Sponsor Showcase
Swiss army knife for connecting to OSI Edge and OSI Core
Business Challenge
Providing network isolation between the control network and IT or the Internet is now the new normal. The requirement to access your data is critical for your analytics, deep learning models, your customers and your partners. Yet gaining secure access to that data is difficult, a problem that most current solutions fail to solve.

As we all know, OPC requires the client to connect to the server. If your server is in the control network, you must open an inbound firewall port to access this data. But in today’s cyber security climate, opening a firewall port is too risky, as it creates an attack surface that can be used by cyber criminals.

One option that has been suggested is to provide a relay in the control network to push data outbound to the cloud. This approach is also restricted, as it requires the control network to have outbound internet access. This too is highly limited, and it does not provide an option to allow bi-directional communications.

A new solution needs to be implemented, one that allows data to flow, provides secure bi-directional communications, and that can connect to OSIsoft Core and OSIsoft Edge.

Problems addressed and background
From our existing customer base and installation history, we have identified two common implementation scenarios used to centralize production data for OSI Core or OSI edge. In each case, the client uses DataHub middleware to acquire, aggregate and mirror production data securely from the control network to the corporate network, where it is then made available to OSI Core or OSI Edge.

Details of the solution
The secret to making secure connections is that the DataHub program reverses the OPC UA and OPC DA client/server paradigm. It mirrors data from one network to the other, without requiring any inbound firewall ports. Using this approach you can aggregate the data at the source and mirror it to a DMZ securely, where it is then connected to OSI Core or OSI Edge.

By implementing a DataHub instance in each network layer, production data is both aggregated and seamlessly mirrored between each network, keeping all inbound firewall ports closed, leaving zero attack surface. From level 3.0/3.5 of the Purdue model, the DataHub program makes this data available for OSIsoft Core and OSIsoft Edge using the protocols that each supports.

Results and Benefits
With secure access to your industrial data connected to OSI Edge or OSI Core, you now have access to advanced analytics, the ability to develop your deep learning models, and to share production data with your customers and partners. All of this is available without compromising on security or requiring any changes to your IT policies.

Takeaways and next steps
Previously most of our customers implemented analytics in the field at some locations only, and rarely integrated machine learning models. But after implementing DataHub middleware, customers are getting all the data in real-time across the network and can take full advantage of OSI solutions.

Connecting to OSI Core and OSI Edge using this secure approach will help you derive value from your data and empower your customer and partner initiatives—without exposing your plant network to outside attacks.