As discussed in our network coverage section, additional complications arise

from non-routable networks, where network address translations (NATs)

are required due to IP address conflicts. These individual connections will
become a more significant challenge to manage as more are added or if the
network infrastructure goes through upgrades or configuration changes.

Best Practice: Where practical, consider structuring a separate

VLAN in your converged network architecture that allows
Remote Access to be isolated from other network traffic.

When implementing new network installations, it would be cost-

effective in the planning process to create a separate network for
Remote Access. Switch technology has improved and can provide the
core infrastructure at the wide-area network (WAN) level.

2. Cellular connections and a balance of convenience vs. security

The use of interface devices that can connect plant floor equipment to a
cellular link is growing. The main benefit is bypassing the LAN or WAN by
directly linking the device to a cellular connection. It is a portable solution
that can be deployed easily and quickly.

Many IT departments and cybersecurity companies see this as a significant

risk. In most cases, the connection bypasses the IT network security and
directly connects to the outside world.

The reason for its popularity is that, in many cases, it is the only method to
connect a device for remote support. In some cases it is due to its isolation,
in which there is no other way for the connection to get on to other
networks. In the case of mobile equipment, it may also be impractical to

2021 I Practical Guide for Remote Access to Plant Equipment 68