M2M Gateway Features

equableunalaskaΑσφάλεια

9 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

105 εμφανίσεις

M2M Gateway Features

Jari Lahti, CTO

www.violasystems.com

Viola M2M Gateway


Industrial
-
grade gateway for Viola's Arctic
Modems


Connects SCADA network with

GPRS

or other

network


Offers mobile operator independent static IP
addressing for connected Arctic
Modems



Easy and quick to install and configure


Firewall and VPN for secure communication


2 x 10/100 Base
-
T Ethernet ports


Hot Stand
-
By with secondary M2M Gateway



Load Sharing with secondary M2M Gateway


M2M Gateway Versions


Standard


19" 1U rack


up to 300 Arctic clients (unlimited, traffic dependent)


Enterprise


19" 1U rack


up to 2500 Arctic clients (unlimited, traffic dependent)


redundant power supply, fans


redundant hard disks


Security Features


Stateful inspection firewall


Filter rules for incoming, outgoing and routed traffic


Packet logging


VPN


SSH
-
VPN between Arctic and M2M


L2TP between Arctic and M2M


OpenVPN between client computer (SCADA) and
M2M


Management


HTTPS, SSH


Console

Installation Requirements


M2M installation requires fixed and public IP address to
where the client devices can connect to


Used ports (can be altered)


TCP port 22 (SSH
-
VPN)


TCP port 10 000 (WEB UI)


UDP port 1701 (L2TP
-
VPN)


UDP port 1194 (OpenVPN)


Installation either directly to public IP or to DMZ zone




Internet

eth0

Public IP



Internet



Public IP

eth0

Private IP



Company

Firewall / router with port
forwarding

SCADA Connection


The M2M Gateway is transparent for SCADA
communication
-

the traffic is only encrypted and
capsulated to VPN


SCADA can be connected directly to M2M Ethernet port
or remotely by using OpenVPN software VPN


OpenVPN clients available for Windows, Linux and Mac



Internet

eth0

Public IP

SCADA

eth1




Internet

eth0

Public IP

SCADA

OpenVPN

Load Sharing


Multiple M2M Gateways can be connected parallel


Each M2M Gateway must be available on different IP
address or different TCP/UDP port


If SCADA is connected directly to M2M:s


configure static routes to SCADA PC


or enable proxy
-
ARP feature on M2Ms


If SCADA is connected by using OpenVPN


separate OpenVPN connection to each M2M


Each Arctic group connects primary to dedicated M2M

SCADA



Internet

A

B

A

B

Redundancy


Each Arctic can connect primary and secondary M2M


If the primary connection fails Automatic switching to
backup happens


Each M2M Gateway must be available on different IP
address or different TCP/UDP port


SCADA must be connected directly to M2M:s


enable proxy
-
ARP feature on M2Ms


when the SCADA PC makes ARP request the M2M
gateway currently hosting the requested Arctic will reply


Can be used together with Load Sharing


Settings can be copied between M2M's

SCADA



Internet

Backup M2M

Primary M2M

A

A

A

B