METHOD FOR CONFIGURING A TUNNEL CONNECTION FOR AN AUTOMATION NETWORK

Abstract

In a method for configuring a communication between a first computer with an automation engineering software and a second computer which is connected in a proprietary automation network, the first computer is run in a cloud environment. The communication between the first computer and the second computer is carried out by a tunnel protocol for establishing a tunnel connection, and a configuration of the tunnel connection is automatically configured by determining information heuristically.

Claims

1. A method for configuring a communication between a first computer with an automation engineering software and a second computer connected in a proprietary automation network, said method comprising: running the first computer in a cloud environment; carrying out the communication between the first computer and the second computer by using a tunnel protocol for establishing a tunnel connection; and automatically configuring a configuration of the tunnel connection by determining information heuristically.

2. The method of claim 1, wherein an https protocol is used as the tunnel protocol.

3. The method of claim 1, wherein the first computer has a first information of known communication connections.

4. The method of claim 3, wherein port numbers are contained in the first information, said method further comprising determining an external address with respect to a respective port number, said external address being an IP address and/or a DNS name.

5. The method of claim 3, wherein the first information contains no information of an existing communication connection, said method further comprising adding to the first information a second communication information associated with the existing communication connection.

6. The method of claim 5, wherein the second communication information is an IP address and/or a DNS name.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0020] Other features and advantages of the present invention will be more readily apparent upon reading the following description of currently preferred exemplified embodiments of the invention with reference to the accompanying drawings, in which:

[0021] FIGS. 1 and 2 are schematic illustrations of a conventional structure of network elements and configuration masks,

[0022] FIG. 3 shows a heuristic method for configuring the network software tunnel for automation protocols,

[0023] FIG. 4 shows a functional sequence diagram for the SCAN process, and

[0024] FIG. 5 shows a functional sequence diagram for the LEARN process.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

[0025] Throughout the figures, same or corresponding elements may generally be indicated by same reference numerals. These depicted embodiments are to be understood as illustrative of the invention and not as limiting in any way. It should also be understood that the figures are not necessarily to scale and that the embodiments are sometimes illustrated by graphic symbols, phantom lines, diagrammatic representations and fragmentary views. In certain instances, details which are not necessary for an understanding of the present invention or which render other details difficult to perceive may have been omitted.

[0026] Referring now to FIG. 3, there is shown an advantageous embodiment of a method in accordance with the present invention. The method includes a scan process that is performed each time the user attempts to configure the network tunneling software automatically. Furthermore, it includes a learn process that is carried out each time the software creates a manually configured tunnel connection to the automation device.

[0027] FIG. 4 then shows the SCAN process 11:

The software creates and maintains a list of the ports, which list is initially prefilled with known ports, WKPL—Well Known Port List WKPL. The latter are allocated by the shared remote desktop software; in the example, port number 3389 is used for Microsoft RDP, 5800, 5900 for VNC, 1494 and 2598 for Citrix.

[0028] The following steps are carried out for each port 12 in the list:

When a connection exists on the current port, step 15: [0029] determine the IP address of the computer connected to the port (in the example port 3389), step 16 [0030] determine the DNS name for the IP address (in the example: Pgpc.example.dom), step 17 [0031] add both to the results in the list, step 18

[0032] When there are no results, the address may be configured manually, if appropriate, step 13.

[0033] FIG. 5 describes the LEARN process 21:

When the user, as described above, has configured the remote address manually, then this probably means that the user is using remote desktop software that is not yet known—a non-standard (non-default) port or an unknown remote desktop protocol. The following method is then performed for the existing network connections of the computer on which the PC-based engineering software is executed:
Determine the foreign address of the connection, step 25: [0034] when the foreign address is the same as the manually configured address, add the port to the list of the known ports WLPL, step 26.

[0035] In this way, the software can learn that the user will use different software for the connection to the engineering system the next time the SCAN process is performed.

[0036] The software utilizes apparently unrelated information (information about the well-known ports for remote desktop connections) to create an assumption about the correct configuration parameters for the software component that is responsible for the tunneling of the automation protocols. The software can also learn over the course of time from successful connections to identify previously unknown remote desktop software, etc.

[0037] In this case, a heuristic is generally an assessment which is determined by a calculation. This calculation is based on estimation, observation, assumptions or guessing. Heuristics serve for solving problems; e.g. during the search a heuristic is taken in order to find a “good” path or a “good” solution. The assessment is only as good as the “estimation”. Heuristics are used whenever an exact calculation of the optimum solution is impossible (e.g. too little information) or so complex that it is not worth the effort.

[0038] The configuration is carried out in a completely automated manner in most cases in accordance with the method according to the invention.

[0039] While the invention has been illustrated and described in connection with currently preferred embodiments shown and described in detail, it is not intended to be limited to the details shown since various modifications and structural changes may be made without departing in any way from the spirit and scope of the present invention. The embodiments were chosen and described in order to explain the principles of the invention and practical application to thereby enable a person skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated.

[0040] What is claimed as new and desired to be protected by Letters Patent is set forth in the appended claims and includes equivalents of the elements recited therein: