October 2021
AutomatedBuildings.com

BTL Mark: Resolve interoperability issues & increase buyer confidence
BACnet Testing Laboratories

(Click Message to Learn More)


Secure Remote Access Solutions Without a Cloud-Based VPN Server

Utilizing the Internet for remote commissioning provides convenience while saving time and money.

Kathy Neumeyer Technical Writer at Contemporary Controls

1




Articles
Interviews
Releases
New Products
Reviews
ABB
Editorial
Events
Sponsors
Site Search
Newsletters
Secured by Cimetrics
Archives
Past Issues
Home
Editors
eDucation
Belimo
Links
Software
Distech Controls

Utilizing the Internet for remote commissioning provides convenience while saving time and money. However, accessing equipment at remote sites can be difficult because firewalls block messages that originate from the Internet. Although it is possible to open ports in firewalls using port forwarding, IT professionals are often reluctant to compromise the security of their networks and usually decline this type of request. Without support from the IT department, the systems integrator is usually left with very few options.

One solution is to incorporate a virtual private network (VPN). A simple VPN can exist between two end points, called a VPN tunnel, between a client and a server. One end point (client) is you at your office, and the other (server) is at the remote job site. Communication is encrypted – so only authorized devices can communicate over the VPN. 

With OpenVPN client server functionality, Contemporary Controls' EIGR-VB Gigabit IP can be configured as a wired bridge VPN server for single-site, remote access solutions. OpenVPNŽ is a well-supported open-source VPN technology that incorporates SSL/TLS security with encryption. This configuration allows systems integrators to set up and maintain their own secure remote access without subscription fees and without the need for a cloud-based VPN server.

Operating in OpenVPN server mode, the EIGR-VB supports bridge mode where up to 10 VPN clients (PC/Phone/Tablet) are bridged to the router's LAN side and assigned an IP address from the LAN subnet. This provides the same application experience as if the client devices were part of the EIGR-VB's LAN and allows passage of multicast and broadcast messages through the VPN tunnel without the need for a BACnet/IP Broadcast Management Device (BBMD).

2

Although the EIGR-VB has many of the same features found in high-end routers, it is simpler to install and commission. A resident DHCP server on the LAN-side will provide IP addresses to LAN-side clients, while a DHCP client on the WAN-side will accept IP address assignments from the attached network. Static addressing is accommodated as well. Configuration is via a web browser using authentication.

In addition to the BridgeVPN "self-hosted" solution, Contemporary Controls offers a Self-HostedVPN solution which allows network savvy customers to set up and maintain their own wired or wireless remote access for multiple clients – up to 15 wired/cellular IP routers in OpenVPN client mode and 15 OpenVPN clients on PC/tablet/phone.

Another alternative is a VPN service, such as Contemporary Controls' RemoteVPN subscription service, which provides secure communication and the convenience of remote access without having to maintain the VPN server.

Using the Internet for remote commissioning– either by subscribing to a VPN service or hosting a VPN server – gives systems integrators the flexibility to monitor and maintain systems from the convenience of their home or office which in turn saves time and reduces costs. 

 

Contributing editor

Kathy Neumeyer Technical Writer at Contemporary Controls

1
















footer


[Click Banner To Learn More]

[Home Page]  [The Automator]  [About]  [Subscribe ]  [Contact Us]

Events

Want Ads

Our Sponsors

Resources