Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
M2M Gateway Features Jari Lahti, CTO www.violasystems.com Viola M2M Gateway • Industrial-grade gateway for Viola's Arctic Modems • Connects SCADA network with GPRS or other network • Offers mobile operator independent static IP addressing for connected Arctic Modems • Easy and quick to install and configure • Firewall and VPN for secure communication • 2 x 10/100 Base-T Ethernet ports • Hot Stand-By with secondary M2M Gateway • Load Sharing with secondary M2M Gateway M2M Gateway Versions • Standard – 19" 1U rack – up to 300 Arctic clients (unlimited, traffic dependent) • Enterprise – – – – 19" 1U rack up to 2500 Arctic clients (unlimited, traffic dependent) redundant power supply, fans redundant hard disks Security Features • Stateful inspection firewall – Filter rules for incoming, outgoing and routed traffic – Packet logging • VPN – SSH-VPN between Arctic and M2M – L2TP between Arctic and M2M – OpenVPN between client computer (SCADA) and M2M • Management – HTTPS, SSH – Console Installation Requirements • M2M installation requires fixed and public IP address to where the client devices can connect to • Used ports (can be altered) – TCP port 22 (SSH-VPN) – TCP port 10 000 (WEB UI) – UDP port 1701 (L2TP-VPN) – UDP port 1194 (OpenVPN) • Installation either directly to public IP or to DMZ zone Internet Internet eth0 Public IP eth0 Private IP Public IP Company Firewall / router with port forwarding SCADA Connection • The M2M Gateway is transparent for SCADA communication - the traffic is only encrypted and capsulated to VPN • SCADA can be connected directly to M2M Ethernet port or remotely by using OpenVPN software VPN • OpenVPN clients available for Windows, Linux and Mac SCADA Internet SCADA OpenVPN eth1 eth0 Public IP Internet eth0 Public IP Load Sharing • Multiple M2M Gateways can be connected parallel • Each M2M Gateway must be available on different IP address or different TCP/UDP port • If SCADA is connected directly to M2M:s – configure static routes to SCADA PC – or enable proxy-ARP feature on M2Ms • If SCADA is connected by using OpenVPN – separate OpenVPN connection to each M2M • Each Arctic group connects primary to dedicated M2M A A SCADA Internet B B Redundancy • Each Arctic can connect primary and secondary M2M • If the primary connection fails Automatic switching to backup happens • Each M2M Gateway must be available on different IP address or different TCP/UDP port • SCADA must be connected directly to M2M:s – enable proxy-ARP feature on M2Ms – when the SCADA PC makes ARP request the M2M gateway currently hosting the requested Arctic will reply • Can be used together with Load Sharing • Settings can be copied between M2M's A A Primary M2M Internet B A Backup M2M SCADA