The need for security isn’t that apparent until part of your network or privacy is compromised....
Remote Routing with eWON: An Automation Engineer’s Perspective
So you have a machine with a few PLC’s and HMI’s talking over Ethernet. You’re good with that. But that machine is shipping to the North Pole, and you really don’t want to go there every time an elf mis-aligns a prox. So you’ve added an eWON remote routing device to your system so you can log in to monitor and download without getting on a plane or dog sled.
I’ve seen some engineers get amped-up with eagerness at the thought of tweaking-in VPN connections and such. If that is you, read no further. This is for the rest of us who could use a short overview on how eWON remote routers do their thing by touching on some common networking questions we field. Simply put, the router’s job is to create a secure path between two networks so that your PC can talk to a PLC on the other side of the world. There are a few points to clarify before moving on from here…
LAN: the Local Area Network. This is the side to which your PLC is connected. Think “Local” to the PLC.
WAN: the Wide Area Network. This side connects to the plant network and eventually to the internet, where it connects with your PC on request.
Remember that the LAN is local to the PLC/HMI grouping on the machine. This is portable. You set it up before shipping and should never have to change it. It is the network address range that you set your PC Local Network Connection to match before connecting to the PLC when it is right there in front of you. Generally, it is a closed system comprised of your machine group where all devices share the same “XXX.YYY.ZZZ.nnn” address range with only “nnn” differing between the devices.
The WAN (Wide) connection is the side that ultimately faces the web. This can be a wired or WiFi connection. Plants have differing levels of lockdown in these networks (especially with WiFi), but generally still allow outbound connections to the internet on the ports that the eWON uses. Here, you set the WAN side of the eWON to auto-configure each power-up, known as DHCP (dynamic addressing). All that means is that when the eWON powers up, it reaches out via its WAN port to the plant network and is assigned an IP Address by the server. Once that is done, it is a member of that network and can play by the network rules to connect to the internet.
A large consideration here is that this WAN IP address MUST be different from the one on the LAN side, or else the eWON Cosy 131 LAN router cannot route. Keep that in mind when defining your PLC addressing scheme… try to get away from 192.168.0.n, .1.n, or .10.n as these are default settings for 80-95% of the network routers in the world (remember the last time you setup your home router?)
In more rare occasions, the customer/plant network (WAN) is more rigid. The dynamic addressing setting (DHCP) will not work, but rather the server has a listing of fixed (“static”) addresses that are pre-defined. In these cases, the plant’s IT department must be involved in setting up the WAN side of the eWON, as they will assign a fixed address that you must match.
Time for an example:
The eWON Cosy 131 WiFi has a 4-port switch that lets your PLC’s talk over the LAN to one another, say on the subnet 192.168.105.nnn with Mask 255.255.255.0. For the eWON, nnn=131. For PLC#1, nnn=20. For PLC#2, nnn=21.
On power-up, the eWON (set for DHCP) asks the plant’s server for an IP address, which it gets as, say, 192.168.12.161. This address is the WAN address, and lets the eWON join their company network but has no effect on the LAN (PLC) side. The eWON sends an occasional outbound ping over the WAN/internet to the eCatcher server to let it know it is online, and what IP address it is presently assigned. This is generally irrelevant to you. The Plant server could assign it a different address tomorrow, but that all gets resolved behind the scenes at the eCatcher server.
When you want to check on the machine, you log into your eCatcher account, and connect to the machine via a VPN (Virtual Private Network) connection. This is a secure connection. You then launch your PLC software on your PC and connect to the PLC (behind the scenes, eCatcher and the TAP Adapter do some network management to generally make this seamless).
Above, you see the LAN address as 192.168.105.131. That is the LAN setting of the eWON which is local to the PLC’s. You also see a 10.95.178.0 address. That is for the VPN management.
If I log into this particular eWON, I can press the “i” for information shown above. I can then see the COSY131 set for a WAN address of 192.168.12.161 as assigned by the plant network (or, in this case, my office WiFi network).
If for some reason you had to change the IP Addresses of your PLCs in the field after you had configured the eWON the first time, don’t forget to change the IP Address of the LAN side of the eWON (using eBuddy, onsite), and then update the properties of that eWON within your eCatcher account.
And finally, if your installation requires the Subnet Mask (or Network Mask) to be something other than 255.255.255.0, you’ve got an added twist. I can’t fit that into this article, so in that situation just be aware that it does affect addressing, and you’ll have some additional reading to do.
eWON at the ACD Online Store
As you can see, the eWON range has a lot to offer in terms of remote routing and other communication accessories. The eWON Cosy line mentioned in this article also includes a Cellular connection option to fit your application's needs. Fast and flexible remote access through an eWON Cosy increases uptime and saves on support costs.
Now you can find eWON's Cosy 131 series and other popular communications tools like the eWON Industrial M2M Router and Gateway at the ACD Online store. Learn more about specifications and features, download the Cosy 131 guides and data sheet, and order industrial networking solutions online. Visit the store and choose the best solution for your needs:
Learn more about the eWON Cosy:
Download the eWON Cosy Brochure
Request a Demo of eWON's New Cosy 131