Smart manufacturing capabilities should be built into machines, particularly those with advanced functionality such as motion control. Even if the factory is not currently connected to the Industrial Internet of Things (IIoT), it’s a good bet that it will be in the future. Fortunately, it’s becoming easier to connect, monitor, program, and maintain machines and motion control systems using cloud-based remote access.
A VPN router can be connected to IIoT-ready field devices, motion control systems, programmable logic controllers (PLCs), and human machine interfaces (HMIs). The motion bus remains under the control of the motion controller or PLC, and is only accessible at the system level for remote access. This means remote access won’t affect real-time control, but instead will primarily be used for monitoring and making adjustments.
This article looks at how machines are becoming smarter, and how secure connections to the cloud make it possible to access data anytime, anywhere. The keys to making a machine smart are remotely accessing machines, gathering data, storing it, and making it securely available to only those who need it.
Secure Remote Access with a Hosted VPN
Leveraging the IIoT requires a secure remote access solution to collect, store, and share data. Cybersecurity is more important than ever as threats continue to rise, and as more systems are monitored and supported remotely.
Hosted VPN solutions have become popular for industrial applications because they provide a secure VPN connection, while making setup much easier by simplifying network configuration. A typical hosted VPN solution includes the following components: VPN router, hosted VPN server, VPN client, and connected components. An example network diagram for a hosted VPN solution is shown in Figure 1.
The secure connection between the VPN client and the router is established after the router and VPN client each make a connection to the cloud-hosted VPN server. The router makes this connection immediately upon startup, but the VPN client only connects upon a verified request from a remote user. Once both connections have been made, all data passing through this VPN tunnel is secure.
Most hosted VPN solutions have a free monthly bandwidth allocation for basic operation, and then offer a premium plan for additional bandwidth. Normal troubleshooting and programming needs should fall under the data requirements in the free plan, but data monitoring may require additional bandwidth, depending on the amount of data transmitted over the VPN.
The router initiates communication to the server through an outbound connection through standard ports for HTTPS traffic. This usually requires no changes to the corporate IT firewall, and satisfies IT security concerns. By contrast, traditional VPN solutions require inbound firewall ports to be opened, which is seldom allowed or supported by corporate IT.
Another advantage to a hosted VPN solution is extremely simple router configuration. Since the secure router (Figure 2) will be connected to a predefined cloud server, the router comes pre-configured, requiring only the most basic network information from the user.
Hosted VPN Requirements
For a hosted VPN solution, these requirements should be met:
Single vendor for hardware and cloud service
Web-based platform for configuration
Secure hosted VPN
Customized user permissions
Wireless communication options
Using a single vendor not only simplifies purchase and implementation, but also provides support for the entire system, as opposed to coordinating among multiple vendors. If different vendors are used — for example, one for data logging and another for remote access — it can often be difficult to ascertain which one to call for assistance, with each often blaming the other for any problems. Using a single vendor alleviates these types of issues, particularly if the vendor offers free support.
A Web-based platform provides quick and easy configuration, often as simple as registering an account, configuring and downloading router settings, and installing a secure client on a PC.
Cloud connections must be secure for both data gathering and user access. Proven encryption standards such as TLS 1.2 should be used. Advanced user management, event logging, and two-factor authentication — which requires a second time-based password generated at log-in — are also a must for a secure system. The router’s internal firewall keeps the plant floor network separate from the corporate network.
A router can be leveraged to collect, store, and display the data in a cloud platform. This method requires an advanced router with datalogging capability and a cloud connection. Cloud datalogging typically requires an additional license or subscription from the router vendor to collect and store the data in the cloud.
In addition to a wired LAN option, a remote access solution should include Wi-Fi or 4G LTE connectivity options. Wi-Fi provides a simple access point or client connection, and 4G LTE provides access from remote locations without existing Internet access. An important safety feature for the VPN router is a digital input for a switch to locally enable or disable communications, preventing remote control of a machine during maintenance periods.
The hosted VPN solution gives users remote access to PLC, HMI, or SCADA systems in the manufacturing facility — and ultimately to the motion control system. Advanced routers also allow data forwarding to, and storage in, the cloud. Once in the cloud, this data is available for real-time monitoring via dashboards, and it can also be downloaded for further analysis.
Data Storage and Access in the Cloud
Data storage and monitoring in a cloud platform allows users to configure dashboards using widgets for remote access viewing on their PC or mobile device (Figure 3). Alerts and notifications can be configured to inform uses when parameters fall outside of a predefined range.
Typical data captured from a standalone variable frequency drive (VFD), or from a servo or stepper motion control system, may include running status, forward/reverse direction, speed, fault codes, and commands. Other drive data such as position, position error, output frequency, output current or torque, DC bus and output voltage, and drive temperatures is available and can help with troubleshooting. With a hosted VPN solution, this data is hosted in the cloud by the router vendor, and the data can be accessed by the client through an HTTPS or VPN connection.
An HTTPS connection, accessed by a PC or mobile device, provides access to the cloud data and dashboards, but does not allow for programming or control of the PLC/HMI/motion controller. A VPN connection, accessed only via a PC, allows for programming and control of the PLC/HMI/motion controller, as well as access to cloud data and dashboards.
Smart manufacturing utilizes connected sensors, field devices, motion control systems, PLCs, and HMIs. Depending on protocol requirements, most Ethernet-connected devices can be connected to the VPN router, which can forward data to the cloud for storage. Many smart devices, such as sensors and instruments, have digital communication interfaces such as DeviceNet, CAN, I/O Link, EtherNet/IP, etc. Connections to these devices provide real-time status such as on-off, analog values, and encoder position. Other data provided can include part number, configuration, fault status, and diagnostics.
VFDs and servo and stepper drives also benefit from these digital connections. These connections can be a motion bus coordinating and closing the loop on one or more axes, or something simpler such as a serial or Ethernet link. In either case, the digital communications link provides a means to send many different types of data from and to a PLC or other controller.
While some drives can be connected on a suitable motion control bus — such as EtherNet/IP, EtherCAT, or Sercos — to provide closed-loop motion control, other methods use a motion controller, or the drive itself controls the motion bus network.
Some servo drives can accept data such as position, velocity, torque, and other parameters from a PLC using a Modbus serial interface. The drive, or drives, then provides its own internal motion control.
Many drives allow parameters to be written to or updated from a master controller using Modbus, Ethernet, or other communication methods. Some drives allow a direct connection using some type of Ethernet protocol, while others connect via a serial communication link like Modbus, which can then be converted to Ethernet in the PLC or HMI. A third option uses a protocol conversion module connected to the drive’s serial communication to convert to an Ethernet protocol such as Modbus TCP/IP.
In each of these cases, drive data is available via an Ethernet link — critical for IIoT implementations and connections to HMIs, databases, and the cloud. The protocol for these connections is some variant of Ethernet, and the network can be a wired, Wi-Fi, or cellular connection to the cloud.
Making a motion control system smart requires an IIoT implementation, typically provided via secure, cloud-based connectivity for data storage and access. Although there are many ways to provide this cloud connectivity, the simplest is the one described in this article — a hosted VPN — with hardware, software, and support provided by a single vendor.
This article was written by Jonathan Griffith, Product Manager, Industrial Communications & Power Supplies, at AutomationDirect, Cumming, GA. For more information, visit here .