Sample: Rockwell Studio 5000
In this example we show setup and interoperability between the Agilicus AnyX platform and Rockwell Automation’s Studio 5000 with RSLinx. This allows a PLC engineer to remotely support multiple sites, multiple customers, using their existing tools and setup. No VPN, no changing of IP’s. Connect to multiple customers simultaneously.
Customers get increased security, simple single-sign-on authentication with multi-factor, and a full audit trail. Permissions can be assigned (and audits can be observd) on an individual PLC basis, rather than an entire VPN or subnet.
For the example setup we have:
- Windows PC running Rockwell Studio 5000 (v29)
- CompactLogix 1769-L16ER
- Micro850 2080-LC50
- Raspberry Pi (serving as the Industrial PC / IPC)
The setup is such that the PLC are on a separate non-routeable segment. The Raspberry PI is dual-homed, serving thie PLC subnet and the connection outbound.
There is a highly restrictive firewall between the Raspberry PI and the Internet: it only allows outbound connections, on port 443, to the Agilicus AnyX platform: no inbound, no arbitrary outbound.
The operator will see no change on their laptop: they launch Studio 5000 from their start menu as normal. If they have not authenticated recently, a browser will popup to force a sign-in against their corporate identity provider (e.g. Microsoft Azure or Google Workplace). The Rockwell Automation software will then function as normal for all PLC viewing and programming.
User Desktop: Launcher Install
There is a one-time thing the user must do on their desktop to enable the Agilicus Launcher. No administrative privilege is required, and the configuration and software will automatically stay up to date.
The user must open the Profile web page (https://profile.YOURDOMAIN). From here they will download a binary and run it, it will sign-them in via the browser. At this stage, a new start menu item (Refresh) is present. Complete instructions are here.
Once the Launcher is installed, a ‘Refresh’ icon will appear, as well as an icon for Studio5000 and RSLinx Classic. Launch the software from the icon as normal.
Agilicus AnyX Configuration (https://admin.YOURDOMAIN)
- Install the Agilicus Connector on your Raspberry Pi or other IPC
- Create a ‘Network’ for each PLC in the Agilicus (optionally make a Resource Group per site)
- Create a Launcher for Studio5000 (and optionally RSLinx), assigning the Network (or optional Resource Group)
- Assign permissions to each user (or a group)
At this stage, if your Studio 5000 has previously seen the PLC, it will be working, otherwise we can enter them manually as below.
With this complete, you can either launch RSLinx and leave it open, or, allow Studio 5000 to launch it. Observe the first time you will see a browser open and be prompted to sign in. On subsequent launches it will have cached credentials.