As long as products have had ethernet ports, people have been asking for remote access to them. They believed they could just plug the devices into the internet, and it would all work. At first, there wasn't necessarily a clear path to making this dream a reality without assistance from the user's IT department. IT would need to set up networks and give access through their firewalls, granting the proper access to those who needed it. This raised all types of security and maintenance concerns and the IT departments simply wouldn't allow these holes in their firewalls.
As more software tools became available and internet speeds increased, capable users found ways to give themselves access to their assets. But there was still a catch–one needed a dedicated computer for the system.
With today's products, an operator has numerous options for products that he or she can install into a system that creates a remote access portal without needing to use a dedicated computer. For example, a programmable logic controller (PLC) is something that operators have been striving to remotely monitor and control in the most efficient way possible. Years ago, like other assets, PLC's could only be controlled by dedicating a computer to the system and then logging into that system. Now, products can be used that reach out to a server in the cloud. Operators can then log into that cloud where the two can meet, virtually shake hands, and allow the operator to then control the PLC from virtually anywhere.
This is the same way that many web-based applications, like virtual meetings, work. Rather than punching a hole in the firewall to allow a user in, the devices reach out to a secure cloud where only password-protected users can connect with them and get access. When the product does this, it creates a tunnel through the firewall, giving access only to the PLC and whatever else it is connected to, not to the IT department's network itself.
Remote access has several different types of capability. Remote monitoring is not the same as giving full remote access. The former provides only unidirectional information out of the facility such as sensors and data collection. The latter provides bidirectional information flow, which can then allow control.
Possible Approaches
There are a couple of approaches that organizations can take in order to implement remote monitoring of their assets. Using an IT person/department is still an option. This approach is typically more expensive but is also completely customizable and comes with all the bells and whistles. Alternatively, there are ways to accomplish the goal inexpensively by building a system up from the component level and using various products available on the market that are the building blocks of remote access. A third option that is becoming more popular is taking advantage of products that do all the heavy lifting for the users for very reasonable prices. These solutions contain all the building blocks needed, including the security and cloud portions, while still being simple enough for just about anybody to use.
With this simpler approach, a user only needs to install a small electronic device at their electrical cabinet that has internet access, whether it be through Wi-Fi, a wired ethernet port, or cellular. This approach uses the existing infrastructure of the facility and allows operators to remotely access whatever it is connected to, such as a PLC.
Architecture Options
These small electronic "boxes" have a couple different types of architecture. One follows a "blacklist" type of approach to the remote access it allows. This approach opens up a tunnel through a firewall to the asset, giving access to whatever network it's plugged into. This may just be a network of PLCs, but in some power plants with larger networks, anything in that network will be accessible. The user can then blacklist whichever devices on the network he or she does not want anyone to have remote access to.
The other approach can be considered a "whitelist" style. With this type of box, at the time of configuration, the programmer is specifically defining which assets the device is giving access to. If a device is not configured to be on the whitelist, the individual accessing the network remotely will not be able to control or monitor that device.
Which Approach Is Better?
It's hard to say if one of these approaches is "better" or more effective than the other. It essentially comes down to the nature of the network that is being remotely accessed, most notably, the number of devices that are on the network and the variety of devices being accessed.
For example, imagine there is a network that has 50 assets on it. An operator wants to program the device such that only five of the assets need to be controlled. In this case, there are far more assets that you do not want to give access to as opposed to the other way around. Understanding this, it makes much more sense to utilize a box that is set up to whitelist the assets. That way only a handful of assets need to be addressed and the others are naturally protected.
There are other situations, however, where the aim is to provide access to an operator of most of the devices on a given network. In these situations, the optimal approach is the blacklist box. That way, a programmer only needs to blacklist a handful or fewer of the devices that he or she needs to restrict access to. In this scenario, all devices on the network are accessible except those specified.
The benefits of remote access in power plants cannot be overstated, especially today. In an era where most people are trying to limit human contact and stay socially distant, having remote access to power plant assets is very desirable. With the inexpensive options available, most any operator can efficiently set up a remote network and not need to be onsite in order to maintain the same quality of work.
One of the more interesting and less obvious applications for remote access technology is getting around physical limitations to easily connect to an asset, even while onsite and within visual range of it. No longer is it necessary for an operator to navigate the tricky requirements of plugging a computer into a network (setting up a workstation, finding a sufficient cable, etc.). Perhaps the asset is just out of reach of a standard cable length or the cable would get in the way of other workers. Or, in a more serious situation, it is in a dangerous area of the power plant making access difficult. Perhaps a box allowing remote access just a little bit further away will greatly ease that access, maintenance, and monitoring. Now, from practically anywhere in the world, a technician can monitor and control the critical assets of a power plant.
–Corey Foster is the application engineering manager for Valin Corp. (www.valin.com).