December 2016

Implementing Secure Communications and Centralized Management across Multiple Networks

The Industrial Internet of Things (IIoT) aims at increasing the efficiency and productivity of industrial operations. However, this can only be achieved when IIoT systems and applications are backed by reliable networks that can support secure machine-to-machine and system-to-system communications and facilitate network management across different networks. In the case of large-scale multi-site operations, industrial operators typically deploy cellular network devices and technology that can support the convergence of multiple networks for effective centralized management and scalability. In this article, we discuss four major considerations to help you build a secure, robust industrial network that can facilitate communication with remote sites using cellular technology.

Reliable Cellular Connectivity

IIoT applications require highly reliable network connectivity because they are deployed in 24/7 industrial operations. Any interruption in the network connectivity could result in loss of production, incorrect process information, or failure in critical processes leading to loss of lives and property. The recommendation is to implement industrial cellular connectivity using industrial-grade cellular devices that can support leading-edge redundancy technology in your converged IIoT networks to enable uninterrupted high-speed as well as stable remote communication across networks. Additional product features include:

  1. Cellular connection backup with dual-SIM and connection recovery to ensure cellular connections are kept alive even when no data is being transmitted
  2. Power and RF isolation for power source insulation protection
  3. Dual power inputs for power redundancy to ensure uninterrupted connectivity
  4. Wide operating temperature range (for example -30 to 70°C) to operate in harsh environments
  5. Rugged hardware design well suited for hazardous locations
  6. Compliance with industry certifications, such as ATEX Zone 2/IECEx

Secure Remote Communication with OpenVPN

As equipment, machines, devices, and computers with diverse capabilities and different data communication needs are brought online, network infrastructure that has the capability to deliver audio, video, and data communication within a single network is the norm in today’s industrial applications. In an industrial setup, a large number of endpoints are physically located in remote locations or hard-to-reach areas inside manufacturing facilities, such as oil rigs and marine vessels. In this distributed operational environment, cellular connectivity coupled with VPN technology, specifically OpenVPN, is seen by many as a good solution that can provide secure, seamless connectivity across networks. Cellular networks and devices can provide connectivity in any location where a cellular signal is detected, while OpenVPN provides secure point-to-point and long-distance site-to-site connections in routed and bridge configuration modes. If you have several networks in different locations far away from the control center and want to achieve secure, centralized network management, as well as the ability to easily expand your networks by adding more sites, LTE cellular gateways with OpenVPN bridge mode can help you achieve this goal. You can also efficiently transmit large volumes of data between various field sites and the control center using these high performance LTE cellular gateways.

To illustrate, let’s consider the example of a vehicle sharing system. In this system, many bikes or rental vehicles are distributed across a city. Site-to-site communication becomes very important in this case to track these rental vehicles and provide information to the control center. In the illustration below, if a bike has traveled from site A to site B, the computers at these two sites need to share the transport data with each other and update the transport records in the control center. The location of all bikes in the system should be continuously monitored and data sent to the control center so that this information is transmitted to the site computers. If a bike falls off the system radar, it is no longer available for use. LTE cellular gateways with OpenVPN bridge mode can be used to secure site-to-site and control-to-site communication, thereby reducing the possibility of cyber-attacks on such public network systems. In the OpenVPN bridge mode, the networks in different locations can use the same subnet, which makes network management and network expansions easy.


Industrial Network Security

Cybersecurity is a major concern for industrial operators as they open up their industrial networks as part of the IIoT to facilitate access from public networks. Organizations around the world are dedicating a lot of time and effort to build higher security in IIoT products and solutions. However, an end-to-end security solution eludes the IIoT industry, leaving the industrial operators to their own devices when it comes to dealing with the increasing number of cyber attacks. Among the cyber-attack incidents, abuse of access authority, unsecure data transmission, and incomplete event logs are some of the commonly reported vulnerabilities of network devices. To prevent system intrusions and attacks, it is essential to have a good user access control mechanism in place that can identify, authenticate, and authorize users. Compliance with cybersecurity standards, such as the IEC 62443-4-2 and implementing multiple levels of authentication based on established best practices in the industry can help secure your IIoT applications. On the device side, a stricter access control mechanism based on user account, password, and key authentication, and better management of the authentication interface can help prevent cyber attacks. Organizing devices into groups and granting access privileges to only certain users or user groups based on their roles is a good way to prevent unauthorized access of devices on your network.

The key is to strike the right balance between accessibility and security.

Smart Central Management

Cellular networks, in most cases, are located in remote hard-to-reach areas that are spread over different geographical locations. A smart cellular network device management tool is needed to ensure fast deployment, efficient monitoring, and effective remote management of cellular devices. The required capabilities of this tool include:

  1. Mass configuration of devices for quick deployment and remote firmware upgrade
  2. Easy troubleshooting with functions such as:
    1. Dashboards for easy monitoring
    2. RSSI historical data
    3. System logs
    4. RESTful APIs for cross-platform monitoring
  3. Remote Management functions, such as SMS control commands to remotely reboot, initiate data connections, and perform firmware upgrades.
  4. Network security management:
    1. Access control based on device groups and user-account classification
    2. Advanced network security features such as IP blocking and support for OpenVPN

In an industrial environment, network failures, even for a few seconds, can cause irreversible damage to operations. Therefore, it is imperative that network administrators and operators have the right tools at their disposal to monitor the status of their network components and be able to make informed decisions instantly.

Efficient Event and Device Management

Industrial operators require smart troubleshooting and network management tools to maximize the uptime of industrial networks. In addition, cellular devices in the network should support functions like event alerts through SMS/emails or SNMP traps and remote device management to facilitate easy troubleshooting and device management, especially in the case of devices that are located in remote hard-to-reach areas. Network administrators can use the information available in dashboards and event logs to monitor device statuses, such as power, interface, and IP and I/O connections, to make informed decisions that can prevent connectivity issues. Remote device management functions, such as SMS control commands that can be used to remotely reboot a device, update firmware, enable VPN connections, or retrieve device status strengthen the hands of network administrators who are hard pressed for time and enable them to quickly respond to device and network issues.

Moxa’s Solution

The OnCell G3150A-LTE series of products are high-speed LTE cellular gateways that come with the following additional functions to help you establish secure, reliable connections to serial and Ethernet networks from your cellular applications.

  1. Multi-band support
  2. VPN support with NAT/ OpenVPN/ GRE/ IPSec functionality
  3. Compliance with the cybersecurity standards for IACS Components: IEC 62443-4-2 Level 1
  4. OnCell Central Manager tool support, which enables you to centrally manage, monitor, and configure remote devices over the cellular network

Click here to learn more about the OnCell G3150A-LTE gateway.

 
 
ProductsSupportLiteratureWhere to BuyContact Moxa
 
 
Copyright © 2016 Moxa Inc. All rights reserved.