Now your machine can talk!

  

In a world with global competition where customers compare prices, uptime and productivity and place increasingly stringent demands on service, machine builders and OEMs are confronted every day with a difficult challenge: how to offer best-of-class service with qualified staff while keeping support costs within acceptable limits.

  
Faster online setup, higher bandwidth, reliable communication, attractive pricing and more: with eWON industrial routers and Talk2M, machine builders and OEMs have a turnkey remote access solution that lets them take advantage of the worldwide availability of the Internet.  

ABB Robotics selects eWON industrial router to deliver remote service on a global scale	eWON industrial router monitors wind turbines on Bali and Sint Helena
Talk2M, a new approach to the remote maintenance of cyclotrons for IBA	Remote maintenance of gas turbines thanks to eWON industrial router and Talk2M

Because it is scalable and easy to deploy, Talk2M adds value instantaneously to the machines, allows machine builders and OEMs to concentrate on providing core support value to their customers, and creates opportunities for new revenue streams from service contracts, machine benchmarking, and warranty extensions. 

To provide support for critical machines, eWON technology provides a state-of-the-art solution for secure remote access via the Internet: Talk2M. It can be used to enhance customer support, configure remote diagnostics, and advance preparation of maintenance activities. By cutting down travel expenses, you reduce your cost of service. 

Talk2M helps machine builders to revolutionize their customer service

With just a few clicks, Talk2M lets you connect to any eWON industrial router with access to the Internet. Configuration is performed by wizards designed to eliminate the need for specialized IT knowledge, even though Talk2M is based on sound security mechanisms and tunneling capability.   

Even after the machine has been installed at the customer site, Talk2M and eWON routers enable machine builders and OEMs to obtain instant access to their machines anywhere and anytime. 
   

Seven good reasons to use the Talk2M service together with eWON industrial routers for remote access and service operations are presented below.

1. Straightforward setup and use

Talk2M is designed to operate with a minimally intrusive architecture. This means that the VPN protocol must be able to adapt easily to existing IT infrastructures and security configurations, such as the outgoing ports enabled in firewalls. Consequently, it typically uses the HTTP and HTTPS ports, which are usually enabled. 

Available as an SaaS (Software as  a Service), Talk2M does not require any extensive IT knowledge. Talk2M provides a scalable, high availability remote access platform without requiring users to deal with the technical aspects of implementing remote access over the Internet. Our technology enables you to achieve perfect integration with existing networks.    

2. Efficient secure connections

Security is Talk2M’s top priority. Our solution employs the same high security levels used by banks, financial institutions and secure online shopping sites. The integrity of the customer’s data is never at risk. The VPN protocols used by Talk2M are based on Open SSL and Open VPN.

3. Broadband and mobile communications over the Internet

Early users of remote connectivity systems often had to struggle with sluggish links and time-consuming, inefficient downloads. Thanks to modern technologies and the phenomenal growth of high-speed Internet services, these problems have become a thing of the past. Talk2M is designed to address the growing need for broadband access and offers 3G (UMTS), 3G+ (HSDPA/HSUPA), ADSL and LAN connection options.   

4. Traceability

Connections are logged to provide traceability in case of any subsequent need to investigate what happened during a session.

5. Scalable, high-availability architecture  

Talk2M is designed with scalability and availability in mind. Talk2M provides scalability up to 100,000 nodes and around-the-clock availability with maximum reliability. Servers are protected against failure by failover and replication technology. Talk2M is an industrial-grade service, which means that eWON can provide 24/7/365 service for servers and customer service.

6. SaaS (Software as a Service) model

Talk2M services are hosted by professional organizations whose core activity is web hosting. Depending on the Talk2M services used, these hosted services are provided on the basis of a service level agreement (SLA) that assures the customer of the business continuity of the services. 

The Talk2M SaaS solution is an all-inclusive solution in term of budgetary costing, so customers always know what they have to pay. This approach eliminates hidden costs and enables machine builders to estimate the total cost of ownership (TCO) with greater insight. 

Finally, SaaS gives users a plug-and-play solution that is decentralized and can be deployed very quickly. It can be scaled to meet even the most demanding customer requirements in terms of the number of connections, and web hosters can provide resources (servers) to enable quick fulfillment of connection requests. 

7. Multi-PLC connectivity

Depending on customer requirements, modern machines may incorporate PLCs from several suppliers and a variety of communication protocols. Managing several types of remote access tools increases complexity, which is where eWON technology comes to the fore. Fully compatible with PLCs from leading international manufacturers, Talk2M and eWON create a new playing field for PLC remote connectivity. They provide a uniform remote access solution for all types of machines. At every step of the process, Talk2M and eWON make your job easier. 

Improve your remote diagnostics

Remote machine diagnosis enables initiation of the best course of action for problem resolution. When your service department is troubleshooting a problem or unusual behavior in a machine controlled by a PLC, it is often difficult or even impossible to correct the problem if it cannot be reproduced by the service staff. In the worst case, on-site service by a local technician may be necessary to identify the problem, with all the associated communication problems and language difficulties that may arise with the mechanical engineer or maintenance technician. Sounds familiar?

With Talk2M, you can pinpoint problems in automated devices quickly without interfering with their operation. 

Reduce your total cost of service  

 
With the changing economic situation, we see cost sensitivity being driven more and more by increased competition. With the purchase price representing only 40% of the typical total cost of machine ownership, effective planning and scheduling are critical processes for an efficient and cost-effective service organization. Studies show that service costs can be reduced by as much as 50% by eliminating emergency service calls. In addition, with the downsizing of corporate engineering departments, it is essential to reduce the number of field service calls that have to be handled by a limited team, which is responsible for more and more machines.   

Demonstrate value to your customer   

Keeping up with a globalized market and the around-the-clock world of continuous production has never been easy, but customers are now demanding this more then ever. In light of the cost of shutting down a production line, the Talk2M remote access solution offers a rapid return on investment. Being able to provide immediate response translates into quick restoration of normal operation and productivity optimization for your customers.  

Improve product management  

Improving product management and machine engineering is the joint responsibility of the R&D and customer service departments. Implementing Talk2M enables your customer service department to acquire useful information. Monitoring how customers use their machines gives machine builders a more accurate idea of their markets. This knowledge can be translated into machine re-engineering and new product development.    

Create service revenue

Talk2M lets your organization rethink its customer service approach and convert it from a cost center to a profit center. Supported by the implementation of Talk2M, you can over a variety of service agreements, ranging from simple on-demand service to an extended, full warranty package.

1. What is Talk2M?

Talk2M comprises connectivity services based on a hosted web application designed to connect users to their machines via the Internet. This hosted application acts as a broker and relays the communications originated by the users to their machines. It is intended to be used in the industrial automation sector.

2. How does Talk2M work?

Talk2M uses virtual private networks (VPNs) and tunneling. Talk2M accepts connections from users as well as from their machines, so both parties can exchange data using tunneling technology.

3. What are VPN and tunneling?

VPN (virtual private network) and tunneling are techniques that allow you to encrypt data links between yourself and another (remote) computer. This computer might belong to your organization, a trusted person or organization, or a commercial VPN service. Tunneling encapsulates a specific stream of data within an encrypted protocol, making everything that travels through the tunnel unreadable to anyone along the transmission path. Using a VPN or other form of tunneling to encrypt data can be a good way to ensure that it is will not be seen by anyone other than you and people you trust.

4. The Talk2M service is hosted on the Internet. This means that anyone in the world can access the machine in my factory.

Each eWON industrial router connected to your machine connects exclusively to the Talk2M server. An authentication mechanism ensures that each eWON industrial router talks to the Talk2M server that has the same key. A similar mechanism ensures that each user can only communicate with a specific eWON industrial router. All data exchanged via the Talk2M server and the Internet is encrypted, so the data remains secure.

5. The Talk2M service allows connections to be made from the Internet to my factory. This means I need to reconfigure my firewall to enable a port, but I don’t intend to do this.

Talk2M tunnels are initiated by eWON industrial routers and use only outgoing connections. No incoming connections are made (in other words, the Talk2M server does not initiate tunnels), so no ports need to be enabled in your corporate firewall for incoming connections. In addition, Talk2M is designed to be minimally intrusive. This means that it tries to use outgoing ports that are already enabled, which are usually the HTTP port (80) and the related secure HTTPS port (443).

6. What are the VPN protocols used in Talk2M?

The Talk2M VPN protocols are Open SSL and Open VPN Version 2.

7. The Talk2M system does not use the IPSec protocol, which is the ICT standard for VPN security. Why not?

There are two reasons why the IPSec protocol was not chosen for implementing VPNs and tunneling with Talk2M.

Design reason:

The IPSec protocol is based on OSI layer 3, the network layer. It is designed to protect IP packets exchanged between remote networks or hosts and an IPSec gateway located on the edge of your private network. The Open VPN protocol is based on OSI layer 7, the application layer. It protects application streams sent from remote users to an SSL gateway. In other words, IPSec connects hosts to complete private networks, while SSL VPNs connect users to services and applications inside these networks, which is the usual situation for accessing machines remotely via local networks.

Technical reason:

One of the goals with Talk2M was to design a minimally intrusive architecture, which means that the VPN protocol needs to be able to adapt easily to existing outgoing open ports available in the firewall. The Open VPN protocol makes it easy to switch to different IP ports, and it typically uses the HTTPS port (443). IPSec uses predefined IP ports (UDP 500 and 4500). Using IPSec would require machine buidlers and OEMs who want to use Talk2M to be much more involved in the configuration of their customers’ network protection systems in order to ensure that the Talk2M system works properly.

8. The eWON industrial router is connected to the factory LAN. This means that the machine manufacturer can access all the PLCs and IP devices in the factory.

The point-to-point Talk2M tunnel links the Talk2M user to a specific eWON industrial router attached to the machine control panel. The eWON industrial router can be configured so that only devices connected to the (green) LAN ports of the eWON device can be accessed remotely.

9. A Talk2M tunnel can be configured to be always on. This means that the machine builder can access the PLC and make changes without my knowledge.

It is possible to configure the eWON industrial router with a switch connected to the eWON digital input so the VPN connection can be enabled or disabled. A digital output is also available to control a relay that can be used to physically decouple the Ethernet port from the corporate network.

10. There are some devices connected to the (green) LAN ports of the eWON industrial router which I do not want to be remotely accessible, for security reasons. How can I manage this?

Each device connected to the green VPN ports of the eWON industrial router is configured with an IP address, a subnet mask, and a gateway address. If the gateway address configured for a device matches the IP address of the eWON industrial router, this device will be accessible. If the gateway address does not match the IP address of the eWON industrial router or is blank, the device will not be accessible.

11. What happens if the Talk2M services are discontinued?

The Talk2M services are owned and operated by eWON, which produces the gateway devices. The Talk2M Free service can be used at no charge and is financed by sales of eWON industrial routers. For customers that require operational continuity of service, Talk2M Pro (which is based on a mission critical host architecture) ensures 99.6% operational continuity over one year with a maximum out-of-service interval of 4 hours.

12. I always install a PC on the machine and use software on this PC, such as PCAnywhere, to access the machine. Why is Talk2M better?

Talk2M only needs an eWON industrial router at the machine instead of a fully functional Windows PC. An eWON industrial router is more reliable than a PC, since it has no moving parts and no hard disk, and it is less likely to be tampered with by engineers. A Windows PC also has a higher total cost of ownership (TCO), estimated to be three to five times greater than an eWON industrial router. In addition, a PC is vulnerable to viruses and thus needs antivirus protection, further increasing the TCO. An eWON industrial router can also communicate with the machine and send alarms and data back to headquarters.

13. What do I need at the machine site in order to use the Talk2M system?

All you need is an eWON industrial router with VPN and Internet access via your LAN or a dedicated line with a built-in modem (ADSL, GPRS/EDGE/3G, or PSTN). If you use a LAN, it should allow users to browse on the Internet from their network (in other words, using HTTP and HTTPS).

14. What factory network information is needed on site to allow an eWON to be fitted to a machine?

If the eWON industrial router uses the customer LAN to connect to the Talk2M system, it needs the same settings as a PC connected to the same network (IP address, subnet mask and gateway, plus any proxy settings). The eWON industrial router is also a DHCP client, so it can be assigned an address automatically.

15. How often does Talk2M go offline for maintenance or upgrades?

Talk2M service is subject to occasional planned maintenance. Users are informed of these activities in advance by e-mail.

16. What security protocols or level of security does Talk2M technology provide?

Talk2M uses several levels of security. Users and eWON industrial routers are authenticated by the Talk2M server using SSL/TLS for session authentication and the IPSec ESP protocol for secure tunnel transport over UDP. Talk2M supports the X509 PKI (public key infrastructure) for session authentication, the TLS protocol for key exchange, the cipher-independent EVP (DES, 3DES, AES, BF) interface for encrypting tunnel data, and the HMAC-SHA1 algorithm for authenticating tunnel data

17. Are there any HTTP proxies that may not be compatible with Talk2M or supported by Talk2M ?

There are presently some proxies that may not be supported due to their authentication mechanisms. The known proxies in this category are:

• Kerberos authentication
• Digest access authentication

18. If I decide to use Talk2M, what ports do I need to open if all my firewall outgoing ports are closed?

Talk2M is designed to be minimally intrusive. It is based on the Open SSL/Open VPN protocol, so its base port is UDP 1194. However, eCatcher and the eWON industrial router check to see whether the UDP 1194 port is open in outgoing mode before they connect to the Talk2M server. It is usually closed, so Talk2M technology is designed to use the HTTPS port (TCP 443) as an alternative, since it is considered to be more widely used than the Open VPN port. This means that if no outgoing communication ports are open on your company firewall, you need to open at least the HTTPS port (TCP 443) in outgoing mode.