Remote control: Get behind firewalls—securely 

Virtual IP infrastructure technology provides OEM access.

By Control Engineering Staff May 8, 2008

Whether you’re a machine builder who has to support your customers or a plant engineer who has to manage far-flung machines, network security can be an obstacle. Of course it’s necessary, but when the corporate firewall requires you to jump through hoops—or jump on airplanes—in order to get your job done, it’s a nuisance. Fortunately, the same Internet technology that lets your son talk with a friend across town can give you access to a machine across a continent.

Virtual IP infrastructure products enable remote access via the Web while addressing the security concerns that inevitably come up. The IT community created firewalls to prevent unauthorized access to systems, and now has created powerful platforms for application services that allow access to installed equipment residing behind firewalls.

“There have been many advances in embedded management of today’s automation/process control equipment,” said Dave Boulos, vice president of product management at ComBrio, a Westborough, MA, provider of virtual IP infrastructure. “Coupled with the adoption of Industrial Ethernet as the standard for SCADA inter-device and inter-vendor communications, this has opened up the opportunity for plant managers to improve productivity and increase uptime by leveraging a centrally located or distributed resource pool to monitor and service plant network segments remotely.”

“Manual processes and the complexity of managing remote connectivity have affected the adoption of IP-based remote automation network management,” said Boulos. But his VSI automation and control product and others address the problem. The products enable secure remote monitoring and management of SCADA elements and applications such as programmable logic controllers (PLCs), distributed control systems (DCSs), and master control units (MCUs). “There is no need for virtual private networks (VPNs), dial-up lines, or specialized demilitarized zones (DMZs) to protect the automation and process control networks from corporate and external security risks,” Boulos added.

Despite the challenges, machine builders and others responsible for product support programs are finding the rising costs of in-person service are making such

Micky Long, research director in thehave hindered wide-spread adoption. These include integration with existing systems, difficulty of deployment, and security issues.” According to Long, the average expense of rolling a truck to service customer equipment is $209 per incident. OEMs with a staff of 50 technicians, making three onsite service calls daily, can reduce the number of calls by at least 30%, saving $2.3 million or more annually.  RPS can also help increase equipment uptime by 13.5%, and decrease mean time to repair by 14.1%, said Aberdeen

Long cited the Lantronix ManageLinx application services platform and VIP Access application as providing secure, easy-to-deploy remote Internet access to virtually any piece of networked equipment behind firewalls. “Overall, we believe that the approach Lantronix is taking with ManageLinx represents a giant step in the right direction,” he said.

ManageLinx utilizes the Internet to create a virtual device network (VDN) that allows access to only authorized equipment—without visibility to any other part of the network or compromising IT policies or firewall integrity. ManageLinx reportedly does not require any changes to the network hardware or configuration. Jerry D. Chase, president and CEO of Lantronix , said, “ManageLinx provides a highly reliable and scalable platform that will allow us to introduce additional applications in the future via software keys.”

The initial ManageLinx offering consists of the Device Services Manager (DSM) and the Device Services Controller (DSC). Acting as a publicly accessible VDN router, the DSM manages DSC units on the local area network (LAN) at each location. The DSM serves as a proxy connection point for participating DSCs and relays connections between user hosts and destination devices. It also offers a Web 2.0-based management system for all configuration and control. The DSM administrator can configure individual devices, set up automated device discovery on remote networks, perform automated monitoring and enable secure access to any device visible to a participating DSC. Combining ManageLinx with Lantronix SecureLinx line of IT management equipment, administrators can also remotely access servers, PBX (Private Branch eXchange) systems and other IT infrastructure assets.

ComBrio’s Virtual Service Infrastructure (VSI) 4.0 is the latest generation of the company’s secure remote monitoring and management software. Its new Transparent Management Channel (TMC) module allows managed service providers to poll for native status, statistics, or alerts from remote devices without the need for a dedicated or persistent connection such as a VPN or agent placed at the end of the customer’s network. According to ComBrio, managed service providers can use VSI to leverage their existing investment in “best of breed” network managed applications such as HPoV, Tivoli or any proprietary applications that perform management and maintenance through the retrieval of information from managed devices. TMC allows for the extension of these capabilities beyond the boundaries of a local LAN to include management of devices behind customer firewalls.

—edited by Renee Robbins , senior editor, Control Engineering Daily News Desk[www.controleng.com][renee.robbins@reedbusiness.com]