Cellular in OT - Part 3
In this series we’re exploring various architectures we’ve encountered over the last decade involving the deployment of cellular gateways in OT / SCADA environments. By and large these cellular gateways have been deployed to replace previous communication paths such as POTS/Dial-Up or private licensed and unlicensed radio systems, microwave or perhaps integrate locations that were previously “offline”. I say monitored and imply these are used solely for the “DA” portion of SCADA (Supervisory Control and Data Acquisition) but I know first-hand that many are performing the “C” of SCADA over cellular as well. ***I’ll leave the discussions about whether or not anyone should do that to others; the focus in this series is on the various architectures once the decision to connect has already been made.***
In Part 2 we explored the carrier Full Tunnel Private Network. But I know what you were thinking.
“That example architecture assumes an HQ location with wired internet and a public static IP. What if we don’t have that location? What if our application is ALL remote field sites that need to communicate to each other?”
Enter the Zero Tunnel Private Network. You select an IP Pool as part of the private network build, these IPs are enumerated to cellular gateways at all your field locations and these IPs are allowed to communicate “mobile to mobile”. Just as before, you could then utilize IPPT or Port Forwarding if that connectivity is sufficient for your application. In the example I’ve shown below; however, we further take advantage of the mobile to mobile connectivity by creating a VPN overlay to achieve full net-to-net.
“Full Tunnel, DMNR, Zero Tunnel, VPN. There a LOT of knobs and possible combinations here. How do I know which private network combination is right for me?”
I put together a comparison matrix of the private network architecture variants and the functionality afforded/requirements. If you have follow up questions when reviewing it, don’t hesitate to reach out.
We’ll continue this series exploring additional alternative architectures. See you next time!