Getting around Vision network security issues?

[Ausman]

Hi all, Vision has an innate problem of being an older system, and the Creators are not really bothering to upgrade the O/S to accommodate more modern needs.  They have Unistream.  This has been discussed in various topics, including a recent one with myself and JoeT having a chat at the bottom of "Bit to Display".  I am faced with big dilemmas owing to very complex programs in Vision that work very well, possible expensive changes needed to keep things secure, along with a totally new, large learning curve if I had to shift everything to Unistream.  It is a very big can of worms that will quickly turn into a 44 gallon drum full of tiger snakes.  (Look them up if you aren't an Aussie!)

So I'm throwing up the question of possible ways around the issue of not being able to do https etc.  I don't know enough about how networking and security protocols are actually implemented to see if simple solutions are possible.  I have seen some devices (eg Dan B uses Ewon Flexy as an "intermediary connection") that may possibly offer a solution, but most of these seem to need some sort of Cloud usage/remote master server, and that to me totally defeats the purpose of having a secure connection in the first place if it is essentially working along the lines of a lot of IoT.  I want something that will simply go direct b/n the plc and the remote user, but do it over a secure connection.

My ponderings have left me wondering how secure would a connection be if you used a serial to ethernet converter, with the converter set up to be a secure connection?  So instead of using the non-secure ethernet connection on the Vision, you use the serial port and the converter does it's stuff.  (I have successfully trialled/used such a converter in the past, but only along the lines of not having an onboard network connection.)  This gets back to my lack of knowledge.....does something essentially communicating non-securely, but being sent through a secure connection make the entire thing secure?  Or is it all related to the capability of the "endpoints" (for want of a better word) and if they are non-secure is the entire thing compromised?

If the serial to ethernet way is totally secure, it might be a relatively simple and cheap way of getting around the issue.

More info and ideas please from those with knowledge!  Along with possible units to use if the idea has merit.

cheers, Aus

 

[Cam]

Why not set up a dedicated VPN for the PLC and remote user??  You my have to invoke the customers IT department but that would be secure and they may already have the infrastructure in place to do it.

 

[Ausman]

I guess that relates to a missing part of my question Cam, as I'm not only referring to doing remote connection, I'm also relating to using emails etc.  For instance, I can't see that a VNC is going to change Google's reaction to an email connection request from a Vision.  (But again, I'm not cluey enough about the total ins and outs of how networking works...I know a bit , but am no expert.)  I'm really trying to see if there is anything out there that will convert the entire plc connection activity into a secure link that the world will be ok with.  That's why I was wondering about the merits of a specialised serial to ethernet converter, or another piece of hardware, that does what I want by simply converting everything into a secure link.   A dedicated mini PC etc sitting there that is then accessed remotely might be a solution, but that in itself is another awkward to maintain, extra complexity and ($s) problem.

cheers, Aus