Ipsen supports its equipment across the globe using the mGuard VPN router from Phoenix Contact, which allows secure remote access via the Internet.
Ipsen designs and manufactures industrial vacuum furnaces (Figure 1), atmosphere furnaces, and supervisory control systems for a wide variety of thermal processing applications in the aerospace, commercial heat treating, medical, energy and automotive industries.
Ipsen also employs a large and skilled aftermarket support team to help customers solve problems, plan furnace controls upgrades, replace hot zones, provide parts, and support maintenance and field service.
To help provide extraordinary customer service, Ipsen relies on the mGuard VPN router from Phoenix Contact to gain secure remote access to furnace control systems installed all over the world.
Heat Treating Can Be Complex
A furnace control system does more than just control temperature. Ipsen’s 10-bar quench furnace control system, for example, also has to control speed, pressure, flow direction, and other crucial variables throughout the quenching process because they directly affect load distortion in die casting operations. These parameters change from product to product, so furnace control systems need to allow the customer to develop and test batch recipes.
Ipsen’s CompuVac® control system (Figure 2) provides a complete window into the furnace’s process with standard features that include an integrated touch-screen interface for monitoring the workload; display screens for programming, running, and real-time and historical monitoring; virtually unlimited recipe creation, modification, and storage; and alarm displays, batch reports, QC audits, and record archiving.
Although the CompuVac control system makes it easy for customers to create and run custom heat treating profiles and batches, they often have questions or need support from Ipsen engineers. Ipsen’s customer service group is prepared to offer technical advice and help diagnose problems, and remote access to both control systems helps Ipsen technical personnel see what the system is doing.
In the past, Ipsen relied upon an Ethernet modem, which required an analog phone connection on both the customer and Ipsen sites. Phone modems are notoriously slow and, in some cases, providing the analog phone connection at the customer site proved difficult or impossible. A better remote access solution was needed.
Virtual Private Network Provides Security
Ipsen reviewed several remote access solutions and suppliers and chose the mGuard VPN router from Phoenix Contact, primarily because of the functionality, local distribution, and support.
The mGuard VPN allows Ipsen to connect to a customer’s industrial network via the Internet with little intervention from the IT department. Secure communication is provided with the virtual private network and a stateful inspection firewall.
The mGuard WAN port typically connects to the customer’s company network, which gives it access to the Internet through their corporate firewall/router. By virtue of the mGuard tunneling outbound—that is, back to Ipsen—there are no ports that need to be opened on the inbound side of the customer’s network. This satisfies the customer’s IT department security requirements because outsiders cannot detect a port.
Conversely, the mGuard can be connected directly to the Internet via its WAN port if the customer does not want to connect to its corporate network.
The mGuard has a digital input that can be wired to the switch or relay to activate the VPN tunnel. Ipsen offers this feature so that each customer can activate the tunnel when needed. This gives customers peace of mind because they are in control of the remote access connection.
A stateful inspection firewall keeps track of the state of network connections, such as TCP streams or UDP communication, as they are traveling through it. The algorithm distinguishes legitimate packets for different types of connections. Only packets matching a known connection state are allowed by the firewall — others are dropped or rejected. Ipsen and the customer jointly set up the rules so that no other entity can intrude on the system.
Accessing the equipment
After the connection is made, the mGuard’s high speed of 99 Mbps allows Ipsen engineers to view system data in real time and to download program changes when necessary.
The mGuard router can be installed in the furnace control panel via a DIN rail module, a PCI card, or as a portable device that plugs into a USB port, depending on the customer’s requirements. Typically, Ipsen installs one mGuard per furnace. Only one receiving mGuard is needed at Ipsen to accommodate up to 250 simultaneous VPN connections.
The remote access system is all hardware — no software is required. This provides a high degree of security because changes to hardware require deliberate effort that can be easily monitored, as opposed to software changes that can be performed at the touch of a key.
There is an mGuard at each end of the tunnel (that is, one mGuard for each customer and one at Ipsen). The network is configured in such a way that Ipsen’s service technicians can access each customer’s VPN from their laptops. A technician can see all the customer furnaces that are tunneled back to the Ipsen mGuard in a “hub and spoke” topology.
Diagnosing From Afar
Once connected, the mGuard allows Ipsen engineers to access data from any Ethernet-connected device on the furnace’s local network, including PLC (programmable logic controller), HMI (human machine interface), data acquisition instruments, and video graphic recorders. The mGuard configuration can also be accessed remotely through the VPN connection.
An mGuard can be used for start-up support, maintenance support, or customer requested enhancements. Although mGuard installations on equipment are relatively new, Ipsen has already performed many remote control modifications and diagnostics that previously would have required an on-site service technician. Saving the cost of one service trip under warranty is enough to completely pay for the cost of an mGuard system.
Ipsen is currently providing mGuard VPN systems and Phoenix Contact Ethernet switches on new furnaces. Typically, the mGuard is installed by Ipsen’s panel builders and is configured and tested by Ipsen control technicians.
Remote access is a mature technology, but past iterations have often been lacking in terms of performance, cost effectiveness, and security. Ipsen’s mGuard VPN remote access system overcomes these challenges, providing safe, secure, high-speed and low-cost access to their equipment worldwide from a single mGuard located at their headquarters.