Remote Access Makes New Connections

Connect Four.. or More Machines and Share the Data. With Internet and Cellular Technology, You Can Monitor and Manipulate Machines From Just About Anywhere

November 2011 IssueWith new 4G technology and cellphone apps, cellular connections now rival the speed of hardwired connections. This new equivalence is encouraging industrial machine and robot builder OEMs to use cellphones for remote access, both via browser and apps.

"I do design work for several machine builders," says Matt Youney, owner of Youney Instrumentation and Control Systems Engineering in Lake Worth, Fla. "I have projects deployed all over the world. This morning, I was making updates to a semiconductor die-handler machine in Switzerland while drinking my coffee in Florida. With remote access, my customers can't tell if I am in my office, or on my sailboat in the Florida Keys."

Welcome to the new world of industrial telecommuting. Remote access to machines and robots has been available for at least 20 years now. It started with dial-up phone service from an OEM's home office to a customer site. It graduated to hardwired Ethernet/Internet connections, and now cellular technology and smartphones make it possible to work from just about anywhere.

"As a contractor without remote access, I wouldn't be able to do my job efficiently," Youney reports. "My customer base would be limited to local customers, most of which moved abroad in the past 10 years. I need these tools to compete in the global economy, and hopping on a plane to fight a fire is really a last resort." For more on how Youney works remotely, see "Machine Control From a Sailboat."

To Phone or Not to Phone

Dan McGarry, IT administrator at Komax Solar in York, Pa., agrees with Youney. "We have customers all around the world, and by using a remote solution we save time and money by providing instant support from our headquarters to any of our customers' locations," he explains. "No travel time is needed, and there's a minimum impact on customer uptime, very important in the competitive solar-panel-producing market." Komax produces custom-built machines for the solar industry, specializing in thin-film and crystalline technologies.

Although everyone we spoke to for this article praised the benefits of remote access, there appear to be some different preferences on whether to use the hardwired or cellular connections. Komax, for example, prefers the hardwired links provided in a Phoenix Contact solution. "The remote connectivity is a hardware VPN," McGarry explains. "It doesn't route through an HMI or PLC; it just goes from router to router via Internet VPN. We use a web browser interface to interact with machines from HQ, and use the remote connection to upload PLC updates, monitor the HMI, and make adjustments to the programming. In the event that a customer has an issue, we use the VPN to check machine status and determine if a technician must be sent out."

Prism Systems, a system integrator in Mobile, Ala., builds control systems for clients around the globe. "Many of our projects are either very complex or are in locations with limited local support," says Keith Jones, principal at Prism. "These systems present support challenges, especially when your office and the customer's site are on different continents."

Prism uses security modules to connect to PLCs over Ethernet. "The platform allows us to use one module at our office, and connect to a maximum of 128 remote devices," Jones reports. "This definitely has changed the way we handle support, making overseas work more manageable." For more on how this works, see "Secure Access."

On the other hand, Joel Froese, owner/operator of Red Bank Hydro in West Columbia, S.C., likes to use his cellphone for remote access. "A remote HMI app from AutomationDirect allows me to check the status of the machinery at our hydroelectric plant from my iPhone even when I am away from my computer," he explains. "I feel the future has arrived as I can even start up or shut down the plant from the road."

Although some remote access systems are extremely expensive, the iPhone app is dirt cheap, Froese says. "The HMI screen scales perfectly to the iPhone screen in any orientation, and built-in safety features ensure that I don't accidentally push the wrong button, so it's well worth the $4.99 price."

App access is cheap, but smartphone browser-based access is free, so why use an app? "We already had browser access to this information through the built-in web server in the HMI," Froese explains. "But the iPhone app now allows us to control the plant via the on-screen buttons, so we can now start up and shut down the system just as if we were standing in front of the HMI."

Froese says remote browser access gives him a snapshot of the HMI screens, and is valuable for monitoring the plant from any computer or other Internet-connected device. "The iPhone app, on the other hand, gives us a live view of the screens, meaning we can see monitored variable change in nearly real time," he says. "However, the larger difference between browser access and the iPhone app is that browser access is by definition read-only, while the app allows us to push buttons and spin dials, controlling the plant remotely."

Mark Gentry, an engineer at Samuel Jackson, a builder of moisture control systems in Lubbock, Texas, says remote access is very important for his company's business. "For remote connectivity, we use an on-demand VPN connection," he says. "Our technical staff can access customer sites from any Internet connection, and our customers can access their own plants using the same VPN from anywhere, including their iPhone (Figure 1)."

For Samuel Jackson, whose clients are primarily in agriculture, such access is vital. "Remote diagnostics and monitoring can be huge in an industry where our customers literally make all their income for the year in just a few weeks," Gentry explains. "When your entire year's income is made in 6-12 weeks, the cost of downtime takes on a whole new meaning." For more on how Samuel Jackson uses remote access, see "Remote Access Down on the Farm."

Jordan Wiens, managing partner at Xenon, a system integrator in Irvine, Calif., is another cellular believer. "Our remote connection method uses cellular-based VPN modems," he explains. "The modems create a dedicated connection to a main server that performs all the necessary tasks and hosts the information on the web. Operators and customers can use any web-enabled device to view the data."

What About Security?

The recent scandal in England, where reporters hacked into the cellphones of celebrities, raises the question of security. How secure are remote connections? Apparently, it's quite easy to hack a cellphone. How-to instructions are on the web, and hackers have been getting into Internet sites for years.

"Obviously, the single biggest challenge to remote access is security," says Mark Lochhaas, product manager at Advantech. "Any IT person knows that spoofing an Ethernet connection is easy, especially a public WiFi connection. Tools to accomplish this are readily available, so even an amateur can sit in a restaurant equipped with WiFi and tap into almost anyone's connection."

Most systems today are vulnerable, he adds, and remote access increases that vulnerability by orders of magnitude. "Cybersecurity has become the biggest perceived threat to remote access. It's important that remote access be engineered carefully by qualified resources and proper evaluation be used to ensure there is adequate ROI."

Greg Garmann, technology leader of software and controls at Yaskawa America, agrees, saying, "Many customers have a VPN connection to their local area network that provides security. One also can implement security through cloud computing by giving rights to the application running on the device. This gives access to the data to anyone using an iPhone, iPad or other computing device with the proper login and password."

Security can be a challenge for smaller end users, notes Nathan Eisel, application engineer at Beckhoff Automation. "Many of the smaller job shops don't have a fully staffed IT department, so security might consist of an Internet router that uses port address translation (PAT), a firewall and initializing the connection from the machine or robot by the operator," he explains. "At the other end of the spectrum, a large corporation has a large IT staff as well as highly engineered and structured network architecture. In this case, an OEM requires the customer to open up a path from the outside world to the machine or robot. As one would expect, many security policies and considerations must be taken in cases like this, which can become difficult. Some OEMs have even ended up using a cellular modem to avoid corporate IT security and policies."

Working with corporate IT isn't easy, Wiens says. "In a world of viruses and zealous IT folks, we've had difficulty proving that our technology is secure and can be integrated into the customer's existing IT infrastructure," he laments. "Xenon provides different forms of security to meet the needs of IT people."

Dan Schaffer, network solution engineer at Phoenix Contact, agrees that implementing security can be a pain. "While they are very simple to use, IT technology and network settings can be a little intimidating to plant managers and control engineers," he notes. "And we all know that plant and IT departments don't always have the greatest relationship, so the plant people don't always ask for or get IT help."

The Rush to Remote

Some machine OEMs take remote access a step further and offer preventive maintenance options. "Machine builders can remote in to the equipment on a fixed interval to review operations," says Michael Miller, supervisor of field applications engineering at Yaskawa. "They then use the collected data to optimize machine performance, and to advise when and where maintenance is required."

Another supplier concurs. "Remote configuration and asset-management functions allow machine builders to reduce onsite labor costs," notes Daniel Liu, business development manager for data acquisition and control at Moxa Technologies. "Machine builders also can use remotely collected data to build system performance trends. With these data, machine builders can optimize their equipment and improve machine efficiency. As a side benefit, this can be sold as an add-on service."

Greg Philbrook, HMI/communications product manager at AutomationDirect, adds some caveats. "Many suppliers now offer iPhone and other smartphone apps that allow remote access and control of their devices," he says. "These apps make use of virtual networking computing utilities, or are custom-designed to communicate with the manufacturer's device through supported protocols."

But it's not easy, Philbrook says. "Developers have to increase hardware, software and protocol performance levels to reduce the latencies that can occur over remote connections, allowing users to operate with minimum frustrations," he cautions. "OEMs must consider remote connections when designing projects that run on the devices. Reducing the amount of data transfer that occurs with programs running in PLCs and HMIs should be a goal if remote connections are a possibility."

Finally, Philbrook notes, "When designing the application software projects, the OEM must also consider the device that will be used to connect to the remote controller. If a mobile phone app is to be used, the screens should contain fewer objects to offer better operability on small devices such as iPhones."

Remote access provides many benefits to OEMs and their customers, and suppliers are responding by giving many options for remote connectivity. Local hardwired connections to the Internet can be difficult to install and expensive in terms of monthly fees, making cellular access a more attractive option for many applications. Whatever the means of access, security is always a primary issue, followed closely by cost and performance.