Our technologic partner: GEMINI
SECURE TWO-WAY DATA TRANSFER
The solution leverages hardware enforced two one-way circuits based on FPGA technology.
Hardware Enforced architecture guarantees an unidirectional data flow at physical level in each direction.
Eliminates the risk of software vulnerabilities and misconfiguration.
The OT network is invisible to all outside networks.
Optionally Integrated with industry standard protocols for protocol break in both direction.
INTRODUCTION
Critical infrastructure and Industrial environments have safety & operation critical networks disconnected from other networks. With the 4th Industrial Revolution and the Digital Transformation, these critical networks cannot stay isolated any longer and need to exchange data with the plant’s IT network, the corporate network and even further with the Cloud. To maintain an acceptable level of cyber security, the OT network needs to stay invisible to outside networks. The OT network needs to to deny all and allow only by exception a very limited number of network traffic strictly controlled. To make the data accessible to outside networks while maintaining the necessary level of cyber security, GEMINI is the hardware enforced Cerberus guarding the gate of the OT network.
The solution uses FPGA to control 100% which traffic is allowed in and out of the OT Layer 3.5 DMZ. Only strictly and explicitly allowed traffic can go through GEMINI through two one-way data channels. Optionally, additional software proxies can offer protocol break for Industrial protocols adding an extra layer of security.
SPECIFICATIONS
Mounting and Space
Network Interface
Maximum number of connection
Maximum number of channels
Power Input
Throughput
19” Rack Mounting, 1U Rack Space
2* Copper or Fiber Multimode, 1* management interface
1024
32
110-230V AC, 50-60 Hz
1 Gbps
SUPPORTED PROTOCOLS
Applications / Use Case
Optional Protocol Break
File transfer
Oracle, MSSQL, MYSQL, PostgreSQL
OSISoft Pi servers’ data and metadata replications
Honeywell PHD Server Replication
AspenTech IP 21 Server Replication
No outgoing connection!!
Smart City, iot, iiot
Syslogs, Windows Logs, IBM QRADAR, Splunk
Automation Data replication
Automation Data replication
Baker Hughes Bently Nevada S1 for Condition Monitoring System
FTP/SFTP/FTPS
SMTP
Database Replication
OSISoft Pi
Honeywell PHD
AspenTech IP21
Remote Access
M Queue, MQTT, Generic Queue
Logs and Events
OPC UA, Modbus
OPC DA, A&E
BH Bently Nevada 51