With the "Fast device server" function, the Industrial Router NB1601 takes on the role of a network interface. © Net modules

In addition to an isolated digital input, the router also offers a relay output for connecting sensors and actuators, as well as a serial interface. This can be used as a standard device server or system console. File-based configuration or the import of new firmware is possible via a USB connection; this can also be used as an expansion interface.

Production lines become online-capable

As in many other factories, there are also production systems here that have been in operation for a long time and lack an online connection from the outset. In other words, older systems that are running well and are therefore justified for continued operation. In order to integrate them into the network, for example to query identification numbers, they must be made "online-capable". Here, the router takes on the role of the network interface, which translates machine language into IP. To do this, the router is connected to a device via the serial interface and the "Fast device server" function is activated via the configuration menu. This enables remote access to a PLC and other serially connected devices, for example. Because the router is equipped with industrial interfaces and protocols such as Modbus, many core industrial requirements - remote maintenance, remote debugging, alarms via SMS or email and more - can be implemented without the need for additional devices such as protocol converters.

In addition, special customer applications can run in an LXC container that is separate from the operating system. Using the SDK (Software Development Kit) in combination with the sandbox, a secure execution environment, the functions of the router can be expanded and user-specific functions and applications can be implemented. For example, data pre-processing and evaluation can be carried out directly on the industrial router, saving the manufacturer the need for an additional industrial PC.

No cybercrime!

Security plays a key role in times of cybercrime. Encrypted connections and secure industrial routers are essential for uniform and secure access to plants and systems. The router software offers various VPN functions for this purpose. The available protocols include OpenVPN and IPsec. Read-out sensor data is transmitted in encrypted form via VPNs (virtual private channels) and firewalls secure access to the routers.

Schematic drawing of the network connection via the Connectivity Suite. © Net modules

When the router is started for the first time, the administration password must be set manually. Only then can the router be configured and additional users with appropriate authorizations be created. As a further security measure, the software does not contain any hard-coded keys or certificates. Instead, the user must explicitly create these when configuring the device to secure services, for example HTTP and SSH servers, or to implement authentication and encryption, for example for VPN tunnels and WLAN clients. If you want even stronger cryptographic security, you can generate the keys using an external RNG (Random Number Generator) device or manage all certificates on a remote certification server.

Router management made easy

As several production lines in the factory can each be operated remotely via their own router, central management also makes sense. Here, the modular, web-based Connectivity Suite offers a platform for setting up the network, including up-to-date security mechanisms and centralized monitoring and control of the installed industrial routers. The central component is device management, which is used for inventory, installation and maintenance. Thanks to the Connectivity Suite's multi-client capability, the production lines can be logically separated from each other and the sub-networks can also be managed individually. Each of these has its own VPN server to which the industrial routers log on independently after a simple initial configuration and certificate assignment - eliminating the need to juggle IP addresses. After logging in, administrators can configure their routers, install or automate software updates as required and query the connection status at any time. As with the routers, proven encryption technologies guarantee the confidentiality, authenticity and integrity of all exchanged information and data.

If the screw manufacturer increases its production or adds other plants, the Connectivity Suite grows with it. The expansion takes place via the standardized API, as does the integration into existing monitoring solutions. The router and Connectivity Suite solution therefore provides users with the necessary key components for largely automated 24/7 production.

Jürgen Kern, CEO of NetModule / ag