Secure Remote Access for Your IoT Gateway and PLC via RobustVPN

This guide explains how to get secure PLC remote access using your industrial IoT gateway and the RobustVPN service. For machine builders, "truck rolls" to service remote equipment are a massive drain on profit. By using a Robustel IoT Gateway as a plc remote access gateway, you can leverage the RCMS cloud platform to create an on-demand, secure VPN tunnel. This allows your engineers to open TIA Portal or Studio 5000 from their home office and securely program or troubleshoot any PLC, anywhere in the world, as if they were plugged in locally.

Let's be blunt: a "truck roll" is a polite term for a massive business failure.

You're a machine builder (OEM). Your machine is at a customer's factory in another country. It stops working. Your customer is down, losing thousands of dollars an hour. You have two options, both terrible:

1. The $5,000 Gamble: You fly your top engineer to the site, spending $5,000 on flights and hotels, only for them to plug in, open TIA Portal, and discover the fix was a one-line code change that took 10 minutes.
2. The "Insane" Option: You convince the customer's IT team to "port forward" the PLC to the public internet. This is so catastrophically insecure it's bordering on negligence. Your PLC, which has no firewall or password, is now visible to every hacker in the world.

This is the central pain point of modern industry. You need secure remote access, but traditional IT solutions are complex, and insecure solutions are unacceptable. This is why tools like HMS Ewon became popular—they provided a simple, secure tunnel.

But what if your IoT Gateway—the same device you're already using for data collection—could do that and more, all in one box? This is where RobustVPN and the modern IoT Gateway come in.

RobustVPN is a powerful, secure VPN service built directly into our Add One Product: RCMS cloud management platform. It is not a complicated IT project; it's a simple, click-to-deploy tool.

Think of it as a secure, on-demand "matchmaking" service.

• Your IoT Gateway in the field establishes a permanent, secure outbound connection to RCMS. It sits there, quietly and securely managing your machine's data.
• Your engineer, at their home office, needs to access that machine.
• The engineer logs into RCMS and clicks "connect."

RobustVPN creates a secure, encrypted, peer-to-peer OpenVPN tunnel between your engineer's laptop and that specific IoT Gateway. It's like a magical, on-demand Ethernet cable that stretches 10,000 miles.

Let's make this real. Your engineer needs to program a Siemens S7-1500 PLC (at IP 192.168.1.10) that is connected to the LAN port of your remote IoT Gateway.

1. Engineer (Home): Logs into the RCMS web platform. They see a list of all their IoT Gateway devices.
2. RCMS: The engineer navigates to the RobustVPN tab and adds their PC as a "Client." They also add the "Remote PLC Line 1 IoT Gateway" to the same VPN group.
3. Engineer (Home): They download the pre-configured RobustVPN client software from RCMS (a simple OpenVPN client) and click "Connect."
4. The "Magic":RCMS authenticates the engineer and the IoT Gateway, then securely bridges them. The engineer's laptop is now on the 192.168.1.x virtual network.
5. Engineer (Home): They open TIA Portal. They click "Go Online." TIA Portal scans the virtual network and finds the PLC at 192.168.1.10.
6. Done. The engineer is now online with the PLC, debugging code and monitoring tags as if they were plugged in locally. No firewall changes. No port forwarding. No security risk.

This entire process turns a 3-day, $5,000 service call into a 15-minute remote session. This is the real ROI of a modern IoT Gateway platform.

This "One-Box Solution" is the ultimate hms ewon alternative. The Ewon is a fantastic plc remote access gateway. But it's just an access gateway.

If you use a dedicated remote access box (like an Ewon Cosy), you still need a separate IoT Gateway to handle your modern data collection (like Modbus/S7 to MQTT) for cloud analytics. You now have two boxes, two SIM cards, two data plans, and two platforms to manage. It's expensive and complex.

A Robustel edge computing gateway (like the EG5120) is designed to do both jobs in one box.

• Job 1 (Full-Time): It acts as a powerful IoT Gateway, constantly performing PLC data collection and translating it to MQTT for your cloud dashboards.
• Job 2 (On-Demand): It sits ready to act as your secure remote access point via RobustVPNat the exact same time.

This consolidation is the key. Your IoT Gateway is no longer just a data pipe; it's your all-in-one service, data, and access hub.

A secure IoT Gateway should follow a "zero-trust" model.

• The Old Way (Firewall Rules): You open a port. That port is open 24/7. It's a permanent security hole waiting to be found.
• The RCMS Way (On-Demand): The RobustVPN tunnel is not always on. It is created on-demand by an authenticated user in the RCMS platform. The second the engineer is done, they click "Disconnect," and the tunnel vanishes. The remote IoT Gateway is once again invisible.
• RBAC (Role-Based Access Control): In RCMS, you can control who is allowed to connect. You can put your "Service Techs" in one VPN group that can only access the IoT Gateway for machines they service. Your "Managers" can be in another group that can only view the dashboard but cannot connect.

This is true, granular iot gateway security—a stark contrast to just "opening a port."

A simple plc remote access gateway solves one problem. A modern industrial iot gateway solves all your problems.

The next time you get a service call from a remote customer, don't look up flights. Look at your IoT Gateway. By pairing a Robustel IoT Gateway with the RCMS and RobustVPN platform, you transform your hardware from a simple data collector into a powerful, secure, and revenue-saving service tool.

This is how you kill the "truck roll." This is how you move from a break-fix business model to a proactive, high-margin service model. And this is why your IoT Gateway is the most valuable service tool you own.