Internet access to the factory floor

June 22, 2006
Modern PLCs let companies remotely check the condition of a machine or view other statistics via a Web site.

Paul Reszka
Application Engineer
Wago Corp.
Germantown, Wis.

An integrated Ethernet port on the controller controls remote I/O on Ethernetbased protocols such as Ether-net/IP, Profinet, Modbus/TCP (UDP), and others. And it lets users program and debug internal controller programs. Use of these and other Ethernet services such as a Web and ftp server, make possible remote administration of control processes.

Step one in establishing a remote connection sets up the controller to handle communication from both a local network and from a wider network such as the Internet. Adding a gateway address to the controller's Ethernet communication settings lets it send and receive IP messages that originate outside the local area network. This gateway address is typically assigned to an Ethernet router. Routers direct or route IP traffic to the correct Ethernet device inside the LAN.

A network-address translation (NAT) is the most common way of routing network traffic between a LAN and WAN. NATs take a single IP address supplied by an Internet service provider and let multiple devices share the same Internet connection. Unfortunately, NATs do not provide a true end-to-end connection. A TCP connection established out-side the local network may not connect with the destination device because its (the destination device's) IP address hides behind the router.

What is called a port-forwarding process gets around the problem. Port forwarding lets a communication from outside the network send a message to the router's IP address. The router determines where to send the packet based on the port number.

Security is another issue. NAT's lack of end-to-end connectivity prevents most unsolicited requests for communication out-side a LAN. One of the best security measures called "security through obscurity" selects a controller that runs an embedded operating system not commonly used by consumers.

When setting up a router, be sure to limit the number of open ports. For example, an open FTP port can be exploited by uploading a program that overrides the controller. Never leave open a port that is not in regular use.

Use of a virtual-private network further boosts security by encrypting data transmitted over a public network such as the Internet. Instead of opening all the ports needed to handle communication to the control network, a single authenticated network port passes the encrypted communication. This lets users outside the LAN access the network as if they were inside it. Data collection over great distances is one of the best uses for this technology.

Wago Corp. ( is a maker of factory-automation equipment.

Sponsored Recommendations

How BASF turns data into savings

May 7, 2024
BASF continuously monitors the health of 63 substation assets — with Schneider’s Service Bureau and EcoStruxure™ Asset Advisor. ►Learn More: https://www.schn...

Agile design thinking: A key to operation-level digital transformation acceleration

May 7, 2024
Digital transformation, aided by agile design thinking, can reduce obstacles to change. Learn about 3 steps that can guide success.

Can new digital medium voltage circuit breakers help facilities reduce their carbon footprint?

May 7, 2024
Find out how facility managers can easily monitor energy usage to create a sustainable, decarbonized environment using digital MV circuit breakers.

The Digital Thread: End-to-End Data-Driven Manufacturing

May 1, 2024
Creating a Digital Thread by harnessing end-to-end manufacturing data is providing unprecedented opportunities to create efficiencies in the world of manufacturing.

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!