configured with much better documentation.

Depending on the location,

there may need to be different methods required. Following are four
different methods to reach the desired devices:

1. Leveraging modern layer 3 switch capabilities

2. Cellular connections
3. A specialized device to provide connections to target devices or networks
4. Creation of a separate Remote Access VLAN

These examples, initially covered by the Opx Leadership Network in their

“Remote Equipment Access Options Analysis” report, are covered in more
detail below.

1. Converged networks: Leveraging the switch Infrastructure

to gain access to plant floor devices
The challenge in deploying any Remote Access solution reliant on the
OT network is that many existing network environments are not well
understood. While some plants may be fully compliant with network
standards such as CPwE (Converged Plant-wide Ethernet) and fully
documented, others which are older or smaller cannot justify the cost of an
upgrade and may have networks and assets that are 20 years old.

Using the switch infrastructure for remote connections at lower

manufacturing networks levels will require more reliance on these
networks. Their individual configurations will also require knowledge of the
path to the IT firewall and incorporation of the device to the firewall rules.
If these connections pass through other layer 3 switches it may also require
a rule set to enable the connection through these switches. Download
activities may create bandwidth problems, especially on networks where
real-time responses are needed.

2021 I Practical Guide for Remote Access to Plant Equipment 67