Hi,
It has been difficult to purchase Wifi adapters for RIO units (specially in Chile) and I need to connect to them remotely. We have the IT network (10.x.x.x) and OT network (192.x.x.x). Which would be the best way to have both internet connection (for remote access and MQTT connection for monitor sensors) and OT connection (for modbus TCP sensors) wired?
I would put the Modbus devices and RIO behind a firewall with appropriate access rules setup.
Thank you for your reply @philip. I haven’t done it before. Is there a step-by-step guide or similar to help?
It depends on if the RIO is a master or a slave.
If you are running some Node-RED flows on your RIO that is getting data from a ModbusTCP device, then the traffic is outbound and no firewall rule is needed (just use a port higher than 1024 and change your Modbus device to match).
Don’t forget that you can use the physical Eth port on the RIO to your OT devices and VPN to your IT network. We have a lot of customers doing that (not the least because ‘industrial’ and Wifi don’t really go in the same sentence).
Hi @Beno, Yes I am actually getting data with Node-Red and sending it with MQTT. When you say “use VPN to the IT network”, is the following picture what you mean?
If so, should I keep it automatic (DHCP)?
PD: I have just realized yesterday was 4th of July, sorry for bothering you on Holiday.
The RIO network ports are configured as a 2-port switch.
The one IP address for both ports.
We built it that way because we had (and still have) many requests to be able to daisy-chain RIOs with any existing network infrastructure.
VPN is a Virtual Private Network.
Your IT department probably runs a VPN server that can be accessed from anywhere in the world.
Connect the ETH interface on the RIO to any network that has a gateway, and it can connect to that VPN server.
Thus, you can access your Modbus devices via physical Ethernet (OT) and publish the data from the RIO via the gateway on the OT network.
For the remote access to the RIO you would use the VPN.
Since MQTT is outbound, you don’t need remote access to see that data. Simply subscribe to the topic on the broker, and you will have the data.
Here is a diagram from our training class that might help.
PoE is optional, of course; you can use a 10 to 30v DC power supply if not using PoE.
That diagram helps a lot. Thank you
Our guide to networking groov products might be really helpful to flick through…
https://www.opto22.com/support/resources-tools/documents/2161-guide-to-networking-groov
