Example NiagaraAX VPN network
Figure 7 provides examples of typical NiagaraAX job configurations (system architectures) for connecting NiagaraAX hosts with a VPN.
In this example, Company ABC has implemented VPN server software on their firewall, and added a new site (site 3). The router in site 3 has VPN client software, which has been configured to provide a persistent VPN connection to the firewall in site 1. After the router connects to the Internet, the client software connects to the VPN at site 1, receiving new network settings as defined by the VPN server. The router (and by extension, the JACE-NX) are now part of the LAN.
The company has also loaded and configured client software on the remote engineering station to allow the off-site SI to maintain NiagaraAX stations and hosts. Formerly, this maintenance was handled through dialup to the JACE-NX in site 1.
The engineering station connects to the Internet through its ISP, then initiates the VPN client. The client connects to the company firewall and the engineering host receives an IP address belonging to ABC company, joining its network. Until the remote host disconnects the client software, all packets from the engineering host are routed onto the ABC company’s network. The firewall has been configured to allow the remote engineering station access only to the NiagaraAX hosts available on the company network, including those in sites 1, 2, and 3.
Figure 7 Example VPN architecture
You should note the following things about using NiagaraAX hosts with a VPN:
- You cannot use a VPN with a QNX-based JACE connected directly to an ISP. That is because you cannot load VPN client software on a QNX-based JACE. You can use a QNX-based JACE with a VPN if the JACE connects to the Internet through an on-site router that provides VPN services (as well as DHCP and NAT). This is similar to the setup shown in site 3.
- This scenario has not been tested by Systems Engineering. We recommend that you set up a pilot to test them before implementing in a live job.
- Exact details on how to connect NiagaraAX hosts using VPNs cannot be provided due the many differences in VPN connection devices.