When connecting legacy equipment to the Internet, adjustments must be made for security. Most legacy equipment was not designed to connect beyond the factory network. While a corporate VPN is often considered the go-to network for sharing data with the outside world, an edge node is often a more convenient and secure solution.
|Tom Craven at a Design News conference earlier this year. Image by Design News.|
Tom Craven, Vice President of Product Strategy at RRAMAC connected systems explored strategies for connecting legacy factory equipment to the internet in his session, Optimizing Assets to Operate in a Smart Manufacturing Ecosystem, at the Advanced Design and Manufacturing Show in Cleveland this week.
Equipment not Internet-ready
The challenge many manufacturers face when adopting advanced factory systems is knowing what to do with the existing equipment. “A lot of the existing equipment in factories isn’t internet-ready. It might not even be electrical. It might be hydraulic systems,” Craven said. “Controllers like older PLCs or less expensive PLCs may not have Ethernet, so you need a converter or peripheral node to connect an older PLC to the Internet.”
One of the most pressing issues is security. Older automata were not designed to share data with the outside world. “Most older PLCs don’t have security that would prevent someone from accessing them if they’re connected to the internet,” Craven said. “You have controllers designed for secure communication, but upgraded PLCs for that are in the minority.”
An obvious solution is to replace the old PLCs. That would certainly work, but it would also hurt the ROI that underlies the whole idea of connecting legacy gear. “Replacing all existing equipment is impractical from a return on investment perspective,” Craven said. “The return on investment could take years if you want to destroy everything and replace everything. Thus, most older elements must be connected without being replaced. »
Many factories immediately point to VPN as a secure way to connect to older equipment. This suggestion is undermined by the ease of access to a VPN. “Many factories want to connect legacy equipment through a VPN,” Craven said. “But if you work from home, you can connect to the company VPN. Do you want external users to access the factory network? VPN is not the answer because VPN is not secure enough for external users”
Using an Edge Node for Security
Craven pointed to the edge node as a useful solution. If the purpose of the equipment connection is to capture production and condition data, the communication need not be two-way. Thus, an edge node that sends equipment data to the network – without receiving any data – would be a secure solution. “The answer is a peripheral node. There could be a peripheral node for the factory, or maybe one per machine,” Craven said. “It sends secure communication as an outbound connection from the edge node to the server with encryption. There is no inbound firewall hole required.
By using the edge node, data can be transmitted to the Internet without opening two-way communication. “The Edge Node is blocking all incoming data or connections. You’re not opening up the network to the whole internet,” Craven said. “I’m going to send data to this server, and that’s all I’m going to do. Access to the server is secure. So you can get data from your old PLCs. Or you can push sensor data to the edge node. This way you can do a vibration analysis. You place a sensor on the equipment and the edge node sends the vibration data to the cloud. »
Craven notes that the process of preparing legacy equipment for connectivity may require equipment replacement, but that’s not always necessary. “‘Maybe it makes sense to replace some of the existing equipment, but measure it first,” Craven said. “You may find that you need to replace some controllers. There may be cost reasons for replacing them, but make sure it is a cost-based analysis.
Rob Spiegel has covered automation and control for 17 years, 15 of which for Design News. Other topics he discussed include supply chain technology, alternative energy, and cybersecurity. For 10 years he was the owner and publisher of the gastronomic magazine Chili pepper.