Brief overview:
In this chapter, you will find out why remote access is necessary, what advantages it offers, how the technologies have developed historically and what added business and technical value it brings.

Remote access has always been a key concern for industrial machine builders: The desire to be able to monitor and assess the operation of machines remotely has existed for practically as long as mechanical engineering has existed.
For OEMs with widely distributed machines at customer sites and for end users with multiple plants as well as their own development centers, insight into remote plants is a strong business driver.

Typical use cases (at a glance)

• RemotePLC troubleshooting and programming
• Display and control HMI - remotely and traceably
• Secure remote access to industrial machines
• Connect web camera for visual support
• Support technicians on site, e.g. during commissioning

If you can access a machine's control system remotely, troubleshooting becomes much more effective: typically, around 60 to 70 % of operating problems can be solved without the need for support personnel to travel - either regionally or internationally.
Many production-critical problems arise less from a defect in the machine itself, but rather from necessary adjustments to the programming or operating parameters.
For example, you can take into account changes in raw materials, wear or other production factors that have changed over time.

From reactive to proactive: the strategic lever

Remote access enables a shift from reactive support to a proactive service model that strengthens competitiveness.

Business benefits:

• Improved responsiveness: faster response, faster resolution
• Reduced impact of emergencies: Reduce damage and downtime
• Optimized engineer utilization: deploy resources in a more targeted manner
• More machine uptime & productivity: increase availability
• Reduced travel costs: fewer on-site visits

Quick problem resolution leads to less downtime and a faster return to full production for the end customer.
And even if an on-site visit is necessary, remote monitoring improves preparation: it can be more targeted to ensure that the right person is sent with the right skills, the right parts and the right tools.
This pays dividends in terms of a better customer experience and higher customer satisfaction.

Skills shortage increases demand

The pressure to introduce remote access strategies has increased because more and more specialists are retiring due to age.
The expertise of the remaining specialists must be distributed across more production machines - and these are often located around the world.

New services as a sales opportunity

Machine manufacturers also see remote access as an opportunity to develop new proactive and preventive services that can generate additional revenue.

In the past, remote access often consisted of "out-of-band" management via a terminal console connected by analog telephone network and modem.
These systems were slow, often difficult to install and expensive to operate and maintain.
Nevertheless, modem remote access is still common today - supported by available high-speed cellular networks.

The main advantage of this approach is that it provides access to control data and bypasses the customer's corporate network.
Wireless modems that communicate over cellular data networks are available from many PLC vendors.
No landline or IT network connection is required - although wireless coverage can be a problem in production areas.

In addition, working with mobile network providers involves complexity: SIM cards with fixed IP addresses cost extra and are often time-consuming to procure and configure.
There are also ongoing network access and usage fees that quickly add up - costs that machine builders often want to avoid, especially if a permanent connection is not required.

A better option for remote access to a computer is to use the Internet and Cloud computing.
The biggest challenge here: securely managing the connection between the computer, the end user's corporate network and thus the Internet.
IT departments are understandably reluctant to allow blanket network access for external people - mainly for security reasons.

Permanent access is often required for the remote management of systems where control options are crucial.
However, machine builders do not always need a permanent connection: Remote access can also be implemented on-demand for troubleshooting, maintenance or service.

Why is this important? Firstly, the end user may want to prevent constant external access.
Although physically disconnecting from the LAN is not essential, it gives the end user physical control over when and for how long access is possible.
In this situation, the machine is typically disconnected from the LAN and only reconnected when required or at the request of the machine manufacturer.
If remote connectivity is also billed on a volume basis (as is often the case with mobile telephony), it may make sense to only connect when required and only pay when required.

VPNs are technically a very good solution.
In practice, however, it is complex to set up inbound network access correctly and ensure high security at the same time.
One reason: Each automation provider usually uses different network ports, and a clean path through customer firewalls requires careful configuration - often including demanding coordination with reluctant IT departments.

If you rely on an outbound connection via the factory LAN instead, you solve many firewall problems from the start:
If no inbound connections are required, no ports need to be opened in the corporate firewall.
This usually means that no IT or firewall changes are required to establish communication.

A local monitoring PC can be accessed and controlled remotely via the Internet using VNC-like technologies or other PC-based remote access software.
The software mirrors the remote computer with the user interface and transfers control to the remote user.

Such solutions can work in principle for remote access to a PC - but they often grant access to the entire network, which is not acceptable in many cases, especially for security reasons.
An industrial PC is also required to run the application on the remote system.
This incurs additional hardware and software costs, which means that the total cost of ownership is often higher than with a dedicated device.

Another solution is an on-demand VPN connection via an industrial router and a cloud-based management infrastructure.
An SSL VPN connection is generally not very problematic for the customer's IT department.
This approach is even particularly interesting from a security perspective, as it automatically creates a logical network separation between the machine and the factory LAN.

This ensures that the remote technician cannot access the factory LAN and can only reach the devices that are connected behind the remote access router.
Machine builders can thus manage machine fleets via a central, secure interface.
End users can use the platform to administer remote access rights at multiple OEMs.
For this reason, this is the solution that the author focuses on in this book.