Interested in linking to "Remote Access: No Travel Required"?
You may use the Headline, Deck, Byline and URL of this article on your Web site. To link to this article, select and copy the HTML code below and paste it on your own Web site.
Global system integrator Maverick Technologies, headquartered in Columbia, Ill., leverages remote access to service clients and ease internal work. "In addition to the more mature areas like wireless tank gauging, SCADA and other remote concepts, we've made heavy use of the PC's remote access capabilities on newer control systems," says Chad Harper, Maverick's director of technology. "Internally, we utilize remote access to our internal development PLCs and DCSs, which allows for expanded capabilities in training and project support. We have several clients where we perform project and maintenance work directly in their control system through dedicated PC-to-PC connections. We also provide network monitoring services for clients who have too many remote facilities to support adequately in person."
Meanwhile, Malisko Engineering, a system integrator in St. Louis, has used remote access for 10 years, so it's in a good position to summarize its advantages. "Remote access to industrial automation systems has proven to be an extremely cost-effective component of a plant's support system," says Dan Malyszko, senior systems engineer. "Getting a process line back up and running in minutes rather than hours by giving technical support resources via remote access can help a plant avoid thousands of dollars of downtime. Another benefit is reduced costs when making control system programming changes. Depending on the nature of the programming change request, travel costs can be eliminated entirely when performing the work via remote access."
Challenges Can Thwart Remote Access
Two major and related challenges face engineers who want to employ remote access: security concerns and their own IT departments.
Hackers are getting so good these days, they can penetrate a control system through any port — including even the maintenance port of a UPS. Users need to be very careful. That's where the IT department comes in, for better or worse. "Due to NERC/CIP requirements, we're seeing some of our customers moving us to a secure VPN, only allowing access to PCs a layer removed from the control network," says Lopez of Nor Cal Controls. "While still extremely helpful, it's less functional than being directly connected to the control system."
In some cases, bypassing the corporate IT system is the best option. "In one operation where we could not access the analyzers from the corporate network due to IT policy, we installed a phone line and a modem directly in the analyzer cabinet for dial-up access," says Dave Taylor, system engineer at Process Engineering Resources (PERI) in Salt Lake City. The company makes X-ray fluorescence (XRF) analyzers for the mining/mineral processing industry. The analyzers are used to perform elemental analysis of slurries in ore concentrator operations, often in remote areas that are difficult and time-consuming to reach, so remote access is crucial for providing timely support.
Or you can have your system integrator or control system vendor take care of it. "Our primary remote access technology is via a secured VPN connection using a Cisco adaptive security appliance or similar hardware," Malisko Engineering's Malyszko says. "Oftentimes, we procure, install and configure VPN hardware for our clients as an option to the base cost of a project."
James Burnand, director of the Mid-Atlantic region for Grantek Systems Integration, uses remote access technology from several vendors, and he advises limiting remote access to just the control system. "To maintain strict control of remote access, it's best to keep automation and control protocols at home in the manufacturing zone. Limiting the protocols to this zone helps ensure that the automation and control devices are communicating with known devices and applications, with user authentication and role-based authorization."
Apart from security issues, other disadvantages of remote access include slow display updates over wireless connections, loss of communications at critical times, and the need to use a PC or PAC that supports Windows-based software and Ethernet connections.
In spite of these disadvantages, end users are climbing aboard the remote access bandwagon faster than they've adopted any other technology we can remember. Today, any company that doesn't offer remote access to its automation systems is behind the times.
Optimize Operations From Afar
Control systems at each site are based on Emerson Process Management's DeltaV systems and PLCs with T1 connections over a VPN to all facilities. The engineers connect to each process through a VPN, using tools such as Remote Desktop, iTap and pcAnywhere. "We're able to access the system via PCs, tablets and even smartphones," Cox says.
When using a thin client, licenses from Microsoft and Emerson are required. "We dedicate at least one license for corporate use at all sites," Cox explains. "Other licenses are available to plant personnel. We have browser access, using third-party graphical interface tools as well."
Remote access has simplified life for engineers. In a batch operation, certain events only happen once per batch. In the past, engineers would come in at odd hours, or work very long hours to see these events. "With remote technologies, we're better at optimizing processes," Cox says. "Engineers can periodically check status and make adjustments from anywhere."
This is an excerpted version of the article "Remote Access Goes Mainstream" that first appeared in Control in April 2012.