M2M Gateway Features

Download Report

Transcript M2M Gateway Features

M2M Gateway Features
Jari Lahti, CTO
www.violasystems.com
Viola M2M Gateway
• Industrial-grade gateway for Viola's Arctic
Modems
• Connects SCADA network with GPRS or other
network
• Offers mobile operator independent static IP
addressing for connected Arctic Modems
• Easy and quick to install and configure
• Firewall and VPN for secure communication
• 2 x 10/100 Base-T Ethernet ports
• Hot Stand-By with secondary M2M Gateway
• Load Sharing with secondary M2M Gateway
M2M Gateway Versions
• Standard
– 19" 1U rack
– up to 300 Arctic clients (unlimited, traffic dependent)
• Enterprise
–
–
–
–
19" 1U rack
up to 2500 Arctic clients (unlimited, traffic dependent)
redundant power supply, fans
redundant hard disks
Security Features
• Stateful inspection firewall
– Filter rules for incoming, outgoing and routed traffic
– Packet logging
• VPN
– SSH-VPN between Arctic and M2M
– L2TP between Arctic and M2M
– OpenVPN between client computer (SCADA) and
M2M
• Management
– HTTPS, SSH
– Console
Installation Requirements
• M2M installation requires fixed and public IP address to
where the client devices can connect to
• Used ports (can be altered)
– TCP port 22 (SSH-VPN)
– TCP port 10 000 (WEB UI)
– UDP port 1701 (L2TP-VPN)
– UDP port 1194 (OpenVPN)
• Installation either directly to public IP or to DMZ zone
Internet
Internet
eth0
Public IP
eth0
Private IP
Public IP
Company
Firewall / router with port
forwarding
SCADA Connection
• The M2M Gateway is transparent for SCADA
communication - the traffic is only encrypted and
capsulated to VPN
• SCADA can be connected directly to M2M Ethernet port
or remotely by using OpenVPN software VPN
• OpenVPN clients available for Windows, Linux and Mac
SCADA
Internet
SCADA
OpenVPN
eth1
eth0
Public IP
Internet
eth0
Public IP
Load Sharing
• Multiple M2M Gateways can be connected parallel
• Each M2M Gateway must be available on different IP
address or different TCP/UDP port
• If SCADA is connected directly to M2M:s
– configure static routes to SCADA PC
– or enable proxy-ARP feature on M2Ms
• If SCADA is connected by using OpenVPN
– separate OpenVPN connection to each M2M
• Each Arctic group connects primary to dedicated M2M
A
A
SCADA
Internet
B
B
Redundancy
• Each Arctic can connect primary and secondary M2M
• If the primary connection fails Automatic switching to
backup happens
• Each M2M Gateway must be available on different IP
address or different TCP/UDP port
• SCADA must be connected directly to M2M:s
– enable proxy-ARP feature on M2Ms
– when the SCADA PC makes ARP request the M2M
gateway currently hosting the requested Arctic will reply
• Can be used together with Load Sharing
• Settings can be copied between M2M's
A
A
Primary M2M
Internet
B
A
Backup M2M
SCADA