What is the eWON?
eWON is a remote access router/gateway that is used with a web server (Talk2M), designed for OEM’s to connect to user machines via the Internet. This hosted application acts as a secure broker and relays the communications originated by the OEM to the user’s site via an encrypted VPN tunnel. It is designed for and intended to be used in the industrial automation sector.
What is VPN and tunneling?
VPN (virtual private network) and tunneling are techniques that allow encrypted data links between your location and another (remote) computer. Tunneling encapsulates a specific stream of data within an encrypted protocol, making everything that travels through the tunnel unreadable to anyone along the transmission path. Using a VPN or other form of tunneling to encrypt data is a good way to ensure that data will not be seen by anyone other than you and people you trust.
What do I need at the machine site in order to use the Talk2M system?
All that is required is an Internet connection via your LAN (Local Area Network). Your LAN (connected to the WAN port of the eWON) should have permission to allow users to browse the Internet. The eWON uses this LAN to connect to the Talk2M server. The eWON needs the same type of settings as a PC connected to the same network (IP address, subnet mask and gateway, plus any optional proxy settings). The eWON is a DHCP client, so it can be, and typically is setup by the OEM, to be assigned a LAN IP address automatically. Unlike other VPN access schemes, the eWON needs NO SPECIAL PORTS OR FIREWALL SETTINGS to work. The assigned IP actual address is not restricted in range, nor does not even need to be known.
What if I cannot use DHCP Addressing?
The eWON can be set up to use a STATIC IP address that is assigned and controlled by the IT department. Also as previously noted, the eWON can work with most proxy servers, if required.
The Talk2M service is hosted on the Internet. Can anyone in the world can access the machine in my factory?
NO! Each eWON connected to your machine connects exclusively to the Talk2M server. An authentication mechanism ensures that each eWON talks only to the Talk2M server, and only those authorized users that have the same 32 character encryption key. This ensures that an authorized user can only communicate with a specific eWON. All data exchanged via the Talk2M server and the Internet is encrypted, so the data remains secure.
The eWON is connected to my LAN. This means the OEM can see my entire network?
NOT TRUE! Each eWON is a router/gateway device that only allows traffic to the machine side (sub-net LAN) or the area enclosed in green with the four (4) ports. The WAN side of the eWON only connects exclusively to the Talk2M server.
What does my IT department need to do to use the eWON?
Typically nothing! Talk2M tunnels are initiated by the eWON and use only outgoing connections. No incoming connections are made (in other words, the Talk2M server does not initiate tunnels), so no ports need to be enabled in your corporate firewall for incoming connections. In addition, Talk2M is designed to be minimally intrusive. This means that it uses the outgoing ports that are already enabled, which are usually the HTTP port (80) and the related secure HTTPS port (443) or UDP port 1194.
A Talk2M tunnel can be configured to be always on. This means that the machine builder can access the PLC and make changes without my knowledge?
It is possible to configure the eWON with a switch connected to the eWON digital input so the VPN connection can be enabled or disabled. A digital output is also available to control a relay that can be used to physically decouple the Ethernet port from the corporate network. Also, if a static IP is assigned, it can be controlled by the IT department. Lastly, unplugging the WAN port denies all remote access.
You can discover more about eWON by contacting Standard Electric Supply Co (servicing Wisconsin, Illinois and Indiana) at 800-776-822 www.standardelectricsupply.com or www.ewon.us
It is possible to configure the eWON with a switch connected to the eWON digital input so the VPN connection can be enabled or disabled. A digital output is also available to control a relay that can be used to physically decouple the Ethernet port from the corporate network. Also, if a static IP is assigned, it can be controlled by the IT department. Lastly, unplugging the WAN port denies all remote access.
You can discover more about eWON by contacting Standard Electric Supply Co (servicing Wisconsin, Illinois and Indiana) at 800-776-822 www.standardelectricsupply.com or www.ewon.us
