Securely access your industrial data with VPNs, connectivity protocols, and HMIs

Learn how industrial VPNs, connectivity protocols, and HMIs contribute to the perennial pursuit of optimal industrial data performance and network security in this interview with Doug Flanders, Global Market Director – Oil & Gas and Energy at HMS Networks.  

The global VPN market is growing rapidly, fueled by the automation, digitalization, and AI megatrends and the perennial pursuit of optimal industrial data performance and network security. It’s expected to grow from a valuation of $61.42 billion in 2024 to $71.66 billion in 2025 and to $154.09 billion in 2029.

Please also provide us with a brief introduction to HMS.

HMS Networks is a global leader in industrial communication and connectivity, headquartered in Halmstad, Sweden. In April 2024, HMS expanded its portfolio by acquiring Red Lion, a trusted name in industrial automation. Operating as Red Lion by HMS Networks, the brand offers scalable industrial solutions that include cloud connectivity, edge intelligence, asset management, rugged operator panels, and panel meters. These technologies are purpose-built to deliver real-time data visibility — especially in remote or demanding industrial environments.

You’ve joined us today to talk about VPNs and other connectivity protocols for securely accessing industrial data in places like cloud and SCADA systems. So, let’s dive in. What should people know?

Virtual private networks (VPNs) create a direct link, or tunnel, between two endpoints over a larger network, like the internet or a wide area network (WAN), resulting in a private network.

In industrial markets, VPNs connect equipment, such as PCs, PLCs, and other industrial devices, to local and remote locations using a tunnel that’s accessible via a company network, intranet, cloud, or machine-to-machine communication.

Many common industrial protocols aren’t inherently secure. VPNs encapsulate and protect protocols, ranging from Modbus RTU/ASCII, PROFIBUS, and DeviceNet to Ethernet-based protocols, such as Ethernet I/P, Modbus TCP/IP, and PROFINET. These protocols are essential for data exchange between industrial equipment at different locations. Concepts like VPNs, virtual local area networks (VLANs), and Open Platform Communications (OPC) ensure interoperability, enabling real-time data collection and visualization and remote equipment and process control through secure connections to devices including PLCs and HMIs.

The digitalization megatrend driven by Industry 4.0 demands secure, reliable connectivity. Encrypted VPN tunnels provide secure remote access to digital systems and data and safeguard data transmissions between IIoT devices and central systems, preventing cyberthreats and unauthorized access.

There are several different types of VPN tunneling protocols.

• The Point-to-Point Tunneling Protocol (PPTP) is easy to set up but offers weaker encryption.

• The L2TP/IPSec Protocol provides stronger security by combining Layer 2 Tunneling Protocol (L2TP) with Internet Protocol Security (IPSec) encryption.

• The Secure Socket Tunneling Protocol (SSTP) uses SSL/TLS (Transport Layer Security) for encryption, making it highly secure.

• The OpenVPN Protocol is highly secure and flexible and is widely considered the best option for most industrial users.

To further enhance cybersecurity, organizations can leverage AI-powered tools to analyze large amounts of network traffic and data in real-time, including traffic from protocols like Message Queuing Telemetry Transport (MQTT). When using MQTT, enabling TLS encryption ensures secure communication between clients and brokers.

What common challenges do people face when implementing VPNs in industrial environments? Do you have any advice for overcoming these challenges?

Absolutely! Common VPN implementation challenges include:

• Complex setup process. Setting up VPNs involves configuring protocols, firewalls, and user credentials. To simplify this, follow detailed guides and consider using VPN solutions with user-friendly interfaces.

• Balancing security and access. Ensuring secure access without compromising overall security can be tricky. Implement multi-factor authentication (MFA) and regularly review access permissions to maintain the right balance.

• Performance issues. VPNs can slow down connections due to encryption overhead. To mitigate this, choose VPN servers closer to your location and use lighter encryption protocols when appropriate.

• Scalability concerns. Scaling VPN infrastructure as your business grows can present complex challenges. Plan for scalability from the start by choosing solutions that support easy expansion and consider cloud-based VPN services.

• Hardware and infrastructure costs. Deploying VPNs requires a significant investment in hardware. Evaluate your needs carefully and consider cost-effective solutions.

• Security risks. VPNs can expose networks to threats if they aren’t properly managed. Use strong encryption, keep software updated, and perform regular security audits to minimize risks.

You mentioned that VPNs and other connectivity protocols help enable secure remote monitoring and control in industrial systems — creating direct tunnels to cloud and SCADA systems and devices like HMIs. Please introduce us to an HMI that would be ideal for this.

Designed to help industrial customers monitor, visualize, analyze, and control equipment and process performance in harsh environments, Red Lion’s Graphite HMIs feature rugged aluminum housings and resistive analog touchscreens and reliably withstand hazards including high shock and vibration and a wide operating temperature range (e.g., -20°C to +60°C). Standard and widescreen models are available in sizes ranging from 7” to 15”. The 7”, 10”, and 12” models are available with UV-resistant, sunlight-visible displays for outdoor use. Additionally, all of the Graphite HMI models offer drag-and-drop protocol conversion, data logging, and web-based monitoring capabilities and UL Class 1, Division 2, ABS, ATEX, and IECEx approvals.

Red Lion’s powerful Crimson 3.2 software is a remarkable programming platform that unlocks the power of the Graphite HMI platform with simple drag-and-drop, point-and-click configuration. Unlike competitive HMIs that charge you extra for cumbersome software, Red Lion’s Crimson 3.2 software is included with each Graphite HMI. Advanced IEC 61131 control and programming functionality can easily be added with the Graphite Crimson Control module.

Can you explain how Red Lion’s Crimson 3.2 software enables secure access to industrial machinery data and connects it to cloud or SCADA systems?

The widespread adoption and continued evolution of Industry 4.0 technologies is creating massive demand of for secure and reliable real-time data transmission between SCADA packages, networked PLCs, data historians, IT-managed SQL Servers, and cloud and machine-to-machine (M2M) communications systems and eliciting numerous challenges.

To address industrial customers’ current data demands and help them prepare for the future, Red Lion offers Crimson 3.2, a dynamic and intuitive software platform for programming our automation product portfolio. Designed to facilitate industrial communications, protocol conversion, data acquisition, storage, visualization, and analysis, and equipment monitoring and control, Crimson 3.2 is constantly evolving, with enhancements released quarterly.

Current features and benefits include:

• Intuitive point and click and drag and drop programming tools
• Compatibility with open standards, such as OPC UA and MQTT, as well as over 350 industrial protocols, including both newer and more outdated protocols, enabling the use of legacy products for years to come
• Interoperability. Users can connect multiple manufacturers’ equipment together easily and efficiently (e.g., network devices from Siemens, Rockwell, and Scheider)
• Pre-configured connectors for integrated IT/OT environments
• Support for 20 simultaneous protocols when used with a Red Lion Graphite HMI

Crimson 3.2 allows industrial users to quickly, easily, and securely facilitate connectivity between cloud services and SCADA systems through a wide range of preconfigured MQTT drivers. These include connectors for Azure, AWS, Sparkplug, Aveva, Google, Ubidots, Cumulocity, and a generic MQTT option. The Cumulocity driver includes support for alarms and events via the Cumulocity Cloud Connector. Crimson’s Sparkplug driver now offers configurable tag properties when publishing data, allowing for greater customization of MQTT payloads.  

In addition to MQTT cloud drivers, Crimson 3.2 also includes the Rockwell/Allen-Bradley L5K Plus Driver, which was recently enhanced to improve the integration of tags into Crimson 3.2 databases. All of these drivers are accessible through Crimson’s intuitive, drag-and-drop interface.

This rugged, all-in-one Crimson 3.2 platform makes it easy to capture and securely send embedded industrial data to any other destination on the local network or VPN. It also enables data visualization and analysis, customizable alarms, email and SMS text message communications, and recipe management and complies with IEC 61131.

Are there any success stories you’d like to share about Red Lion’s Graphite HMIs?

A producer in the oil and gas industry needed an HMI proven to deliver reliable service in very cold and rugged environments, like the Bakken Formation in North Dakota, as well as in extremely hot environments, like in the Permian Basin in west Texas and southeastern New Mexico. These HMIs would be located outside on well pads and would need to not only handle the heat and cold — but the shock and vibration associated with oil and gas applications as well. Additionally, these HMIs needed to be able to create MQTT connections to the company’s cloud server and directly connect to their SCADA systems using an encrypted TLS (HTTPS/HTTP) connection, which allowed for local data collection and data buffering.

Red Lion’s Graphite HMI, equipped with the power of our Crimson 3.2 software, made it easy for this producer to create secure, reliable connections sure to withstand the various hazards of the harsh environments they’re operated in. This is especially true since there were several other protocols required in order to communicate with the PLC (Ethernet I/P), several level (Raw Serial), pressure sensors (Modbus RTU), and flow computers (Modbus TCP/IP). This application also required email and SMS text message alarms to alert pump station personnel to potential problems.

Trust rugged, reliable Red Lion HMIs in your industrial VPNs

No matter what industrial segment you operate within, Red Lion has tools you can trust to securely and reliably access, connect, and visualize your data — including rugged Graphite HMIs and Graphite Crimson control modules. To learn more about these products or the complete RS portfolio of Red Lion and HMS Networks products, please visit the links embedded here. For more expert insights from Red Lion, check out their other contributions to the RS Expert Advice series.

For assistance identifying, procuring, deploying, and maintaining Red Lion’s extensive portfolio of industrial data communications, please contact your local RS representative at 1.866.433.5722 or reach out to the RS technical product support team.