAN is also secure and limited to named individuals or groups using standard business LAN authentication methods (we use a smart card & PIN).

Third parties, such as vendors have company credentials and a securID token that allow them to VPN in to Citrix and access the Citrix application (and nothing else).

A bit long winded but probably necessary as many CSs and plcs don't have much in the way of access control/authentication and all that malarkey.

You really, really don't want anyone messing about with your business LAN or control systems, especially someone remotely and potentially bypassing all the controls you have in place...
 
J

Jeremy Pollard

Respectfully submitted, check out Route1 MobiKEY... DHS-level security, and doesn’t require any IT involvement since port 443 is probably already open on the firewall..

This will get u to the common PLC support computer tho, not to the PLC
directly...

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change
www.tsuonline.com

‘I DID’

Manufacturing Automation  www.automationmag.com
 
G

Gerald Beaudoin

> The company I work for uses a Citrix application to present the control
> systems (CS) to their business LAN (a GUI or RDC or whatever). The CS to
> Citrix connection is secure, point to point and DMZ/firewall protected.

Can you tell me the name of that Citrix application?
I would like to check that out a bit more

Thanks
 
Citrix XenApp. It is a very powerful and easy to manage application delivery securely in about any environment.

> Can you tell me the name of that Citrix application?
> I would like to check that out a bitmore

>> The company I work for uses a Citrixapplication to present the control
>> systems (CS) to their business LAN (a GUI or RDC or whatever). The CS to
>> Citrix connection is secure, point to point and DMZ/firewall protected.
 
I'm kinda keying on your use of 'units' in this post as an indicator of power generation, so I'm hoping I'm wrong....

If this is power generation example, your client may have a reason for NOT allowing you access, and that reason is regulatory requirements under NERC CIP.

Specifically, NERC CIP-005 requires that owners create an Electronic Security Perimeter around their systems, and not allow unnecessary access. By installing a cellular modem, or some other form of remote access, you may be violating this perimeter.

A quick look through the violations area of NERC's website, a CIP-005 set of violations can run between $20,000 and $300,000, depending on severity and duration. See for yourself: http://www.nerc.com/pa/comp/CE/Pages/Enforcement-and-Mitigation.aspx

If you work in electric power, you really need to protect your client (and YOURSELF) by being open with them about the need for remote monitoring and allow them to make the decision on how best to do this, especially if there are regulatory consequences.

Mike Toecker, PE
Digital Bond, Inc
 
Top