- Register


Home>IIot & Smart Technology>Connectivity>Industrial remote access gateway
Home>IIot & Smart Technology>Networks>Industrial remote access gateway

Industrial remote access gateway

16 December 2022

BUILDING ON the successful Cosy 131, the Cosy+ industrial remote access gateway from Ewon is reported to incorporate some of the most advanced security technologies in automation devices.

Industrial remote access makes it possible for support teams from both machine builders and machine users alike to connect securely to remote PLC-based equipment through the Internet.

As an essential first step towards digitalisation, remote access allows plant managers to move from a reactive to a proactive support model. Remote troubleshooting enhances efficiency, improves sustainability and reduces costs.

Once a remote connection to a machine (or fleet of machines) is established, the machine can be reprogrammed/configured or have its data extracted data may be securely and analysed for purposes additional to troubleshooting, such as improving machine performance and optimising the productivity of machine operators.

Highest level of security

The Cosy+ incorporates an unprecedented level of hardware and firmware security. Establishing successful industrial remote access to any equipment relies on two main components:

  • A global connectivity cloud service
  • A hardware gateway placed inside the control panel of the equipment.

Through Ethernet, serial or USB interfaces, Ewon's Cosy+ industrial gateway establishes a secure VPN connection between the machine (such as a PLC, HMI, or other device) and the remote engineer. The connection happens through Talk2M, a highly secure industrial cloud service, which is free of charge, including its desktop, mobile and web clients. To establish a secure outbound VPN connection to Talk2M, Ewon’s industrial cloud service, devices also connect to the Internet via an Ethernet, WiFi or cellular network.

Because the setup requires no advanced IT knowledge, the Cosy+ may be deployed quickly: it comes with an eCatcher “setup wizard” which will guide the user through a few simple steps to generate a configuration file. This can then be applied automatically to an Ewon gateway via a PC to USB connection or ported via a USB stick or a SD card.

Full integration of IT security standards means minimal or zero IT changes are required. Both the Talk2M cloud and Cosy+ gateways are certified to ISO 27001. Ewon also works closely with the independent cybersecurity firm NVISO to ensure its solution is adapting to the evolving security landscape.

Authorised users simply log in to their Talk2M account using eCatcher client software, and remotely connect in a few clicks to any of their automation devices for monitoring or maintenance purposes. The Talk2M service acts as a secure platform, which completes the encrypted VPN tunnel between the user and the remote equipment.

The Ewon network is designed to be as unobtrusive as possible to the existing local network and IT policies. It uses encrypted OpenVPN outbound connections through standard authorised ports in firewalls and proxy servers and therefore requires no changes in the IT configuration.

Using only outbound connections, the gateway does not require a public IP address and is therefore not visible or accessible from the Internet, avoiding any additional risk of external attack.

ISO 27001 certification

ISO/IEC 27001 is one of the best-known standards in the IT sector. ISO 27001 is not just a certification, more a corporate culture. It includes requirements for an information security management system (ISMS). HMS develops the Ewon range in compliance with the ISO 27001 standard.

Using guidelines derived from ISO27002, IEC 62443-2-4 and NIST Cybersecurity Framework 1.0, Ewon has developed a managed, hybrid, layered cybersecurity approach to protect devices, networks and - most importantly - industrial control systems.

Legacy equipment

While earlier versions of Ewon gateways will no longer be manufactured, they will continue to be supported on older installations. The latest version of Cosy+ will be installed on all new machines and control devices, while owners of legacy machines are encouraged to upgrade to take advantage of the higher levels of cybersecurity and additional functionality.

Early adopters

"The Ewon Cosy+ suited Optimarin perfectly when looking for a remote access solution in our digitalisation add-on feature. The Ewon Cosy+ provides us with the necessary confidence when it comes to security, scalability and ease of use. It has proven to withstand the harsh forces a maritime environment can cause. Additionally it is sufficiently customisable to meet our needs of today and tomorrow."

Ingve Risa, System Engineer, Optimarin (Sandnes, Norway)

“During the Pandemic, we’ve seen service costs significantly decreased by implementing the Ewon Cosy, especially during the commissioning process. Customers now assume commissioning can be done remotely.”

Dan Loney, Product and OEM Engineering Manager, Egan

Cosy+ features in Summary:

Benefits of industrial remote access
•    Minimise downtime through fast remote support
•    Avoid unnecessary service trips
•    Improve engineers’ well-being and productivity

State-of-the-art security
•    New generation of devices with built-in Hardware Security
•    Proven security posture with ISO 27001 certification and cybersecurity partnership with NVISO
•    Machine LAN segregation to ensure that remote users can only access the target equipment
•    Local control of the remote connectivity by the end-user, with an external key switch
•    Increase safety with the digital output indicating an active remote connection

No IT skills required
•    Straightforward setup, to make any machine IIoT-ready in a matter of minutes
•    Non-intrusive outbound connections, requiring no change on the existing network
•    Immediately setup via a free Talk2M account
•    Reach equipment in two clicks
•    The Talk2M industrial cloud service allows all machines and collaborators to be managed from a single location

Worldwide connectivity through Talk2M
•    Global and reliable infrastructure, with an extensive Service Level Agreement
•    Scalability: add more devices and users at any time
•    Connect from any device, with free desktop, web and mobile apps
•    Email and SMS relay services, to receive notifications from the machine
•    Traceability of all remote activity through detailed logs and reports

Security features of the Cosy+ in summary:

Trusted chain from Hardware to the Cloud:
•    Built-in Secure Element chip, to protect secrets and provide a Hardware Root Of Trust
•    Birth certificate, to prevent cloning and counterfeiting
•    Secure boot sequence, to ensure that only code signed by Ewon is executed
•    Strong encryption of all communications with Talk2M

Proven security posture:
•    ISO 27001 certification & cybersecurity partnership with NVISO
•    Solution based on the latest open standard technologies
•    Non-intrusive outbound connections, requiring no change on the existing network
•    Machine LAN segregation to ensure that remote users can only access the target equipment
•    Traceability of all remote activity through detailed logs and reports
•    Local control of the remote connectivity by the end-user, with an external key switch
•    Increased safety, with the digital output indicating an active remote connection