When you’re connecting legacy equipment to the internet, adjustments need to be made for security. Most legacy equipment was not designed to connect beyond the plant network. While the company’s VPN is often considered the go-to network for sharing data with the outside world, an edge node is often a more practical – and secure – solution.
|Tom Craven at a Desgin News conference earlier this year. Image by Design News.|
Tom Craven, VP of product strategy at RRAMAC Connected Systems explored the strategies for connecting legacy plant equipment to the internet in his session, Optimizing Assets to Function in a Smart Manufacturing Ecosystem, at the Advanced Design and Manufacturing Expo in Cleveland this week.
The Not-Ready-for-the-Internet Equipment
The challenge many manufacturers face as they adopt advanced plant systems is what to do with legacy equipment. “Much of the legacy equipment in plants is not ready for the internet. It may not even be electric. It may be hydraulic systems,” said Craven. “Controllers such as older PLCs or less-expense PLCs may not have ethernet. So, you need a converter or an edge node to connect an older PLC to the internet.”
One of the most pressing issues is security. Older PLCs were not designed to share data with the outside world. “Most of the older PLCs do not have security that would prevent someone from reaching it if it’s connected to the internet,” said Craven. “You have some controllers that are designed for secure communication, but PLCs that are upgraded for that are in the minority.”
One obvious solution is to replace the older PLCs. It would certainly work, but it would also undermine the return on investment that’s behind the whole notion of connecting the legacy equipment. “Replacing all of the legacy equipment is not practical from an ROI consideration,” said Craven. “The ROI could take years if you’re going to rip and replace everything. So, most of the older stuff needs to be connected without being replaced.”
Many plants immediately point to the VPN as a secure way to connect to the older equipment. That suggestion is undermined by the ease with which a VPN can be accessed. “Many plants want to connect the legacy equipment via an VPN,” said Craven. “But if you work from home, you can connect to the company’s VPN. Do you want external users to access the plant network? VPN is not the answer because the VPN is not secure enough for external users”
Using an Edge Node for Security
Craven pointed to the edge node as a useful solution. If the goal for the connecting the equipment is to grab production and condition data, then the communication doesn’t need to be two-way. Thus an edge node that sends the data from the equipment to the network – without receiving data – would be a secure solution. “The answer is an edge-node. There could be an edge-node for the plant, or maybe one per machine,” said Craven. “It sends secure communication as an outbound connection from the edge node to the server with encryption. There’s no incoming firewall hole required.”
By using the edge node, data can be pushed to the internet without opening two-way communication. “The edge-node blocks any incoming data or connection. You’re not opening the network up to the whole internet,” said Craven. “I’m going to send data to this server, and that is all I’m going to do. Getting into the server is secure. So, you can get data from your legacy PLCs. Or you can push data from the sensor to the edge node. That way you can do vibration analysis. You put a sensor on the equipment and the edge node pushes the vibration data to the cloud.”
Craven notes that the process of preparing legacy equipment for connectivity may require some equipment replacement, but it isn’t always necessary. ““Maybe it does make sense to replace some of the legacy equipment, but measure it first,” said Craven. “You may find that you need to replace some controllers. There may be cost reasons to replace them, but make sure it’s a cost-based analysis.”
Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.