Opto22 Integration Module - by Avadine

Opto22 Integration Module

Avadine is excited to partner with Opto22 and release Opto22 Integration, an advanced module that provides the ability to remotely configure and integrate with Opto22 groov products directly from Ignition, from Port Redirect configuration to the full suite of groov APIs.


Why?

Because we wanted to configure temporary Port Redirect rules from Ignition to remotely allow developers to access unsecured PLCs that are being protected by Opto22 groov EPIC. And, why while we were at it, why not expose ALL of the Opto22 groov API's as system functions in Ignition so that numerous groov devices can be managed and orchestrated centrally from Ignition.

Wait. What are you talking about?

One of the best ways to secure legacy PLCs, controllers, and other devices is to block all incoming traffic and obscure the device from the network. With Opto22's groov products, you can do just that! By putting an Opto22 EPIC (or RIO, in the near future) physically in front of legacy unprotected devices, they can be protected from bad actors. With Opto22 groov EPIC's dual NIC design and built-in firewall, the legacy PLCs can be connected to eth1 in a LAN/trusted network configuration, with the EPIC's eth0 connected publicly to an untrusted network. Because eth0 and eth1 are separated by a firewall, the legacy PLC is obscured from the outside world.

But how how do trusted/SCADA systems connect to the legacy device if it's being blocked by the Opto22 firewall? I'm glad you asked!

Port Redirect

Port redirection, also known as port forwarding, allows remote computers or mobile devices on one network segment to connect to a specific computer or service within a private LAN through a specific port. Usually, it pokes a “pinhole” in your firewall that packets of information can pass through. This kind of port forwarding is unsecure and not recommended, especially when the remote computer is on a public LAN like the Internet.

However, using port redirects over a VPN is secure and provides a conduit between the two network segments that can be very useful. For example, if you anticipate having to update a PLC’s program on a private network from your PC at remote site, you can place a groov EPIC on the PLC’s network and use a VPN and port redirect to establish a conduit, securely accessing your PLC to make the change.

That sounds awesome! But what does it have to do with Ignition?

True... you can configure these Port Redirect rules directly in Opto22 groovManage. The rules configured directly in groovManage are persistent, allowing specific traffic over specific ports to traverse the internal firewall separating the 2 network interfaces on the EPIC until changed or deleted.

But what if you want to dynamically add new Port Redirect rules from a central location, like some kind of application that can monitor and control devices... something like... IGNITION!?! And what if the Port Redirect rules that were issued from Ignition could be configured with an interval so they would automatically turn off after the time expired? And what if you could monitor and orchestrate configuration changes to all of your Opto22 groov devices centrally from Ignition?

With the Opto22 Integration module, now you can!

Use Case: A legacy/unsecurable PLC is protected by an Opto22 EPIC and, therefore, not able to be remotely connected from engineering workstations for development or logic changes. An admin logs into Ignition Perspective application and temporarily creates a Port Redirect rule for an engineering laptop's IP address to connect to the legacy PLC over a specific Allen-Bradley TCP Port, and configures the rule to only stay open for 1 hour. After 1 hour expires, the rule disables and the engineer is no longer able to access the legacy PLC.

Woah! But, even groov REST API calls are available as well?

You heard right. All of the Opto22 groovManage REST API calls are available in this module as system.opto22.* functions. Documentation to Opto22's swagger can be found HERE.


Module Information

Effective Date: 2025-05-08
Author: Avadine
Audience: System Integrators and Developers
Application: Ignition by Inductive Automation (v8.1+)
Module: Opto22 Integration Module (Download Here!)

1. Prerequisites

  • Ignition Gateway version 8.1 or later
  • Access to the Ignition Gateway Web Interface
  • Opto22 Integration Module .modl file
  • API Key from a groov EPIC device with API access
  • IP address or hostname of the target groov EPIC device

2. Installation Procedure

  1. Log in to the Ignition Gateway Web Interface.
  2. Navigate to the Config tab.
  3. Under the System category, click on Modules.
  4. Select Install or Upgrade a Module.
  5. Upload the .modl file from your local system.
  6. Accept the self-signed certificate and End User License Agreement (EULA).

3. Basic Module Configuration

  1. On the Config tab, navigate to Opto 22 Groov → General.
  2. Enable the API Configuration toggle.
  3. Enter the Hostname or IP address of the groov EPIC device (e.g., 10.10.10.100 or test.groov.epic).
  4. Enter the API Key associated with an API-enabled user on the EPIC device.

4. VPN Configuration (Optional)

  1. On the Config tab, navigate to Opto 22 Groov → Network.
  2. Configure the VPN settings:
  • Toggle the VPN on or off.
  • Modify advanced timeout and network settings as required.

5. Port Redirect Rules - Directly from the Gateway Homepage!

  1. Navigate to Opto 22 Groov → Port Redirect Rules under the Config tab.
  2. Use the table to:
  • Modify existing rules, or
  • Create new Port Redirect Rules by selecting "Create new Port Redirect Rule".
  1. Configure the required parameters for the new rule.
  2. To defer syncing the rule to the EPIC device:
  • Disable the rule during creation.
  • The rule will remain configured and can be activated later by enabling it.


Additional Info

Download the Opto22 Integration module HERE (in case you missed the download above)

More documentation coming soon!

Check out our website for more information about services offered!

More Ignition Exchange resources and modules are coming soon!

Third-party module showcase pending approval!

6 Likes

This is very cool, its a shame nobody sells Opto22 in Australia.

1 Like

You should talk to Ben Orchard, my Aussie friend, at Opto22! He was a user of Opto22 in Australia before joining the Opto22 team here in California. I believe there are several distributors in Australia.

https://www.opto22.com/about-us/distributors/international-optodistributors/australia-optodistributors

Only one, and they have a dead website, so basically don't exist.

1 Like

Crazy. Hit up Ben Orchard. He can help you out! He also says "HAYCH" when saying the letter "H", so you know he is a real Australian.

1 Like

Hi,
It's working for me.

1 Like

Hi @patrixmith,

No trial...?

1 Like

Hi @gnguyen,

have you tried in a full version of Ignition and not in a edge?

1 Like

Hi @Arnaud_Declerck,
In Edge, Epic onboard.
Like here https://youtu.be/0pvzaXA3mGA?si=cD5tlujro0ODO-cH&t=2959

2 Likes

Well done!

1 Like

In honoring the spirit of Inductive Automation and Opto22, it's free. Enjoy not having to hit reset! :wink:

It's also not currently supported on Ignition Edge but will be soon.

2 Likes

Did you get to see their website?

The binford guys are crazy sharp and really making great inroads on all things Opto22 downunder.
They came through for factory training and it was a delight to hang out a bit after class with them and chat about life, the universe and Australia.

@patrixmith Thanks so much for lifting this module over the finish line.
Its been so awsome using it and talking about it in our factory training for the past little while.
It really shows the power of coupling applications tightly with the groov Mange API.
Highlights the power of having two segmented network interfaces, a Firewall and and one API to rule them all.

Awesome @thebaldgeek ! Thanks for posting their new website. I'm glad Binford Tech is still around for @David_Stone !

Thanks for the kind words. @KMuldoon and Avadine crushed it. We think this module is going to be powerful for so many people. I'm excited to use it to orchestrate the 35 Opto22 EPIC's we deployed for our last customer. Keep doing awesome stuff, Ben!

1 Like