Our technologic partner: GEMINI

SECURE TWO-WAY DATA TRANSFER

  • The solution leverages hardware enforced two one-way circuits based on FPGA technology.

  • Hardware Enforced architecture guarantees an unidirectional data flow at physical level in each direction.

  • Eliminates the risk of software vulnerabilities and misconfiguration.

  • The OT network is invisible to all outside networks.

  • Optionally Integrated with industry standard protocols for protocol break in both direction.

INTRODUCTION

Critical infrastructure and Industrial environments have safety & operation critical networks disconnected from other networks. With the 4th Industrial Revolution and the Digital Transformation, these critical networks cannot stay isolated any longer and need to exchange data with the plant’s IT network, the corporate network and even further with the Cloud. To maintain an acceptable level of cyber security, the OT network needs to stay invisible to outside networks. The OT network needs to to deny all and allow only by exception a very limited number of network traffic strictly controlled. To make the data accessible to outside networks while maintaining the necessary level of cyber security, GEMINI is the hardware enforced Cerberus guarding the gate of the OT network.

The solution uses FPGA to control 100% which traffic is allowed in and out of the OT Layer 3.5 DMZ. Only strictly and explicitly allowed traffic can go through GEMINI through two one-way data channels. Optionally, additional software proxies can offer protocol break for Industrial protocols adding an extra layer of security.

SPECIFICATIONS

Mounting and Space

Network Interface

Maximum number of connection

Maximum number of channels

Power Input

Throughput

19” Rack Mounting, 1U Rack Space

2* Copper or Fiber Multimode, 1* management interface

1024

32

110-230V AC, 50-60 Hz

1 Gbps

SUPPORTED PROTOCOLS

Applications / Use Case

Optional Protocol Break

File transfer

Email

Oracle, MSSQL, MYSQL, PostgreSQL

OSISoft Pi servers’ data and metadata replications

Honeywell PHD Server Replication

AspenTech IP 21 Server Replication

No outgoing connection!!

Smart City, iot, iiot

Syslogs, Windows Logs, IBM QRADAR, Splunk

Automation Data replication

Automation Data replication

Baker Hughes Bently Nevada S1 for Condition Monitoring System

FTP/SFTP/FTPS

SMTP

Database Replication

OSISoft Pi

Honeywell PHD

AspenTech IP21

Remote Access

M Queue, MQTT, Generic Queue

Logs and Events

OPC UA, Modbus

OPC DA, A&E

BH Bently Nevada 51