Remote Access Goes Mainstream

"Getting a process line back up and running in minutes rather than hours by giving technical support resources via remote access can help a plant avoid thousands of dollars of downtime. Another benefit is reduced costs when making control system programming changes. Depending on the nature of the programming change request, travel costs can be eliminated entirely when performing the work via remote access."

Challenges Can Thwart Remote Access

Two major and related challenges face engineers who want to employ remote access: security concerns and their own IT department.

Multiple clients and locations, one source

Figure 3. Dart Oil and Gas distributes data to a wide variety of remote clients using OPC and other technologies.

Hackers are getting so good these days, they can penetrate a control system through any port—including even the maintenance port of a UPS. Space does not permit an analysis of all the cybersecurity problems facing industry today, but suffice it to say that users need to be very careful.

That's where the IT department comes in, for better or worse. "Due to NERC/CIP requirements, we're seeing some of our customers moving us to a secure VPN, only allowing access to PCs a layer removed from the control network," says Lopez of Nor Cal Controls. "While still extremely helpful, it's less functional than being directly connected to the control system."

In some cases, bypassing the corporate IT system is the best option. "In one operation where we could not access the analyzers from the corporate network due to IT policy, we installed a phone line and a modem directly in the analyzer cabinet for dial-up access," says PERI's Taylor. "We have also used satellite-based Internet connections for remote sites."

Or you can have your systems integrator or control system vendor take care of it. "Our primary remote access technology is via a secured VPN connection using a Cisco ASA 5500 Series adaptive security appliance or similar hardware," says Malyszko of Malisko Engineering. "Oftentimes, we procure, install and configure VPN hardware for our clients as an option to the base cost of a project."

James Burnand, director of the Mid-Atlantic region for Grantek Systems Integration, uses remote access technology from Rockwell Automation and others, and he advises limiting remote access to just the control system. "To maintain strict control of remote access, it's best to keep automation and control protocols at home in the manufacturing zone. Limiting the protocols to this zone helps ensure that the automation and control devices are communicating with known devices and applications, with user authentication and role-based authorization."

Maverick's Harper adds, "PC-to-PC connectivity has the advantage of being secure and fairly intuitive. That makes it easier for everyone to buy in to the idea of remote support. For cutting-edge smart phone apps and wireless control system products, such as tablets in the process areas, there are still too many concerns about safety and security for those to be strongly considered in the process automation arena at this time."

Hardware and software vendors offer tools to help uses address some security issues. Ken Eldridge, president of Open Automation Software, explains, "All of our components and services support Windows Communications Foundation. We work with Homeland Security closely to make sure all of our products are not vulnerable to security threats. All of this is done by just utilizing the .NET Framework in the Windows operating system."

Apart from security issues, other disadvantages of remote access include slow display updates over wireless connections, loss of communications at critical times and the need to use a PC or PAC that supports Windows-based software and Ethernet connections.

In spite of these disadvantages, end users are climbing aboard the remote access bandwagon faster than they've adopted any other technology we can remember. Today, any company that doesn't offer remote access to its automation systems is behind the times.