Control Network Newsletter

Newsletter Archives

Remote Your JACE...Securely

Remote Your Jace

Remote access to a device can be very handy in troubleshooting your customers issues quickly. It saves time by eliminating the need to go to the site. It can also be used to constantly monitor and tune the setup. This generally involves talking to the IT department and asking them to open ports in the firewall for the required service and forward to a specific device. This is called Port Forwarding. Every service requires a different port and the IT department is not generally happy to poke holes in the firewall. Another issue is the need for a static IP for the firewall router. The use of RemoteVPN, a secure VPN service from Contemporary Controls along with the EIPR-V router eliminates the need for a Static Public IP address and the need for Port Forwarding. All the traffic can be tunneled through the VPN over a single port. Best of all, it is also encrypted!

The EIPR-V is a VPN router that connects to the RemoteVPN and provides secure access to the LAN side devices. This LAN side device can be a JACE. You can connect to the webpage of the JACE or connect to it via Workbench to update the program running in the JACE. You can also run BACnet discovery on the JACE to see the connected devices. All this can be done without the need to open BACnet UDP ports, HTTP port or the port for the SOX protocol.

The JACE has two Ethernet ports – primary and secondary. When packets traverse through an IP router to reach a device on a different subnet, the device needs to have its gateway address set for the IP address of the router so the responses can traverse back through the IP router to the originating subnet. This works fine if the JACE is only communicating with other devices on the same local subnet and not using the gateway address setting. The secondary port on the JACE can then be configured for a different subnet that is used on the EIPR-V router LAN side and the JACE gateway address can be set for the router LAN IP address. But what if the JACE is already accessing controllers that are on a different subnet and the gateway address on the JACE cannot be changed? The RemoteVPN/EIPR-V provide the IP masquerade feature to resolve this issue. The EIPR-V forwards the remote message to the JACE by changing the packet to the local subnet for the JACE secondary port. The JACE sends the response back to the IP router on the local subnet (without the need for a gateway address) and the IP router sends it back to the originating site via the secure VPN. The primary Ethernet port can stay on the control network and the secondary port on the JACE can be used for secure remote access with minimal setup.

Learn more on the EIPR-V product page.

 

Previous Story Next Story