Paul Reszka
Application Engineer
Wago Corp.
Germantown, Wis.

An integrated Ethernet port on the controller controls remote I/O on Ethernetbased protocols such as Ether-net/IP, Profinet, Modbus/TCP (UDP), and others. And it lets users program and debug internal controller programs. Use of these and other Ethernet services such as a Web and ftp server, make possible remote administration of control processes.

Step one in establishing a remote connection sets up the controller to handle communication from both a local network and from a wider network such as the Internet. Adding a gateway address to the controller's Ethernet communication settings lets it send and receive IP messages that originate outside the local area network. This gateway address is typically assigned to an Ethernet router. Routers direct or route IP traffic to the correct Ethernet device inside the LAN.

A network-address translation (NAT) is the most common way of routing network traffic between a LAN and WAN. NATs take a single IP address supplied by an Internet service provider and let multiple devices share the same Internet connection. Unfortunately, NATs do not provide a true end-to-end connection. A TCP connection established out-side the local network may not connect with the destination device because its (the destination device's) IP address hides behind the router.

What is called a port-forwarding process gets around the problem. Port forwarding lets a communication from outside the network send a message to the router's IP address. The router determines where to send the packet based on the port number.

Security is another issue. NAT's lack of end-to-end connectivity prevents most unsolicited requests for communication out-side a LAN. One of the best security measures called "security through obscurity" selects a controller that runs an embedded operating system not commonly used by consumers.

When setting up a router, be sure to limit the number of open ports. For example, an open FTP port can be exploited by uploading a program that overrides the controller. Never leave open a port that is not in regular use.

Use of a virtual-private network further boosts security by encrypting data transmitted over a public network such as the Internet. Instead of opening all the ports needed to handle communication to the control network, a single authenticated network port passes the encrypted communication. This lets users outside the LAN access the network as if they were inside it. Data collection over great distances is one of the best uses for this technology.

Wago Corp. (www.wago.us) is a maker of factory-automation equipment.