SpyrosABB Posted April 23, 2013 Share Posted April 23, 2013 Hello everyone, I have an apllication where I need to poll with modbus TCP some devices which are located to sollar plants and have access to the internet. How is this going to be implemented? Do I need static IP to address to the devices or can I use a dynamic DNS service? Link to comment Share on other sites More sharing options...
AzeoTech Posted April 24, 2013 Share Posted April 24, 2013 You really should use VPN or some other secure method to protect your devices. Exposing a Modbus TCP device to the internet is just asking for troubles. So, the answer is: yes, you need a static IP (not dynamic DNS), but that static IP should be a non-routable, local IP address (i.e. 192.168.x.x or 10.x.x.x) and you should use VPN to get from one location to the other. Link to comment Share on other sites More sharing options...
SpyrosABB Posted April 24, 2013 Author Share Posted April 24, 2013 You really should use VPN or some other secure method to protect your devices. Exposing a Modbus TCP device to the internet is just asking for troubles. So, the answer is: yes, you need a static IP (not dynamic DNS), but that static IP should be a non-routable, local IP address (i.e. 192.168.x.x or 10.x.x.x) and you should use VPN to get from one location to the other. thank you Link to comment Share on other sites More sharing options...
svego Posted December 30, 2013 Share Posted December 30, 2013 Hi, Static IP is expensive...Is possible to make safe line with openvpn sw installed on industrial routers using dyndns service ?? Site with DAQ Factory * router with installed zeroshell ( http://www.zeroshell.org/ ), openvpn or IPsec * dyndns service * DAQ Factory a lot of sites with * router with openvpn or IP sec * PLC, DAQ device Link to comment Share on other sites More sharing options...
AzeoTech Posted December 30, 2013 Share Posted December 30, 2013 You are really getting outside the realm of what we can advise on. Network security is very complicated, and with SCADA systems it really must be done correctly. That is why I recommend DAQConnect.com since using this service eliminates the issues of opening up firewalls to give external access. Just because a lot of sites might use openVPN doesn't make it the best solution. And those sites were hopefully setup by IT professionals and not the system integrator. Its kind of like demolitions. You really want to let the professionals that do it all the time handle the dynamite, not the general contractor. Don't assume that you have a secure system. Get professional help when you want to grant external access or use a product like DAQConnect that does not require opening holes. And, most importantly, whether you are providing external access or not: make sure you have safety systems in place that are completely independent of all logic. That means not connected through any PLC's or computers. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.