Building Better Data Foundations for Secure & Robust OT, IT & Cloud Data Integration

Summary

The exchange of data between OT, IT and business systems and to the cloud plays a pivotal role in ensuring efficient and robust industrial operations. With a wide range of technologies implemented by suppliers in each area, it can be challenging to determine how to manage it all. Solutions must be secure, robust and support a variety of integration points. Solutions that can deploy on cost-effective edge devices empower wide solution reach. Workforce capacity limitations demand solutions that are sustainable over time without the use of custom software code.

In this article we will explore both secure movement of data and bidirectionally transforming data from sources such as web services that are typically used in IT & business applications to the OPC protocols found in OT applications, without writing custom code.
 

Secure data movement

In our 28 years in the operations technology (OT) space empowering data integration with our end user, integrator and machine builder partners, we also have built skills in IT concepts, applications and concerns. 

In the industrial control space, it’s common for an engineer to ask IT to open a port on a firewall, router, or other network device to connect between certain systems and/or control devices. We’re not just talking to the public internet, but even between network segments such as control and business networks. It’s also common for the IT department to have serious concerns about security risks potentially introduced to all the company’s networks by opening a port. This often leads to difficult conversations, which we find are becoming more difficult and require balancing different priorities and perspectives.

These conversations used to focus on the issue of opening ports and limiting access to certain sources, or securing communications via VPNs. Modern threats have rendered those solutions inadequate. Our clients are telling us they now must navigate DMZs and proxy servers and do so without adding significant latencies.  They also want the software to handle IoT protocols such as MQTT/Sparkplug, OPC and more. 

The most sophisticated users are setting up configurations where connections are reversed and the most at-risk networks only push data up as shown below. If they allow bidirectional flow, they want the tunnels or channels of reads and writes separated, all while employing encryption and other security measures. Software Toolbox’s team is helping user around the world solve these problems with the Cogent DataHub.



You can learn more about why VPNs and port management aren’t sufficient and see a video demonstration using the links below.

• Firewall Ports: There's More to It and Why Your IT Team Has Concerns
• Moving OT data without opening inbound firewall ports
• Video Tutorial – Secure Data Tunneling

Once you have secured the data transmission, there is still the matter of different sources and destinations and accompanying protocols.
 

Inclusive data source support, data transformation and edge processing

Our team is regularly asked by clients about dealing with the demand for streaming of data from a wide range of sources to the cloud. 

In a recent Automation.com newsletter you may have seen, we discussed the use of the JSON data format that is popular in RESTful web service data exchange. Too much unsustainable custom code is being installed in user systems when JSON and REST are used.  You can learn more about how OPC Router removes the need for custom code in our detailed No Code JSON Handling tutorial.



That article focused on just one aspect of what is known as Extract, Transform, & Load (ETL). Our application consultants recently explored this solution area and how OPC Router empowers transformation solutions such as REST to MQTT, CSV to FTP, & XML to REST
.

But what about other data sources such as databases, process historians from AVEVA such as the PI System, InfluxDB, OPC standards such as OPC A&E, UA A&C, streaming destinations such as Kafka, Amazon Kinesis, Azure IoT Hub and others?  

Software Toolbox has multiple solutions that integrate with these platforms, which benefits you because we can focus on talking about the problem and evaluate what the right solution might be.  We’ll share some examples here but if you are facing these challenges, we encourage you to engage with our team.

A challenge we’ve noticed is that users often just dive into a specific requirement, without stepping back to ask about the bigger picture of what they are trying to accomplish. This can result in siloed data and technology ecosystems, orphaned integrations, duplication of effort and more. Recently, our team sat down for a video chat to discuss Building Better Data Foundations for Manufacturing. I highly recommend you watch and learn.



Let’s now look at some of the tools that we offer that empower better foundations besides Flow which is discussed in the above video and look at other challenges in moving data around and making sense of it.
 

Cogent DataHub: Secure, DMZ and proxy friendly, high-performance OT, IT and Cloud Integration

The Cogent DataHub, mentioned earlier for its strength at secure data integration, provides native read/write data to InfluxDB open source (OSS), Enterprise & Cloud and comes with Grafana & Chronograf support built in.  Data Sampling helps you manage the rate at which you deliver data, which believe it or not, can be a problem for some cloud solutions. Store & forward ensures the data gets there.  When combined with DataHub’s extensive OPC Classic and OPC UA client/server interfaces, MQTT SparkplugB client & broker support, secure DMZ and proxy friendly tunneling, and scalability to over 1 million tags with low latency added to data transfers possible, the DataHub is a solution to consider.  Learn more about how DataHub works with InfluxDB and more about DataHub in general

.
DataHub also provides native integrations with AVEVA solutions including InSight, Historian, & the PI System (formerly OSIsoft PI System). Native store & forward support, data sampling, extensive OPC interfaces and MQTT SparkplugB completes the solution.  Lastly, the Cogent DataHub also supports delivery of OT & IT data to Amazon Kinesis.

 

OPC router: Visual workflow, scalable cloud, OT, IT, ERP and SAP Integration Software

The OPC Router, also mentioned earlier for it’s ETL tools and code-free integration of web services, brings its own approach to integration with InfluxDB, Apache Kafka, OPC, SAP, ERP and more. Although all of Software Toolbox’s offerings are focused on rapid time to value, the OPC Router has a particular strength in its visual workflow editor, combined with the ability to templatize workflows and mass configure large # of instances with different settings through Excel import.

Another important differentiator for OPC Router is its ability for solutions to be deployed in Docker containers on Linux edge devices or Windows systems to meet a variety of solution architectures.  Configuration of OPC Router is all done in a browser, whether you are deploying to Windows or Linux in Docker.  Growing needs for edge processing make OPC Router a strong fit. You build your data transformation and calculations visually, right on the edge device, or on a Windows PC and deploy to the edge device. OPC Router even deploys the Docker Container for you.  Support for Kubernetes deployment with provided Helm charts empowers large scale deployments.



If Apache Kafka and its producer/consumer model is part of your solution stack or will be, you’ll want to look at how OPC Router integrates its variety of data sources and destinations, including but not limited to ERP systems, OPC & SAP.  Learn more about OPC Router Apache Kafka Streaming



OPC Router also offers a bi-directional InfluxDB interface. The differentiators for this solution are the available ERP & SAP integration, visual workflows and templatizeable configuration. Our technical team  has made available a video workshop demonstration of OPC Router to InfluxDB Integration.

Conclusions

OT/IT/Business data interchange requires consideration of the security of data transport, and then the needs to transform the data between formats, all without the use of custom software and code. Software Toolbox provides multiple flexible off-the-shelf solutions combined with the expertise to support users, integrators and OEMs in their implementations.  

• Building Better Data Foundations for Manufacturing
• Flow – A Better Data Foundation for Manufacturing
• Cogent DataHub
• OPC Router

Engage with our team for free consultations focused on solving problems, not pushing a single product solution.