Tired of using VPNs for remotely monitoring machines? Us too.

Better ways to view your distributed systems in real-time.

For many years, the most reliable way to connect to distributed control systems has been: Dial in via a VPN channel. Use a proprietary remote-desktop method such as Microsoft Remote Desktop, the free VNC client or professional tools such as TeamViewer. All of these tools serve a purpose. That purpose is to remotely control a desktop computer. It typically gives you full control of the host and allows a lot of functionality. It is perfect for deep remote diagnostics and personal assistance of a computer system. What it’s not intended to solve is the continuous monitoring of remote systems, their health and operations. We would like to present you 5 good reasons to replace VPN machine monitoring applications with a platform that was created for this purpose.

monitoring with vpns

Monitoring control systems with local SCADA and VPN connections one at a time

In many applications of distributed monitoring and control, PLCs or other embedded controllers are used with local SCADA / HMI visualization. A PC that provides the local visualization has a VPN and / or remote desktop client installed and operators log in from an external site via the respective remote management software. To get a comprehensive overview of all distributed systems, users will have to log in to each system individually, manually merging the data they collect.


1) VPNs are just as safe as the environment they’re used in

VPNs are inherently safe. They provide encrypted tunnels that are typically not vulnerable to man-in-the-middle attacks or other manipulation attempts. If both endpoints are secured, a VPN can be the perfect way to access a company network or critical infrastructure remotely. As it is often the case, danger lies within how the service is used. The most critical variables when using VPNs are the security of the endpoints and how the access data is managed and shared. Oftentimes, credentials to remote systems have to be shared among multiple users or end up on sticky notes on various computer monitors. In the worst case, one client system is infected with a virus or key logging software and compromises the security of the entire ecosystem. As any IT professional would confirm: no technology can guarantuee absolute security, and educated users are a big part of the solution. A good way to manage the situation is to limit VPN access to very few machines and professionals but provide other users with valuable real-time read-only operational information via a monitoring platform. Even if their credentials were to be compromised, potential dangers can easily be contained (for instance, they would be limited to read-only access to begin with).

2) Scaling VPN / remote accesses manually is hard

Once your number of deployed systems exceeds 5 or 10, managing their respective credentials, IP addresses and access data can become a cumbersome endeavor. For all the reasons stated above, the complexity of the matter should not be underestimated. There are VPN management systems out there that can help solve this dilemma. Of course, resources still have to be dedicated to allow continuous management of all remote accesses, depending on the technology you use. Even with access data managed, the actual data of interest becomes more and more of a challenge as long as there is no automated mechanism in place to collect, filter and store it on a server system. Once more, a monitoring platform can scale much more easily while providing a better way to create actionable insight from collected data.

3) Monitoring solutions should reflect user roles

Not all monitoring needs are created equal. In every application different stakeholders will have different requirements toward the data they would like to see. When monitoring a solar plant, for instance, its investors would mainly be interested in yield and overall efficiency values as well as total revenue when feeding power to the grid. Its maintenance and service provides need to receive real-time alarms and any actionable intelligence that can be derived from the data. This could be failure states or over-temperature warnings that would in turn inform technicians to replace a part. Developers and technicians of the on-site data collection systems, on the other hand, will require deep access to detailed measurement data to further optimize and improve their products. In a typical infrastructure with a VPN / remote access tool and a local SCADA / HMI visualization, it is hard to give all user roles access to the respective data subsets. Using a web-based monitoring platform, it is easy to manage various users, adjust their level of information depth, and build individualized dashboards to fulfill their respective needs.

4) Monitoring for top-level supervisory control and more insight

Not only are different users interested in different subsets of the data. Manufacturers or operators of distributed systems will want a global overview of all active systems. Imagine a network of safety-critical sensors for gas leaks. A global view is essential to ensure the overall infrastructure and safety. In other applications manufacturers will like to monitor their quality parameters, such as system uptime, system output. They would like to be able to tell how well systems perform on different sites and drill down into the reasons for that. Monitoring systems can act as historians, keeping long-term records of all relevant data. This can be the base for predictive health and predictive maintenance applications in the near future. Historical data can also be fed back into R&D centers where it enables engineers and scientists to make data-driven decisions on future iterations of the product. It can also help to fulfill regulations, where record-keeping is required.

5) Monitoring should be uniform across heterogeneous platforms

This is pretty simple and straightforward: A service team cares mainly about the real-time information of ongoing operations. Furthermore, they should have access to historical data for trends, as well as any events and alarms that occur. They should not have to learn, license or operate dozens of remote access, automation and visualization tools to perform their tasks. Any monitoring system should adhere to existing standards and should adapt easily to the infrastructure at hand. Using established standards, such as Modbus or OPC (UA), monitoring platforms can interface to any industrial automation platform and provide an identical interface for automation systems that may have very little in common.


monitoring with daqio

Monitoring multiple control systems with daq.io and encrypted communication


Visit www.daq.io to learn more about monitoring distributed systems and machines. Sign up for free at dashboard.daq.io.