Secure Remote Access for Troubleshooting Robot Systems
Motion Controls Robotics wants to be able to help customers troubleshoot their simple to complex robot system issues as quickly as possible. One of the best ways to do this is through remote access to the installed robot system. With remote access, our technicians can quickly review any system changes and find the best way to help to resolve system errors.
The ability to visually go through a system we are familiar with is very beneficial. We know where to look and how to get to the screens we need to check. Seems like a no brainer for everyone, right?
Well no, many IT groups do not want this type of access into their network. There have been a variety of VPN options in the past that have led to exposing vulnerabilities in the system. The solution in this article for remote troubleshooting robot systems erases these worries.
What are some of the benefits of remote access?
- Our robot technicians can troubleshoot PLCs remotely and walk through the HMI screens.
- There is two-way communication via phone with an operator onsite that can walk through the steps to fix the problem.
- A camera can be added to the setup for watching the system run or viewing other system screens.
- You save money on travel cost from our facility to yours
- Your system is back up and running in a matter of minutes instead of hours – minimizing downtime
Suggested Remote Access Setup – eWon/Talk2M
We use the eWon/Talk2M combo for troubleshooting robot systems through remote access.
This setup follows these standards for security:
- ISO/IEC 27001 Information Security Management – https://www.iso.org/isoiec-27001-information-security.html
- S. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity – https://www.nist.gov/publications/framework-improving-critical-infrastructure-cybersecurity-version-11
- Open Web Application Security Project (OWASP)
- Open Source Security Testing Methodology Manual (OSSTMM)
How is this Remote Access Different?
Let us quickly look at the difference between the eWon option and other options available:
This option uses a wireless link therefore bypassing the company’s network. The problem companies have with this setup is it is sometimes hard to get an uninterrupted signal on the facility floor, the system is harder to setup, and the option is expensive with usage costs that can add up quickly.
VPNs that can be established through a variety of software services are super easy, but they are not always secure.
On-demand eWon VPN
This method supplies a fully secure SSL (a security certificate) VPN tunnel that includes permission to enter that can only be allowed by your operator. The permission is authenticated through both the eWon and the Talk2M cloud software. The eWon separates access so the remote user can only see the machines the eWon is connected to. The eWon option allows for Connectivity as a Service. This makes for a connection that checks all three boxes: easy, affordable, and secure.
HMS Networks, eWon developer, explains, “The Ewon uses an outbound connection across the factory LAN (HTTPS port 443 or UDP 1194). This makes the Ewon isolated from Internet by working with a private IP address, non reachable from the Internet. No IT/firewall changes are needed to establish communication.”
MCRI has used this setup to quickly troubleshoot system changes to robot systems located all around the United States. It has saved our customers from having extended downtime while someone travels to their location.
How to get started with eWon for Troubleshooting Robot Systems:
To get setup on the Ewon system is quick, easy, and a very affordable option for your company.
- Purchase the eWon Cosy 13. You can contact MCRI Service to order the eWon.
- Download the eCatcher software at https://www.ewon.biz/technical-support/pages/all-downloads.
- Setup an account by entering your company information and username.
- Next, add your eWon using the ADD button on the bottom left. This will move you through an activation wizard. Make sure to screen capture and copy the activation key that is given to you.
- At this point, download the maintenance utility software called eBuddy to help setup the eWon – https://www.ewon.biz/technical-support/pages/all-downloads
- Connect an Ethernet cable from the computer to the eWON’s local area network (LAN) port number 1.
- Launch eBuddy and Set the IP Address. Select an IP address that will not conflict with your network or any other remote computer’s IP address. Temporarily change your computer’s IP address to the same subnet as the eWON’s IP address. Make sure to write down your computer’s IP address information so you can change it back after you’re done.
- Launch your web browser and enter your eWON’s IP address in the address bar. Log in using the default username and password, which are both “adm”. Make sure to change this right away so you do not forget. This is a basic and important level of security.
- Click on the Settings button and run the Quick Launch Wizard. Configure the system, communication, and Talk2M connection settings. When prompted by the Talk2M connection wizard, paste the Activation Key you copied.
- Plug the Internet cable into the wide area network (WAN) port. The WAN port is number 4 on the bottom left of the eWON. You can verify it by looking for the red LED light (instead of a green light) beneath the Ethernet port. When your settings are complete, unplug the Ethernet cable between the eWON and your computer and set the IP address of your computer back to its original state.
- With your computer connected to the Internet, launch eCatcher. The status of your eWON should be Online. Simply highlight your eWON and click the Connect button.
- Now that you are all setup for remote troubleshooting, you will just need to login to your Talk2M account and contact MCRI. We will be able to then login which will give us access to see your eWon Cosy and whatever item you are sharing (HMI, PLC, or a camera).
If you need more instruction information download the full PDF Instructions from HMS Networks