KEB Technology

C6 Industrial VPN Router – Remote Machine Connection

Jonathan Bullick | December 8th, 2020

1. Ease of use

KEB’s CONNECT software allows users to make a basic connection to their PLC in minutes. Here’s a 4 minute YouTube video showing a Remote Access to a Allen Bradley CompactLogix control.

Once the machine builder has defined their basic settings, new routers can be configured via the USB port in seconds. While CONNECT does have a lot of options and advanced settings, the interface is intuitive and easy to grasp. Installed router devices are shown in a tree view and each installation is easy to manage and adjust settings.

*CONNECT’s layout is intuitive and easy to manage multiple installations*

Advanced settings like different functionalities, ports, access rights, and firewalls are possible to set up with each device and installation. General policies with multiple settings can be configured as an administrator in case multiple routers are deployed at one facility.

Sample IT admin screen — *Pre-Configured Policies can be easily implemented*

2. Secure VPN connection

The biggest concern with remote connecting to a machine deals with the security of the connection and what is required in order to connect. The importance of security cannot be overstated and this is likely where different remote access solutions vary widely.

KEB’s CONNECT redundant global servers authenticate a user running Combivis CONNECT software and the C6 Industrial Router and facilitate a handshake between the two. Once the two devices are authenticated, a direct and secure encrypted VPN connection is established between the user and device in the field.

Remote machine connection with CONNECT Architecture — *CONNECT Architecture*

Additionally, digital inputs are available on the C6 Router which can be used as a hardware input to enable data transmission. So a machine does not need to be online indefinitely. A common procedure is for someone on-site to turn a key switch or provide a physical input which then enables the Router connection. Outputs on the Router are available which can be monitored to know when active connections are made.

local enable — *Digital inputs allow local enabling through the hardware*

Further, security parameters can be defined in KEB’s CONNECT software. Users and groups can be created which define permission levels and timeouts. Individual users create unique passwords which are not shared. Firewalls, ports, and individual MAC IDs can be assigned to limit access.

But don’t take our word for it. In 2020, KEB was re-audited by ProtectEM, an independent company that specializes in industrial cybersecurity. The Router and, more importantly, KEB’s CONNECT server infrastructure and software were evaluated and found secure according to the IEC 62443 specification.

*KEB 3rd Party Cybersecurity audit report*

3. Reliable Connections

The initial authentication sequence is handled by KEB’s CONNECT servers. There are multiple servers located around the world to ensure reliability and maximum uptime.

Once a VPN connection is established, the communication between the user and the Router is direct and does not pass through a 3^rd party server. This architecture has a couple of benefits. First, it is more secure since the machine data is not passing through a 3rd party server. Secondly, in cases with spotty internet service, this allows for more bandwidth.

4. Industrial Design

An important distinction is that the KEB C6 VPN Router is an industrial product, not a commercial one. The Router has a stainless steel enclosure and is designed to operate on 24VDC (9-36VDC). It is only 36mm wide and can either be wall or DIN rail mounted. The router contains no fans or moving parts and utilizes solid state memory. The standard Router offering is capable of operation from 0°C … +50°C.

siemens plc remote access — *KEB’s Industrial Router has a metal housing and carries UL and CE marks*

5. Supports Serial and Ethernet-based connections

The C6 Router has both Serial and Ethernet interfaces which facilitate connections to PLCs, VFDs or HMIs. The advantage is that one KEB device can connect to a number of different field devices.

The advantage for some of our customers is that one KEB device could be used as a generic service tool and cover a wide range of scenarios. This includes connecting to older PLC devices running Modbus, Data Highway, and Profibus.

Industrial VPN serial — *The C6 Router has both Ethernet and Serial interfaces*

6. 4G Cellular Router option

What if the machine or control is in a remote location? If there is cellular service, the answer is KEB’s 4G Cellular Router. The M-version has a mini-SIM slot that is compatible with with GSM networks worldwide.

4g industrial modem — *GSM for Global Availability*

One big advantage of GSM is that networks are available worldwide and data can be pre-paid or purchased through a subscription.

wind farm — *KEB’s 4G Cellular Router is used in remote wind turbine applications*

Various antenna lengths are offered which allows the antenna to be placed on the outside of the enclosure. Additionally, data transfer can be initiated via an SMS text so the system does not need to be online all the time. This reduces data usage and the fees that go along with it.

7. Unlimited Data Usage

Some competing VPN router products charge the user for data usage. So while the upfront cost is relatively low, the lifetime cost of the router solution is considerably more. Or, the user runs into data usage limitations (i.e. throttling) which affects how they use or implement the product.

KEB does not limit, throttle, or charge for data usage. This is one of the points where we are different. All investment costs are known and paid upfront.

8. Combivis HMI – Advanced HMI functionality

KEB’s optional Combivis HMI provides advanced Router functionality. Machine data can be sampled and archived. This could help with usage information and preventative maintenance scheduling. It is also possible to monitor parameters and output them to a graphical interface programmed in Combivis HMI Studio. A machine dashboard could then be viewed through the “Web Client”.

Additionally, special alarm conditions can be set up to trigger SMS or email notifications.

Finally, a number of communication drivers are supported which allows for the connection with 3^rd party systems. A small sampling of available drivers includes (full list here):