KB Controls is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Read more in our disclaimer

How Does a Secure Remote Access System for Industrial Control Systems Work?

A Deep Dive into how Secure Remote Access Systems like FactoryTalk Remote Actually Work.

In my last post, I talked about the value of Secure Remote Access for Industrial Control Systems. In that post, I explained why it is important for end users to have a system in place that allows employees and OEM technicians to securely access equipment remotely.

In this post, I will dive into an explanation of how Secure Remote Access Systems work in the context of FactoryTalk Remote Access, Rockwell Automation’s Secure Remote Access System for industrial control systems.

Let’s look at the components that make up a Secure Remote Access system like FactoryTalk Remote Access.

FactoryTalk Remote Access Components

FactoryTalk Remote Access is a hybrid cloud system that enables remote access to industrial equipment.

What on earth is a hybrid cloud system?

A hybrid cloud system is basically a system that exists partially in the cloud and partially in the end user’s infrastructure. In the case of FactoryTalk Remote Access, there are three components to the system. These components are:

  • FactoryTalk Remote Access Manager, which is a web-based client that is used to manage the Secure Remote Access system, and
  • the Stratix 4300 Remote Access Router, which is a hardware router that enables a VPN connection to remote equipment.
  • a distributed cloud-based server infrastructure that maintains communication between the supervisory PC and the remote network

The whole system looks like this:

FactoryTalk Remote Access System Overview

Let’s take a closer look at the components that make up the Secure Remote Access System.

FactoryTalk Remote Access Manager

FactoryTalk Remote Access Manager

FactoryTalk Remote Access Manager is used to enable Secure Remote Access to industrial control systems for remote workers.

FactoryTalk Remote Access Manager is made up of

  • a web client that is used to configure and maintain the Secure Remote Access system,
  • an installable VPN app on the supervisory computer that registers devices and activates the VPN connection to connect to the target system remotely.

Stratix 4300 Remote Access Router

Stratix 4300 Remote Access Router

The Stratix 4300 is a remote access router that enables remote access to devices through a VPN connection via Gigabit Ethernet and serial interface. The router is available in a 2-port and 5-port variation.

This router is quick to configure with first-time configuration available via a USB port and subsequent configurations done through a centralized web client.

It also features digital I/O and hardware commands that can be used to allow or deny remote connectivity at the local machine. This provides an extra layer of security since remote access to a machine or system is only enabled when you physically enable the router at the local machine.

Physical Enablement of Stratix 4300

Key Features of Secure Remote Access

The more skeptical people in the audience may be wondering at this stage what’s so great about a Secure Remote Access system like FactoryTalk Remote Access. After all, applications like TeamViewer already provide a way to remotely connect to a control system.

I have also used TeamViewer in a pinch, but the functionality of TeamViewer is limited. Although it enables remote access to a control system, that remote access is not easily secured or administered.

With a Secure Remote Access system like FactoryTalk Remote Access, you can:

  • Configure remote connections to be “outbound only” to avoid accidental or malicious changes to the control system
  • Easily manage user groups and permissions so that, for example, remote workers have different privileges than OEM technicians,
  • Configure audit and log files to track administration changes and remote connection sessions,
  • Initiate VPN connections and register devices through an installable app,
  • Configure permission policies for traffic over the VPN using the integrated firewall,
  • Connect to a control system using NAT or routing with a router,
  • Manage the configuration of the Secure Remote Access system through an intuitive, web-based user interface.
  • Manager user groups and assets through the secure remote access system,
  • Pay for what you need thanks to a software subscription licensing model based on the number of concurrent user connections

Wrap Up

In this post, I have explained how a Secure Remote Access system like FactoryTalk Remote Access works. Along the way, we learned that a Secure Remote Access system is typically made up of a hardware and a software component that help to increase the security of the connections.

We also talked about the advantages of a Secure Remote Access system over traditional remote access tools like TeamViewer. The main advantages of a Secure Remote Access system are that it provides more control and visibility over remote connections which helps to reduce the risk of hacks and to make sure that any remote access to the industrial control systems is administered correctly and complies with IT policies.

If you are still not convinced about the value of Secure Remote Access systems, then check out my previous post on the topic which explains what benefits come from investing in a Secure Remote Access system and looks at some common use cases for Secure Remote Access systems for both OEMs and end users.

PLC Programming Bootcamp

Learn PLC programming and kick start your career as a PLC programmer by following our free 5 day bootcamp.

Learn More

Related Content