ACE Blog

Not Being There for Your System

Written by David Erby | May 13, 2020 4:00:00 PM

There is no question that COVID-19 has radically (and abruptly) changed the way we approach everything from buying toilet paper and caring for our kids, to work meetings and handshaking. No doubt about it, keeping our distance is probably a new societal norm that will impact how we interact with each other from this point forward.

But how does this concept extend to a power plant or a manufacturing facility? Many of our customers fall into the category of an Essential Business and have found themselves in the position of having to maintain their operation, while ensuring that critical personnel are protected. We have seen our customers take various steps such as having process and systems engineers work from home, changing shift schedules to encourage social distancing among operations personnel, prohibiting contractors from being onsite, or some combination or variation of these.

Social distancing means that more process and plant support personnel are not at the site.


The questions then arise: How do engineers continue to support the control systems? How do the business leaders get access to production information?

If you are part of a larger company, you are probably in good shape. Many have an infrastructure that includes a secure VPN connection that provides access to not only the business systems, but also some level of the plant floor. Usually this involves being able to see plant floor data and reports, as well as having access to the development systems for remote troubleshooting assistance. And now with many software vendors, such as Rockwell, GE, and Wonderware, offering extended trial licenses of their web-based SCADA software, seeing the what the operators are seeing is as easy as installing some software on an existing server.

But if you are not part of a larger company, then your options may seem limited. Maintaining security is still paramount but scaling up to an infrastructure that the big companies have will take time and money. It is likely that you have an immediate need to provide support personnel or contractors with the ability to access equipment at your site, but health or transit time concerns limit their ability to be at the physical site.

Fortunately, there is a class of industrial VPN devices that are relatively easy to setup and can help connect your critical external resources with your systems. The companies that offer solutions include Automation Direct, Ewon, and Phoenix Contact. The solutions offered by these companies include a cloud-based VPN that generally does not require additional firewall configuration. This is because the connection is outbound over TCP Port 443 to establish the connection which is like what you are using to view this blog. The connection that these gateways make are similar in concept to video conferencing where the cloud manages the exchange of data. Additionally, these devices are available in various models for connectivity over wired Ethernet, wireless LAN, or Cellular network.

For all these reasons, devices like this have had the attention of machine builders for many years. Adding these systems to a panel has been a cost-effective way of providing support to all their customers remotely versus the sending a tech into the field every time there is a problem.

Security is addressed differently across these solutions but some of the features that are offered include:

  • Mutli-factor authentication (MFA)
  • Secure web connection
  • Ability to turn the connection on and off at the site
  • End-to-end encryption

For a smaller manufacturing site, these devices can provide the remote connection that is needed by those who support your systems while reducing the exposure of your operators and other critical onsite personnel.

If you would like to discuss this topic further or have questions on how you might use this kind of technology, feel free to contact Applied Control Engineering.