SimpleConnect Product Brochure

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

SimpleConnect™ Product Brochure

Segment and secure your industrial networks

Network Device Network

Device

Shared

(2)

SCMP-1p

Manages 50 Licensed ISAs (9.8”L x 17.2”W x 1.7”H)

SCMP-2p

Manages 250 Licensed ISAs (19.8”L x 17.2”W x 1.7”H)

SCMP-3p

Manages Unlimited Licensed ISAs (25.6”L x 17.2”W x 1.7”H)

SimpleConnect™ Product Brochure Page 02

SimpleConnect™ Product Brochure

Segment and secure your industrial networks

The SimpleConnect™ product line provides a centrally managed security appliance solution that meets the network integration challenges facing the modern industrial enterprise and aligns with industry best-practice cybersecurity standards and architectures. SimpleConnect™ leverages existing network infrastructure to efficiently enable industrial connectivity that is secure by default while being very easy to use.

SimpleConnect™ Management Platform (SCMP)

• ‘Single pane of glass’ web-based management • Available as physical or virtual appliances

Industrial Security Appliances (ISAs)

• 8 ISA models with multiple connectivity options • Available as physical or virtual appliances

SimpleConnect™ Management Platform (SCMP)

SimpleConnect™ Product Overview

SimpleConnect™ consists of two tightly integrated components:

SimpleConnect™ Product Line

The SimpleConnect™ Management Platform (SCMP) enables ‘single pane of glass’ administration throughout the lifecycle of a SimpleConnect™ deployment. Once SimpleConnect™ Industrial Security Appliances (ISAs) register to the SCMP, a user who is logged into the web-based UI is able to:

• Create secure private networks

• Delegate management of each private network to authorized users

• Add ISAs to private networks

• Define automation devices behind each ISA

• Configure communication security policies for ISAs and devices

• Centrally govern, audit, and monitor private networks, ISAs and devices

(3)

Industrial Security Appliance 100 Series (ISA-100)

ISA-100e

• 2 x RJ45 Gig-E • 1 x RJ45 Gig-EISA-100w

• 1 x 802.11abg

ISA-100g

• 1 x RJ45 Gig-E

• 1 x 3G Cellular

The Industrial Security Appliance 100 (ISA-100) series of security appliances is a small form factor, industrially hardened device with a secure network throughput of 5 Mbps (megabits per second). The ISA-100 series are optionally DIN rail mountable, accept a wide range of DC input and can connect to the untrusted shared network with wired Ethernet, WiFi, or 3G cellular.

Industrial Security Appliance 200 Series (ISA-200)

The Industrial Security Appliance 200 (ISA-200) series of security appliances is a medium form factor,

industrially hardened device with secure network throughput of 15 Mbps (megabits per second). The ISA-200 series is optionally DIN rail mountable, accepts a wide range of DC input, can connect to the untrusted shared network with wired Ethernet, WiFi, or 3G cellular connections and supports failover across these different connection types.

ISA-200e

• 2 x RJ45 Gig-E • 2 x RJ45 Gig-EISA-200w

• 1 x 802.11abg ISA-200g • 1 x RJ45 Gig-E • 1 x 3G Cellular Dimensions: 4.6”L x 1.8”W x 1.5”H Dimensions: 4.1”L x 7.0”W x 1.6”H

(4)

The Industrial Security Appliance 400 (ISA-400) is a 1U rack mounted data center grade security appliance. The ISA-400 has a secure network throughput of 120 Mbps (megabits per second), and has 4 ports on the private network and 2 ports on the shared network.

Industrial Security Appliance 300 (ISA-300)

The Industrial Security Appliance 300 (ISA-300) is a 1U rack mounted data center grade security appliance. The ISA-300 has a secure network throughput of 60Mbps (megabits per second), and has 4 ports on the private network and 2 ports on the shared network.

Industrial Security Appliance 400 (ISA-400)

SimpleConnect™ Product Brochure Page 04

All SimpleConnect™ products include 90 days of technical and firmware support. Physical SCMP and ISA products are backed by a one year hardware warranty covering manufacturer defects.

Maintenance may be purchased separately and includes ongoing technical support and firmware updates for both the SCMP and ISA products, as well as an extended hardware warranty.

Dimensions: 25.6”L x 17.2”W x 1.7”H Dimensions: 9.8”L x 17.2”W x 1.7”H

(5)

A SimpleConnect™ deployment requires a SimpleConnect™ Management Platform (SCMP) and two or more Industrial Security Appliances (ISAs).

SimpleConnect™ operates on the principle of ‘Network Whitelisting’ which means only the communications specified are allowed. Each ISA has a unique cryptographic identity and the collection of ISA identities is what establishes a Private Network. Once ISAs know which peer ISAs they are allowed to communicate with, the ISAs establish point-to-point VPN tunnels to one another. The Network Devices behind each ISA communicate with one another as if they are connected to each other on a local switch, yet their communications are secured over the untrusted Shared Network. Additionally, the ISAs enforce the user-defined communications security policies as defined in SCMP, to further constrain network device connectivity to an absolute minimum. SimpleConnect™ strengthens the security posture of each Network Device by providing localized perimeter security.

SimpleConnect™ Base Use Case

SimpleConnect™ Use Case Diagrams

Network Device Network

Device

Shared

(6)

SimpleConnect™ Product Brochure Page 06

SimpleConnect™ can be used to efficiently and securely extend your existing process network to new locations. In this example, a Private Network is created using SimpleConnect™ to provide secure connectivity from the new sites to the existing assets on the Process Network. Both the water reclamation site and the quality lab have corporate network availability.

SimpleConnect™ Network Extension

Water Reclamation Site Existing Plant Control Shared Network Plant Historian Plant HMI Plant PLC Process Network Quality Lab W

Process Networks are often designed and implemented as flat, trusted networks with external access mediated through a Demilitarized Zone (DMZ). SimpleConnect™ can be used to strengthen device security by segmenting the flat Process Network into smaller, protected local automation cells.

SimpleConnect™ Network Segmentation

SCADA WWW Corporate   Network Historian HMI PLC Process Network DMZ PLC SWITCH PLC PLC Secure Tunnel (M odbus / TCP only) Secure Tunnel - OPC only

Secure Tunnel (h ttp only)

(WinC C Only)

(7)

Use SimpleConnect™ to manage and obtain secure remote access to internal process networks from home or anywhere you connect.

SimpleConnect™ Remote Access

Home Internet Process Network PLC User VM VIRTUAL 2x Auth Portal VHOST SWITCH

SimpleConnect™ makes remote access easy to configure, secure, and manageable, while constraining access to just the required systems. Communication policies are defined using a web UI on the SCMP, and the ISAs then enforce these policies. The policies allow (or deny) the Devices to communicate with each other and remote Servers and Users, through the ISA Secure Tunnels, as if they were directly connected to each other.

SimpleConnect™ Cellular Remote Access

Secure Tunnel Secure Tunnel g g Device 01 Mobile User Device 02 Device 03 User 01 g Server 02 Server 01 g VIRTUAL WEB UI

Internet

Cloud or Corporate Data Center

VIRTUAL Cell Network Secure Tunnel Secur e T unnel Secur e T unnel

Figure

Updating...

References

Updating...