Industrial Remote Communication: With SCALANCE and SINEMA Remote Connect

Industrial Remote Communication
With SCALANCE and SINEMA Remote Connect

Unrestricted © Siemens 2020 siemens.com/remote-networks
How to service the equipment «there», when you are «here»?
Use VPN-Tunnel for security connection to remote equipment
Page 3
VPN between two SCALANCE S/M
https://support.industry.siemens.com/cs/ww/en/view/99681360
Page 4
VPN between SOFTNET Security Client and SCALANCE S/M
Page 5
Access to the Internet
Provider networks
Phone Telephone modem
DSL DSL modem
Cable Cable modem
Internet
Mobile service
Mobile wireless provider
wireless
Satellite
Satellite modem
Page 6
SINEMA Remote Connect – supported devices
SCALANCE S
Article number
• SCALANCE S615 6GK5615-0AA00-2AA2
Hardware
• Rugged plastic enclosure for mounting on standard rail in S7-1500 design
• RJ45 port for Industrial Ethernet
- 4 x RJ45 ports with 10/100 Mbit/s, TP, auto-crossover for internal networks
- 1 x RJ45 port with 10/100 Mbit/s, TP, auto-crossover for external networks
• Diagnostics LEDs for modem status, field strength, connection control
• VPN status and DI/DO channels
• SET service button
• 4-pin, screw-type terminal for connection to the redundant 24 V DC supply voltage
• 4-pin, screw-type terminal for one digital input and one digital output
• Degree of protection: IP20
• Temperature range
Operation: -40 °C to +70 °C
Storage: -40 °C to +80 °C
• Relative humidity during operation (+30 °C): <95%
Page 7
SCALANCE SC
Article numbers
• SCALANCE SC632-2C 6GK5632-2GS00-2AC2
Hardware
• 2 or 6 x RJ45 port with 10/100/1000 Mbit/s
• 2 x SFP combo port with 100/1000 Mbit/s
• Diagnostic LEDs for port status, data rate, fault LED
• SELECT/SET button
• Redundant DC 24V voltage feed
• 2-pin, screw-type terminal for one digital input and one signaling contact
Operation: -40 °C bis +70 °C
Storage: -40 °C bis +80 °C
Page 8
SCALANCE M874-2 and M874-3: Hardware
Article numbers
• SCALANCE M874-2 6GK5874-2AA00-2AA2
• SCALANCE M874-3 6GK5874-3AA00-2AA2
Hardware
- 2 x RJ45 ports with 10/100 Mbit/s, TP, auto-crossover
• Diagnostic LEDs for modem status, field strength,
connection control, VPN status and DI/DO channels
• 1 x SMA antenna connection for a mobile wireless antenna
Page 9
SCALANCE M874-2 and M874-3: Properties
Communication
• SCALANCE M874-3
• Penta-Band UMTS/HSPA(+) with the frequency bands 800/850/900/1900/2100 MHz
• Quad-band GSM/GPRS/EDGE with the frequency bands 850/900/1800/1900 MHz
• High-speed communication via UMTS downlink: Up to 14.4 Mbit/s (HSDPA), uplink: Up to 5.76 Mbit/s (HSUPA)
• SCALANCE M874-2
• High-speed communication via GPRS/EDGE
Downlink: Up to 236.8 kbit/s (EDGE),
Uplink: Up to 236.8 kbit/s (EDGE)
• SCALANCE M874-2 and M874-3

• Automatic setup and holding of IP-based online connection to the Internet
• Merging of distributed, IP-based networks via the mobile wireless network by means of VPN technology
• Integrated security features with firewall and VPN (IPsec)
• Automatic and user-defined SMS dispatch
• C-Plug
Configuration via WEB interface

• Local LAN interface
• Remote access by HTTPS via radio interface GPRS, EDGE
• CLI
Page 10
Article numbers
• SCALANCE M876-3 6GK5876-3AA02-2xx2
• SCALANCE M876-4 6GK5876-4AA02-2xx2
Hardware
• Rugged plastic enclosure for mounting on standard rail
in S7-1500 design
- 4 x RJ45 ports with 10/100 Mbit/s, TP, auto-crossover
• Diagnostic LEDs for modem status, field strength,
connection control, VPN status and DI/DO channels
• 2 x SMA antenna connection for two mobile wireless antennas (antenna diversity)
Page 11
Communication
• SCALANCE M876-3
• Penta-Band UMTS/HSPA(+) with the frequency bands 800/850/900/1900/2100 MHz
• Dual-band CDM2000 with frequency bands 800/1900 MHz
• High-speed communication via UMTS / CDMA2000 downlink: Up to 14.4 Mbit/s (HSDPA),
3.1 Mbit/s (EV-DO) uplink: Up to 5.76 Mbit/s (HSUPA), 1.8 Mbit/s (EV-DO)
• SCALANCE M876-4 (EU)
• Pentaband LTE with the frequency bands 800/900/1800/2100/2600 MHz
• Tri-band UMTS with the frequency bands 900/1800/2100 MHz
• Dual-band with frequency bands 900/1800 MHz
• SCALANCE M876-4 (NAM)
• Pentaband LTE with the frequency bands 700/850/(AWS-1 1700/2100)/1900 MHz
• Tri-band UMTS with the frequency bands 850/(AWS-1 1700/2100)/1900 MHz
• Dual-band GSM with the frequency bands 850/900/1800/1900 MHz
• SCALANCE M876-3 and M876-4
• Merging of distributed, IP-based networks via the mobile wireless network by means of VPN technology
• Automatic and user-defined SMS dispatch
• C-PLUG
• Remote access via HTTPS through radio interface GPRS, EDGE, UMTS, HSPA+
• CLI
Page 12
Article numbers
• SCALANCE M812-1 6GK5812-1AA00-2AA2 for Annex A
• SCALANCE M812-1 6GK5812-1BA00-2AA2 for Annex B/J
• SCALANCE M816-1 6GK5816-1AA00-2AA2 for Annex Ar Annex A
• SCALANCE M816-1 6GK5816-1BA00-2AA2 for Annex B/J
Hardware
- 1 or 4 x RJ45 ports with 10/100 Mbit/s, TP, auto-crossover unmanaged port
• Diagnostic LEDs for modem status, connection control, VPN status and DI/DO channels
• 1 x RJ12 port for ADSL2+ connection
Page 13
Communication
• ADSL2+ - connection according to Annex A – specification (ADSL over POTS)
• ADSL2+ - connection according to Annex A – specification (ADSL over ISDN)
• Connection to public, wired provider networks
• High-speed communication via ADSL2+
Downlink: Up to 25 Mbit/s ,
uplink: Up to 1.4 Mbit/s
• PPPoE
• Also usable as ADSL2+-modem (M812-1 only) through the PPPoE pass-through function
• C-PLUG (M816-1 only)

• Remote access by HTTPS via ADSL interface
• CLI
Page 14
SCALANCE M826-2: Hardware
Article number
• SCALANCE M826-2 6GK5826-2AB00-2AB2
Hardware
- 4 x RJ45 ports with 10/100 Mbit/s, TP, auto-crossover managed 4-port switch
• Diagnostic LEDs for modem status, connection control, VPN status and DI/DO channels
• 4-pin screw-type terminal for connection to the redundant
24 V DC supply voltage
• 2 x 2-pin screw-type terminal for SHDSL connection
Page 15
SCALANCE M826-2: Properties
Communication
• SHDSL connections according to ITU standard G.9991.2
• Fast communication via SHDSL 2-wire copper cable
Data rate up to 15 Mbit/s,
At 1 km distance up to 10 Mbit/s),
At 10 km distance up to 1 Mbit/s
• Maximum range up to 20 km (depending on the quality and age of the cable)
• Automatic setup and holding of IP-based online connection
between two devices
• Merging of distributed, IP-based networks
via 2-wire copper cable with and without VPN technology
• C-PLUG

• Local LAN interfaces
• Remote access via HTTPS
• CLI
Page 16
Separate VPN connection with public IP for each automation cell?
Not useful concept !
Page 17
One VPN server with one public IP for all automation cells
Page 18
SINEMA Remote Connect: Remote maintenance with SINEMA
RC server, SCALANCE S615, M816-1, M874-3, M876-4
SINEMA Remote Connect – Client SINEMA Remote-Connect – server (on VM basis)
SINEMA Basic software packet including. 4 VPN connections and 1x RC Client
SINEMA RC
Remote Connect License upgrade of 64 VPN tunnel
Client
License upgrade of 256 VPN tunnel
License upgrade of 1024 VPN tunnel
KEY-PLUG Internet router

For user-friendly connection of the SCALANCE
S615 & SCALANCE M routers to the SINEMA
Remote Connect server
Internet connection
SCALANCE M816-1*)
SIMATIC S7-1500
Mobile
wireless
Internet network
router
Company
network
SCALANCE M876-4
SIMATIC S7-1200 SCALANCE S615 SIMATIC S7-300 SCALANCE M874-3

SIMATIC S7-300
*)
As from firmware V4.2
Page 19
Page 20
SINEMA RC Server software for server PC
6GK1720-1AH01-0BV0 https://mall.industry.siemens.com/spice/tstweb/#/New-Device/
Page 21
SCALANCE S or M + Key-Plug with client license
https://mall.industry.siemens.com/spice/tstweb/#/New-Device/
Page 22
SINEMA RC Client software for service PC
6GK1721-1XG01-0AA0
Page 23
Page 24
SINEMA Remote Connect
IP communication with source NAT in the remote subnet
TIA Portal and SINEMA

SINEMA RC Client Remote Connect
Internet router SCALANCE M/S615 S7-1500
Internet
IP = 192.168.1.254
IP = 192.168.1.10
OpenVPN OpenVPN
Without
Without default
default gateway
gateway
IP = 192.168.100.100
Src IP = 192.168.100.100 Src IP = 192.168.1.254 Src IP = 192.168.1.254

Dst IP = 192.168.1.10 Dst IP = 192.168.1.10 Dst IP = 192.168.1.10
Source NAT rule in the M800:

TIA Portal: S7-1500:
Incoming IP: 192.168.100.100
Sends IP packet Receives the IP packet
Outgoing IP: 192.168.1.254
Page 25
Setting up a secure VPN Connection between SINEMA Remote
Connect Client, SCALANCE S615 and SINEMA Remote Connect Server
Page 26
Setting up a secure VPN Connection between a Tablet (iOS),
SCALANCE S615 and SINEMA Remote Connect Server
Page 27
Remote access to Profibus or MPI networks
Page 28
Licensing and device activation - Where do I need what?
SCALANCE M router + KEY-

PLUG SINEMA RC
SCALANCE M router + KEY-

PLUG SINEMA RC
OpenVPN Client and users

must be created on the server
server with WIBU1) - licensing
the VPN end points
Licensing of the SINEMA RC
clients via Automation License
SCALANCE S615 + Manager (ALM)
KEY-PLUG SINEMA RC
SCALANCE SC-600
(SINEMA RC license included)
1)
© WIBU-SYSTEMS AG – German company for secure hardware
and software technology for Digital Rights Management (DRM) with
software
Page 29
SINEMA RC Starter Kits
Page 30
SINEMA RC Starter Kits
Page 31

Industrial Remote Communication: With SCALANCE and SINEMA Remote Connect

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Industrial Remote Communication: With SCALANCE and SINEMA Remote Connect

Uploaded by

Copyright:

Available Formats

Industrial Remote Communication

With SCALANCE and SINEMA Remote Connect

Phone Telephone modem

DSL DSL modem

Cable Cable modem

• SCALANCE M874-2 and M874-3

Configuration via WEB interface

Configuration via WEB interface

Configuration via WEB interface

Not useful concept !

KEY-PLUG Internet router

SIMATIC S7-1200 SCALANCE S615 SIMATIC S7-300 SCALANCE M874-3

TIA Portal and SINEMA

Src IP = 192.168.100.100 Src IP = 192.168.1.254 Src IP = 192.168.1.254

Source NAT rule in the M800:

SCALANCE M router + KEY-

SCALANCE M router + KEY-

OpenVPN Client and users

You might also like