Post on 16-Jul-2020
transcript
Secure Network Infrastructurefor
Mission Critical Datafrom
Industrial IoT
Ron Victor
What are we talking about?
• http://arstechnica.com/security/2016/10/beware-of-all-powerful-ddos-malware-infecting-cellular-gateways-feds-warn/
•http://www.economist.com/news/science-and-technology/21708220-electronic-tsunami-crashes-down-solitary-journalist-internet
• https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
• https://krebsonsecurity.com/tag/wendys-breach/
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
Connect, Secure, Protect
MiningIndustrial AutomationEnergy
TransportationBuilding Automation Oil and Gas
11/8/2016
CONFIDENTIAL – Do not duplicate or distribute without written permission from IoTium, 2016
3
CLOUD
THINGS
“We need help bridging
legacy non-IP & Next- Gen
IP networks”
Bridging OT/IT with secure
isolation is our biggest
concern
N
E
T
W
O
R
K
“Ease of Provisioning is
crucial for us”
“Reducing WAN cost is a must
to scale”
”Multiple entities need
access to the data real-time”
“Real time actions with
latency in µ sec is key”
THE PROBLEMRELIABILITY / VULNERABILITY / SCALABILITY
11/8/2016
CONFIDENTIAL – Do not duplicate or distribute without written permission from IoTium, 2016
4
Locomotive Mfgr Building Automation Mfgr Smart Lighting Provider
Smart Grid Soln Provider Smart Plug Provider Welding Machine Mfgr
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
•Uniform connectivity management in a disparate and dynamically changing IoTnetwork (Based on network characteristics, availability and cost)Network Abstraction
•End to end route and flow management between edge and cloud without numerous carrier dependencies (No separate peering relationships per carrier via secure tunneling et.al)
Carrier Abstraction
•Network configuration and management for M2M and M2C communication should be protocol agnostic
•QoS or other connection configurations should be abstracted via policyProtocol Abstraction
•Multi-segmented network security approach today is complex and error-proneSecurity Abstraction
•Requirement for tenant specific control of transport policiesMulti-tenant connectivity
IoT Transport Layer Challenges
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
• Software defined IoT Network
•Create an abstracted overlay network over disparate physical networks
•Centrally managed single pane view into the IoT networkNetwork Abstraction
•Provide mechanisms for dynamic creation of OTT secure tunnels independent of carriersCarrier Abstraction
•Uniform QoS Policy Language (QPL) with adapters across protocols Protocol Abstraction
• Secure perimeter automatically enforced by iNodes (edge to edge)Security Abstraction
•Visibility into each administrative domain at each end-point in the networkMulti-tenancy connectivity
IoT Transport Layer Solution Requirements
A potential approach EASY TO DEPLOY CLOUD MANAGED SOFTWARE DEFINED NETWORK
iNode
Primary product/SKU
N
E
T
W
O
R
K
3rd Party Analytics
Provider’s CloudHVAC System
Vendor’s Cloud
Fire Alarm
Vendor’s CloudLighting
Vendor’s CloudAccess Control
Vendor’s Cloud
IOTIUM
ORCHESTRATOR
Security
SystemsAccess
Control
Lighting
ControlsFire Alarm
Systems
HVAC
SystemsEnvironment
Monitoring
SOFTWARE DEFINED IoT NETWORK
(Horizontal, Secure, Intelligent, Scalable Infrastructure)
11/8/2016
CONFIDENTIAL – Do not duplicate or distribute without written permission from IoTium, 2016
7
Use Case Scenarios
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
Terabytes of data generated and uploaded using variety of protocols
Depth Tracking Sensors
SCADA Pumps & Valves
Temperature & Pressure Sensor
Gas Emissions
Drill Monitor
Mud Flow
Edge Intelligence Enhanced IOT for Oil & GasC
LOU
DB
AC
KH
AU
LSa
telli
te
EDG
EEt
he
rne
t
THIN
GW
ire
d/W
ire
less
ANALYTICS DATASENSOR DATA
Analytics PlatformAnalytics Platform
Gas EmissionVendor’s Cloud
Drill PipeVendor’s Cloud
WAN OPTIMIZATIONFiltering, Compression, De-dup
SECURE PIPE Across iNode Network
QoSDual-ended, Bi-directional QoS
PROVISIONPartner LogicPolicies
MANAGEMENTDevice ManagementImage Management
EDGE ACTIONSReal -time
EDGE INTELLIGENCEData Filtering, Compression, De-dupRules & Actions
ENABLE EDGE ANALYTICS Alleviates disruptions caused by loss of connectivity to cloud
PARTNER APPLICATION LOGICDynamically enables partner logic and Thing authentication to run on iNode
Operator’s/Third Party Analytics Provider’s Cloud Mud Pump Vendor’s Cloud
Drill BitVendors’ CloudProactive
Maintenance
Predictive Analytics
EdgeAnalytics Platform
Rig Owner’s On-Prem Deployment
Equipment Monitoring
Performance Tracking
iNode Network Management
CONTROL
Blood Glucose Monitor
EKGMonitoring
Cardiac Monitoring
Pulse Oximeter
Blood Glucose Monitor
EKGMonitoring
Cardiac Monitoring
Pulse Oximeter
CONFIDENTIAL – Do not duplicate or distribute without written permission from IoTium
Edge Intelligence Enabled HealthcareC
LOU
DB
AC
KH
AU
LC
ellu
lar/
Sate
llite
EDG
EEt
he
rne
t/W
iFiM
esh
THIN
G6
LoW
PA
N, I
WLA
NW
ire
less
HA
RT
WAN OPTIMIZATIONFiltering, Compression, De-dup
SECURE PIPE Across iNode Network
QoSDual-ended, Bi-directional QoS
PROVISIONPartner LogicPolicies
ANALYTICS DATASENSOR DATA
Analytics Platform
MANAGEMENTDevice ManagementImage Management
EDGE INTELLIGENCEData Filtering, Compression, De-dupRules & Actions
ENABLE EDGE ANALYTICS Alleviates disruptions caused by loss of connectivity to cloud
PARTNER APPLICATION LOGICDynamically enables partner logic and Thing authentication to run on iNode(T)
Analytics Platform
ProactiveFault Detection
iNode Network Management
CONTROL
3rd partyAnalytics
Data Center
Centralized Surveillance
HOSPITAL B
HOSPITAL A
DOCTOR
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
Edge Intelligence Enabled Smart BuildingC
LOU
DB
AC
KH
AU
LC
ellu
lar/
Fib
er
EDG
EEt
he
rne
t/W
iFiM
esh
THIN
GZi
gBe
e/Z
-Wav
e/W
iFi/
6Lo
WP
AN
/PO
E/B
LE
WAN OPTIMIZATIONFiltering, Compression, De-dup
SECURE PIPE Across iNode Network
QoSDual-ended, Bi-directional QoS
EDGE INTELLIGENCEData Filtering, Compression, De-dupRules & Actions
Security Systems
Access Control
Fire Alarm Systems
HVAC Systems
Lighting Controls
Environment Monitoring
EDGE ACTIONSReal -time
ENABLE EDGE ANALYTICS Alleviates disruptions caused by loss of connectivity to cloud
Device/Sensor Data
PARTNER APPLICATION LOGICDynamically enables partner logic and Thing authentication to run on iNode
DA
TA
PROVISIONPartner LogicPolicies
ANALYTICS DATASENSOR DATA
Analytics Platform
Third Party Analytics Provider’s Cloud HVAC System Vendor’s Cloud
DA
TA
MANAGEMENTDevice ManagementImage Management
HVAC Control
PredictiveAnalytics Analytics Platform
ProactiveFault Detection
Access ControlVendor’s Cloud
Fire Alarm System Vendor’s Cloud
LightingVendor’s Cloud
Energy Management
EdgeAnalytics Platform
Building Owner’s On-Prem Deployment
iNode Network Management
CONTROL
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
Real Time Analytics & Predictive Maintenance C
LOU
DB
AC
KH
AU
LC
ellu
lar
EDG
ETH
ING
WAN OPTIMIZATIONFiltering, Compression, De-dup
SECURE PIPE Across iNode Network
QoSDual-ended, Bi-directional QoS
DA
TAPROVISIONPartner LogicPolicies
ANALYTICS DATASENSOR DATA
Analytics Platform
DA
TA
MANAGEMENTDevice ManagementImage Management
Analytics Platform
Proactive Maintenance
ProactiveMonitoring
iNode Network Management
CONTROL
Analytics Platform
Third Party Analytics Provider’s Cloud
EDGE INTELLIGENCEData Filtering, Compression, De-dupRules & Actions
ENABLE EDGE ANALYTICS Alleviates disruptions caused by loss of connectivity to cloud
PARTNER APPLICATION LOGICDynamically enables partner logic and Thing authentication to run on iNode
PredictiveAnalytics
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
Edge Intelligence Enabled Scalable Smart CityC
LOU
DB
AC
KH
AU
LC
ellu
lar
EDG
EW
iFiM
esh
Cellular Gateway
THIN
GW
iFi,
ZigB
ee
, Z-W
ave
, BT
ENABLE EDGE ANALYTICS Alleviates disruptions caused by loss of connectivity to cloud
PARTNER APPLICATION LOGICDynamically enables partner logic and Thing authentication to run on iNode
WAN OPTIMIZATIONFiltering, Compression, De-dup
SECURE PIPE Across iNode Network
QoSDual-ended, Bi-directional QoS
DA
TAPROVISIONPartner LogicPolicies
ANALYTICS DATASENSOR DATA
Analytics Platform
Third Party Analytics Provider’s Cloud Street Light Vendor’s Cloud
CO
NTR
OL
EdgeAnalytics Platform
City Operations Center
DA
TA
MANAGEMENTDevice ManagementImage Management
Analytics Platform
Video CameraVendor’s Cloud
Parking MeterVendor’s Cloud
EDGE INTELLIGENCEFiltering, Compression, De-dupRules & Actions
TrafficAnalytics
ProactiveMaintenance
Traffic Signal Management
Street Light Monitoring & Control
Millions of sensors uploading terabytes of data
iNode Network Management
CONTROL
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
Edge Intelligence Enabled Scalable Smart EnergyC
LOU
DB
AC
KH
AU
LC
ellu
lar
EDG
EEt
he
rne
t/W
iFiM
esh
THIN
G
Sensors reporting terabytes of data on turbine units and control points
Fib
er
Op
tic
EDGE INTELLIGENCEFiltering, Compression, De-dupRules & Actions
ENABLE EDGE ANALYTICS Alleviates disruptions caused by loss of connectivity to cloud
PARTNER APPLICATION LOGICDynamically enables partner logic and Thing authentication to run on iNode
WAN OPTIMIZATIONFiltering, Compression, De-dup
SECURE PIPE Across iNode Network
QoSDual-ended, Bi-directional QoS
DA
TAPROVISIONPartner LogicPolicies
ANALYTICS DATASENSOR DATA
Analytics Platform
DA
TA
MANAGEMENTDevice ManagementImage Management
Analytics Platform
Solar PanelVendor’s Cloud
GeneratorVendor’s Cloud
AnemometerVendor’s Cloud
Utility Company’s/Third Party Analytics Provider’s Cloud Wind Turbine Vendor’s Cloud
Production Monitoring
Predictive Maintenance
iNode Network Management
CONTROL
EDGE ACTIONSReal -time
On-Prem Control Center
Operational Analytics
EquipmentMonitoring
EdgeAnalytics Platform
CONFIDENTIAL – Do not duplicate or distribute without written permission from IoTium
Edge Intelligence Enabled Industrial AutomationC
LOU
DB
AC
KH
AU
LC
ellu
lar/
Sate
llite
EDG
EEt
he
rne
t/W
iFiM
esh
THIN
G6
LoW
PA
N, I
WLA
NW
ire
less
HA
RT
WAN OPTIMIZATIONFiltering, Compression, De-dup
SECURE PIPE Across iNode Network
QoSDual-ended, Bi-directional QoS
PROVISIONPartner LogicPolicies
ANALYTICS DATASENSOR DATA
Analytics Platform
MANAGEMENTDevice ManagementImage Management
EDGE INTELLIGENCEData Filtering, Compression, De-dupRules & Actions
ENABLE EDGE ANALYTICS Alleviates disruptions caused by loss of connectivity to cloud
PARTNER APPLICATION LOGICDynamically enables partner logic and Thing authentication to run on iNode(T)
Analytics Platform
ProactiveFault Detection
iNode Network Management
CONTROL
3rd partyAnalytics
Data Center
The solution requirements
• Software Defined IoT Network– Seamlessly interconnect devices, Edge servers and multiple Cloud platforms– Centrally managed single pane view into the IoT network– Firewalled Device Network (Secured Perimeter)
• Multi-tenanted IoT Data Broker– Policy driven data forwarding between multiple cloud/on-prem destinations– Policy driven QoS and bandwidth optimization– Discrete data isolation, policy isolation and segmentation
• Edge Compute Services– Protocol adapter software lifecycle management– Network-wide deployment and visibility of services– Enable Edge analytics
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium
Interconnect Devices, Edge Servers and
Multiple Data Centers
WAN Optimization
Secure Pipe
Enables Edge Analytics &
Actions
Quality of Service
Zero Touch Provisioning & Management
The IoT Network done right!
THANKS!
CONFIDENTIAL – Do not duplicate or distribute without written permission from Iotium