SECURITY ISOLATION GATEWAY ENABLES TRULY CONTROLLABLE IOT ENVIRONMENT



Similar documents
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

WIND RIVER INTELLIGENT DEVICE PLATFORM XT

The Internet of Things starts with intelligence inside

IoT Solutions from Things to the Cloud

Affordable Building Automation System Enabled by the Internet of Things (IoT)

Exploration on Security System Structure of Smart Campus Based on Cloud Computing. Wei Zhou

NEW LIFE FOR EMBEDDED SYSTEMS IN THE INTERNET OF THINGS

Windows Embedded Security and Surveillance Solutions

IoT Solutions for Upstream Oil and Gas

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Vortex White Paper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems

Centralized Orchestration and Performance Monitoring

Securely Connect, Network, Access, and Visualize Your Data

TELE.SINTESE. The Internet Of Things. The Next Evolution Of Computing. Dr. Fernando Martins. Presidente & Diretor Executivo, Intel Brasil

Reimagining Business with SAP HANA Cloud Platform for the Internet of Things

SUN ORACLE EXADATA STORAGE SERVER

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)

Cloud based Holdfast Electronic Sports Game Platform

Parallels Server 4 Bare Metal

Selecting Dell Makes You Thrive

THE INTERNET OF THINGS IN COMMERCIAL AVIATION

Intelligent Network Management System. Comprehensive Network Visibility and Management for Wireless and Fixed Networks

SCADA Systems Automate Electrical Distribution

NetVision. NetVision: Smart Energy Smart Grids and Smart Meters - Towards Smarter Energy Management. Solution Datasheet

IOT the Last Miles. Tze Chiew (PSM) Jaap Breepoel (FAE)

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

Microsoft Private Cloud Fast Track Reference Architecture

SYMANTEC NETBACKUP APPLIANCE FAMILY OVERVIEW BROCHURE. When you can do it simply, you can do it all.

Dell s SAP HANA Appliance

Big Data: Business Insight for Power and Utilities

Quantum StorNext. Product Brief: Distributed LAN Client

The Shortcut Guide to Balancing Storage Costs and Performance with Hybrid Storage

Firm Uses Internet Service Bus to Enable Smart Grid for Dynamic Energy Savings

Big data platform for IoT Cloud Analytics. Chen Admati, Advanced Analytics, Intel

OPTIMIZING SERVER VIRTUALIZATION

Datasheet. Enterprise Gateway Router with Gigabit Ethernet. Models: USG, USG-PRO-4. Advanced Security, Monitoring, and Management


OPTIMIZATION OF PROCESS INTEGRATION

Circuit Protection is Key in Maintaining Growth for The Internet of Things

Get More Scalability and Flexibility for Big Data

IBM PureFlex System. The infrastructure system with integrated expertise

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

zseries 18-Slot Chassis 18-Slot 3U PXI Express Chassis with AC Up to 8 GB/s

Accelerating Microsoft Exchange Servers with I/O Caching

Unisys ClearPath Forward Fabric Based Platform to Power the Weather Enterprise

HUS-IPS-5100S(D)-E (v.4.2)

How To Use The Cisco Wide Area Application Services (Waas) Network Module

A UNIVERSAL MACHINE FOR THE INDUSTRIAL INTERNET OF THINGS. MultiConnect Conduit

Collaboration Accelerates the Internet of Things and Industry 4.0

Running Oracle s PeopleSoft Human Capital Management on Oracle SuperCluster T5-8 O R A C L E W H I T E P A P E R L A S T U P D A T E D J U N E

STORAGE CENTER WITH NAS STORAGE CENTER DATASHEET

AFDtek Energy Dashboard

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Smart wayside management software

Microsoft and Citrix: Joint Virtual Desktop Infrastructure (VDI) Offering

Overcoming Security Challenges to Virtualize Internet-facing Applications

The Internet of Things: Opportunities & Challenges

Testing Challenges for Modern Networks Built Using SDN and OpenFlow

HUAWEI OceanStor Enterprise Storage System Success Cases

Enabling Cloud Architecture for Globally Distributed Applications

Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

Cisco for SAP HANA Scale-Out Solution on Cisco UCS with NetApp Storage

Economic Benefits of Cisco CloudVerse

Symphony Plus Cyber security for the power and water industries

Intel: a Thought Leader Helping IoT Scale Out

Symantec Messaging Gateway powered by Brightmail

Five Essential Components for Highly Reliable Data Centers

White paper. Microsoft and Citrix VDI: Virtual desktop implementation scenarios

How To Protect Your Network From Attack From A Network Security Threat

Internet of Things. Key Enabler for the Digital Economy. Luis Jaraquemada VP Technology Huawei Chile

ABB North America. Substation Automation Systems Innovative solutions for reliable and optimized power delivery

Getting More Performance and Efficiency in the Application Delivery Network

Delivering Managed Services Using Next Generation Branch Architectures

WHITE PAPER. Building Blocks of the Modern Data Center

A powerful duo. PRIMEQUEST and SQL Server

StruxureWare TM Center Expert. Data

Z-TWS4. Multifunction Straton / LINUX Controller.

congatec AG How to come around the IoT data security challenges

COMPUTING. Centellis Virtualization Platform An open hardware and software platform for implementing virtualized applications

Applying Mesh Networking to Wireless Lighting Control

MOTOTRBO CONTROL ROOM SOLUTIONS SMARTPTT PLUS - TRBONET PLUS PREMIUM CONTROL ROOM SOLUTIONS FOR MOTOTRBO DIGITAL TWO-WAY RADIO SYSTEMS SOLD AND

Internet Of things. Petr Ulvr, Business Development Manager Intel Corp. CEE New Biz Virtual Team

White Paper. Innovate Telecom Services with NFV and SDN

The White Paper on China s Hospital Information System

NEXLINK STABLEFLEX MODULAR SERVER

Virtualization with Microsoft Windows Server 2003 R2, Enterprise Edition

Software-Defined Networks Powered by VellOS

Achieving Business Agility Through An Agile Data Center

UPnP: The Discovery & Service Layer For The Internet of Things April 2015

Integrating the customer experience through unifying software - The Microsoft Vision

APPLICATION DEVELOPMENT FOR THE IOT ERA. Embedded Application Development Moves to the Cloud

ORACLE VIRTUAL DESKTOP INFRASTRUCTURE

Transcription:

SECURITY ISOLATION GATEWAY ENABLES TRULY CONTROLLABLE IOT ENVIRONMENT RocKontrol RK-EMSG Series Security Isolation Gateway Whitebook: A Truly Controllable IoT Environment Based on Intel Atom Processor INNOVATORS START HERE.

EXECUTIVE SUMMARY While people s lives have changed dramatically as a result of the Internet over the past decade, the Internet of Things (IoT), based on the exchange of information directly between intelligent connected devices, is poised to bring about another wave of transformational change for people s lives in the future. In February 2013, the Chinese State Council issued its Guidance Opinion about Pushing Forward the Orderly and Healthy Development of IoT. Following that opinion, other ministries and departments, including the Ministry of Industry and Information Technology, NDRC, Ministry of Science and Technology, and Ministry of Education and Standardization Administration of P.R.C., jointly stipulated 10 Special Action Plans for IoT Development, as well as 47 national standards plans. Stimulated by a series of favorable policies, the industrial scale of IoT has been climbing rapidly. According to IDC s latest data, by 2020 the market value of IoT and its technology ecosystem will reach $8.9 trillion, and the number of connected devices will reach 212 billion units. Security is a foremost concern in IoT. When previously separated enterprise IT and industrial control networks are connected to each other or to the public Internet, they become vulnerable to intrusions that can disrupt operations, threaten safety, and result in the theft of sensitive data. China s RocKontrol Industry Co., Ltd. collaborated with Intel and Wind River to develop a solution to this challenge. The result of that effort is the RK-EMSG Security Isolation Gateway, which enables different enterprise systems to exchange data with each other or with external systems while preserving their physical separation. This white paper provides an overview of the RK-EMSG and the companies behind it, as well as some case studies of practical applications of the solution. TABLE OF CONTENTS Executive Summary... 2 Intel: Accelerating the Development and Deployment of IoT... 3 Developer Tools... 3 Rockontrol: Taking IOT into the Cloud... 4 Rockontrol Security Isolation Gateway Features... 4 Qualifications.... 5 Rockontrol Security Isolation Gateway Application Cases... 6 Case Study: Manufacturing Execution System... 6 Case Study: Online Monitoring System... 7 Conclusion.... 7 2 White Paper

Developer Tools Optional processor: Intel Quark SoC X1000 series and Intel Atom processor E3826 Wind River Intelligent Device Platform XT developer environment McAfee Embedded Control Security Technology INTEL: ACCELERATING THE DEVELOPMENT AND DEPLOYMENT OF IOT The global leader in computing innovation, Intel has designed and created key technologies, laying a solid foundation for global computing devices. In response to ever-expanding computing demands, Intel s IoT Solutions Group is speeding up innovations in the areas of technology R&D, product architecture design, service and support, and partnerships. By constructing a continuum of computing, the company has been actively promoting Intel architecture based smart networking devices in multiple sectors, including retail, transportation, communication, security, and energy, in order to help customers have familiar, unified, and customized application experiences from brand-new connected devices. By developing smart devices, providing end-to-end analysis capability, and connecting traditional devices to the cloud, the Intel IoT Solutions Group has been expediting the development and deployment of IoT, enabling formerly isolated systems to transform into networked devices, communicate among themselves and with the cloud, and share data, providing enterprises with access to critical information and driving business transformation. More than 85% of devices today are based on traditional, existing systems. As enterprises move toward IoT, therefore, they are in urgent need of transitional solutions for interoperability. It is not a simple matter of replacing the existing infrastructures. To address this challenge, Intel has joined with McAfee and Wind River to put forward Intel Gateway Solutions for IoT, which makes possible seamless communication between devices and the cloud by constructing the basic module to connect the traditional systems and new systems, and providing the general interfaces. Intel Gateway Solutions for IoT provides pre-tested and integrated hardware and software (including McAfee s embedded control and Wind River Intelligent Device Platform XT) that can help enterprise customers develop, create, and deploy the relevant application services more rapidly, and help focus their efforts on creating new value-added services. With these solutions, users can adopt more reliable approaches to collecting and filtering data, and to sharing it between edge devices and the cloud, for a variety of tasks, including monitoring high-value industrial assets, manufacturing automation, power grid automation, commercial vehicles, and more. 3 White Paper

ROCKONTROL: TAKING IOT INTO THE CLOUD RocKontrol is a high-tech enterprise dedicated to providing solutions for IoT, cloud computing, and Big Data applications. In addition to its traditional coal mine safety monitoring service, it is also expanding its service to power plant operation and environmental monitoring, aiming to become a leading IT conglomerate encompassing top-notch design, software development, intelligent products, and system integration and operation services. Since it started to build up a base in Taiyuan High-Tech Park in 2004, RocKontrol has undergone several transformations. Today, RocKontrol owns a total of 200,000 square meters of industrial sites in Beijing, Shanghai, Taiyuan, Jinan, Erdos, and other locations, housing more than 1,000 technology developers. Its core technology team includes experts from overseas. The company also hosts three invited experts from the Organization Department of the Central Committee of the CPC s 1000-elite plan, several state-level experts, and experts authorized by the State Foreign Experts Bureau, as well as a technical team comprising several hundred doctoral candidates. It has set up academic workstations and postdoctoral workstations. It is the mecca of the national IoT, cloud computing, and Big Data technology R&D and talent. RocKontrol has been pursuing a strategy of cloud + client that is, delivering a perfect combination of IoT application, cloud computing, and Big Data in a bid to help users forge integrated solutions and services and ensure the technical application of IoT through a unified professional platform, all while reducing the costs of building and maintaining the platform. To that end, RocKontrol has established a Big Data center with 50,000 highend servers and 500,000 cloud hosts, as well as the first public IoT in the world, setting up industrial clusters and pushing forward the overall development of the industry. Li Wei, president of RocKontrol, has witnessed the birth and development of IoT. In his words, the early-stage IoT has many problems, such as the integrity of data and real-time transmission. Only by collecting genuine and real-time information on a large scale can a true IoT be developed and used to create a more intelligent world. The development of IoT needs to be closely linked with computing capability and data analysis, he says. When new information is collected, what is presented at last is the data value. The whole process is in special need of technical support such as cloud computing. As an IoT enterprise, establishing an IoT service platform based on cloud computing is our emphatic development orientation. ROCKONTROL SECURITY ISOLATION GATEWAY FEATURES With industrial enterprises facing higher requirements for informatization, meaning using information to drive development, they have an increasing need for in-depth mining and utilization of production data. This is especially true as production and management techniques become more sophisticated. Many key decisions are based on an enterprise s production data analysis. This requires enterprises to connect their DCS, SCADA production control systems, and corporate information systems, or to connect their corporate information systems to the public service network. Currently, enterprises generally purchase common communication gateways or firewalls to achieve connectivity between different systems. These methods eliminate physical system isolation, which raises significant Internet security risks. What s more, users have to develop or purchase the associated protocol data collection and forwarding software when adopting these methods, which increases the complexity and cost of implementing the solutions. To address this issue, RocKontrol introduced the RK-EMSG Security Isolation Gateway in November 2013. It is designed to create secure physical isolation between data switching systems and information systems. It is mainly used in heavy industries such as power generation, steel, and petrochemical. The first product is based on the Intel Atom D525 platform, which provides powerful computing capabilities and high-speed, rich peripheral bus interfaces to connect protocol data to information networks in a more reliable way. 4 White Paper

Device Selection List Criteria RK-EMSG-P18A System architecture Dual-host, 2+1 architecture CPU Intel Atom x 2 Hardware Spec. RAM 2GB x 2 Control interface 10/100M RJ45 x 4 Information interface 10/100M RJ45 x 4 Console Input Yes, at control end AC 100V~240V, 50-60Hz Power Power <120W Backup Yes, redundant hot swap power Product Installation Method 2U, standard 19 rack mount Size 650 x 430 x 88mm (L x W x H) Nodes 10000 Performance parameters latency <1ms Concurrent connections >10000 Configuration tools Yes Operation environment Monitoring tools Operation Temp. Storage Temp. Humidity MTBF Yes -20 0 C ~ +50 0 C -40 0 C ~ +80 0 C 10%~95%, non-condensed 30000 hours Qualifications: Qualifications GB/T 20279-2006 Technical requirements for information security technical GB/T 17626.4-1998 Electrical fast transient immunity test network and terminal device isolation parts GB/T 20279-2006 Technical requirements for information GB/T 17626.5-1998 Surge (Impact) Immunity Test GB/T 20277-2006 Testing and evaluation methods of information security technical security technical network and network terminal and device terminal isolation device parts isolation parts GB 6587.4-1986 Electronic measurement instrument vibration GB/T 17626.2-2006 20277-2006 Testing Electro-Static and evaluation Discharge methods test of information test GB/T security 17626.3-1998 technical network Electromagnetic and terminal compatibility device isolation test parts GB/T 17214.1-1998 Industrial-process measurement and control GB/T 17626.4-1998 17626.2-2006 Electrical Electro-Static fast transient Discharge immunity test test environmental test GB/T 17626.5-1998 Surge (Impact) Immunity Test GB/T 17626.3-1998 Electromagnetic compatibility test GB 6587.4-1986 Electronic measurement instrument vibration test GB/T 17214.1-1998 Industrial-process measurement and control environmental test 5 White Paper

The RK-EMSG Security Isolation Gateway features 2+1 physical isolation system architecture with two independent hosts to two networks. The two hosts are connected with dedicated hardware isolation devices for switching of specific application data. Without a network connection, there will be no channel for attacks, physically isolating networks from direct connection. While ensuring secure network isolation, the RK-EMSG s built-in data collection and forwarding functions support common data access protocols such as PC, Modbus, DL/T645, CJ/T188, and SQL database interfaces. With support for rich protocols and easy scaling, it is designed to meet customers demands and lower implementation barriers. Along with the Intel Atom hardware platform, RocKontrol RK-EMSG secure isolation gateway also features the Wind River commercial edition of Linux, Wind River Linux, and Wind River Intelligent Device Platform XT for improved stability and security. ROCKONTROL SECURITY ISOLATION GATEWAY APPLICATION CASES A typical industrial enterprise network includes a management information system (connected to the corporate information network), production control system (connected to the corporate control network) and field data collection instruments. If collected information needs to be uploaded to the management platform, the systems need to be connected to a WAN. How to achieve information security isolation and protect the enterprise s information network from outside attacks, while keeping control network devices running stably, is a challenge enterprises face in configuring their systems. Case Study: Manufacturing Execution System With the ongoing trend of corporate informatization, the manufacturing execution system (MES) has gradually become a standard component of the enterprise information system. MES is pivotal for an enterprise s CIMS information integration, and the technical foundation for achieving an agile manufacturing and production strategy. During the process of building the MES, the system needs all the enterprise s real-time data. This requires the enterprise to connect its distributed control system (DCS), supervisory control and data acquisition (SCADA) production control system, and MES. The production control system is directly related to an enterprise s production uptime and safety, so security must be ensured. The RK-EMSG Security Isolation Gateway ensures not only that real-time production data is safely and accurately transmitted to the MES, but also that the MES does not have any negative impact on the production control system. The RK-EMSG Security Isolation Gateway s typical application in MES system is as follows: The security isolation gateway is an independent double-host structure, consisting of a control terminal and an information terminal. The interface of the control terminal is connected to the devices or systems of the enterprise s production control network. The gateway is embedded with various bus protocols on the production control site, which can collect all real-time production data from the field devices. The information terminal of the security isolation gateway is connected to the information network of the MES system. The gateway can utilize its internal isolation mechanism and transmit the data acquired at the control terminal to the information terminal safely. The information terminal can then utilize the embedded communication protocol and transmit the data to the real-time database of the MES system. As a result, it can both realize the transmission of data in two networks, and ensure the safe isolation of each network. The system needs only one device-security isolation gateway to meet the functional requirements, which simplifies the systematic structure and facilitates on-site execution. 6 White Paper

Case Study: Online Monitoring System An online monitoring system for energy consumption enables the government to collectively monitor, manage, and decide on all enterprises energy consumption. The implementation of online monitoring for energy consumption can provide different levels of service for all levels of energy reduction management authorities, industries, and enterprise users, and create a benign social effect. At the same time, the enterprises being monitored can learn their energy consumption analysis results and receive suggestions for improvement, resulting in direct or indirect economic benefits. In the online monitoring system for energy consumption, enterprises must provide a variety of energy consumption data to the system s data center server. Because an enterprise s energy consumption data is valuable information, it generally resides in a high-level network that ensures absolute security, while the data center server is generally inside the public Internet. The enterprise, therefore, must consider the issue of network security, ensuring that its internal network is protected from attack or adverse impact when the data is being transmitted. The RK-EMSG Security Isolation Gateway s typical application in an online monitoring system for energy consumption is as follows: The security isolation gateway is an independent double-host structure, consisting of a control terminal and an information terminal. The interface of the control terminal is connected to an enterprise s internal network. The enterprise s energy consumption data is generally stored in its various relational databases, realtime databases, and MES. The protocols embedded in the gateway support all kinds of databases and information systems, which directly collect all energy consumption data from the enterprise s internal network. The information terminal of the security isolation gateway is connected to the public network of the online monitoring system for energy consumption. The gateway can utilize its internal isolation mechanism and transmit the data acquired at the control terminal to the information terminal safely. The information terminal can then utilize the embedded professional energy consumption communication protocol and transmit the data to the real-time database of the monitoring system. As a result, it can achieve the transmission of data in two networks, and ensure the safe isolation of each network. The security isolation gateway has several independent physical interfaces. If an enterprise s internal data servers are all inside one network, only one security isolation gateway is needed to complete systematic construction, which can greatly facilitate onsite execution. CONCLUSION The Internet of Things can deliver on its promise of business transformation only if the systems connected to it are protected from outside intrusion. Supported by the technologies and expertise of Intel and Wind River, RocKontrol has made the secure exchange of data among IoT-connected systems a reality, enabling industrial enterprises to drive efficiency gains and optimize the value of the wealth of data housed in their systems. Wind River is a world leader in embedded software for intelligent connected systems. The company has been pioneering computing inside embedded devices since 1981, and its technology is found in nearly 2 billion products. To learn more, visit Wind River at www.windriver.com. 2014 Wind River Systems, Inc. The Wind River logo is a trademark of Wind River Systems, Inc., and Wind River and VxWorks are registered trademarks of Wind River Systems, Inc. Rev. 11/2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information