Automated VPN Infrastructures based on Docker Containers

WAGO Controller PFC200

With it’s PFC200 controller family, WAGO has combined PLC and IT functions in one device. It has an integrated OpenVPN client, a firewall, and support for Docker containers. The Welotec VPN Security Suite serves as a complementary solution for building scalable VPN infrastructures. It comes with a an integrated VPN Container Client (VPN-CC).

Wago Controller PFC200

Challenges in building VPN infrastructures

The advantages of digitization can only be fully exploited by networking all devices in the field. For local PLCs at one place, this is easily done via a local network. However, if devices are distributed across many locations, public networks such as the Internet must be used.

VPN tunnels are used to secure connections. However, a secure operation of a VPN infrastructure is often complex. Among other things, configurations for the local firewall, the VPN tunnel and certificates for identity and security must be installed on the individual devices in the field. To ensure security, VPN configurations must be updated, and certificates are to be renewed regularly. With a few devices in the field, it is relatively easy to keep track and execute these tasks manually. Especially in the energy sector and mechanical engineering, where many plants are distributed, these tasks can not be reliably performed manually.

Welotec VPN Security Suite in combination with WAGO Controller PFC 200

The Welotec VPN Security Suite automatically manages VPN configurations and the life cycle management of certificates. The central server with management interface is installed and operated in user´s infrastructure. It consists of  a management interface, a security platform including firewall and public key infrastructure (PKI) for certificate management. It includes a Docker container “VPN Container Client” which is installed as a microservice on the WAGO Controller PFC200. This is easily done via the web-based management as well as the console. The WAGO PFC200 controller can then establish a protected connection to the Welotec VPN Security Suite via an end-to-end encryption. The setting of access authorizations, firewall rules, and the renewal of certificates now takes place automatically.

Welotec VPN Security Suite

Fig. Welotec VPN Security Suite in use with the WAGO Controller PFC200

The secure VPN connection now allows access to the WAGO PFC200 controller and the connected devices, and can be controlled via the Welotec VPN Security Suite. The connection allows data to be transmitted to a control centre in encrypted form. In addition, a remote connection and access to the WAGO Controller PFC200 and connected devices/machines is also possible, e. g. for services. The entire infrastructure is container-based. This means the VPN client can be easily deployed on the WAGO Controller PFC200, but also on the server side. This allows to easily deploy a scalable solution in cloud infrastructures such as Mircosoft Azure or Amazon AWS, or on regular Linux servers.

Advantages and Implications

The Welotec VPN Security Suite expands the functions of the WAGO PFC200 Controller to include the option of easy and secure remote maintenance as well as connection to other systems. The WAGO Controller PFC200 thus becomes a remote maintenance gateway. Docker-ready functionality makes integration simple and possible without special IT knowledge. The operation and maintenance of the Welotec VPN Security Suite also requires no special knowledge of network technology. The end-to-end encryption protects against data misuse -and manipulation. By installing the Welotec VPN Security Suite in the customer’s infrastructure, third parties have no access to data. It is also possible to communicate with devices e.g. via LTE in private APNs, to which external servers would not have access.

About WAGO

Founded on April 27, 1951 in Minden, East Westphalia, WAGO Kontakttechnik GmbH & Co KG has developed into a leading supplier in the field of connection and automation technology. With now 8500 employees, the course is continuously set on growth and further development. Current innovations include the PFC200 controller family, which makes it easier to control and visualize projects. This is made possible, among other things, by combining PLC and IT functionality in just one device. Thanks to CODESYS-based runtime environments and a real-time capable Linux operating system, complex automation tasks can be solved in no time. A major advantage of the WAGO PFC200 controller family is that it supports Docker applications. Container technology shortens development time and is also extremely flexible. It makes it possible to respond to increasingly shorter product cycles in a cost-efficient manner.

WAGO is a registered trademark of WAGO Verwaltungsgesellschaft mbH.