I have been troubleshooting the Twilio service that handles SMS notifications. After spending much of the day working on this the customer would now like to switch to using a cellular modem rather than using Twilio. I have been researching the user manual for information on how to move forward on this transition. I saw that Inductive Automation officially supports three Airlink devices, the RV50/RV50X, RV55, and LX40. All these devices are Sierra Wireless devices. Is there something that makes these modems so special? The customer I am working with already has Cradlepoints and I would like to know if these could be used instead.
Yes, Ignition's SMS module isn't for use with generic SMS modems, it's for a proprietary API supported by the Sierra Wireless modems.
I would try to convince your customer to stick with Twilio if you can. The days where Joe Schmoe can buy a cellular modem and blast out SMS indiscriminately are quickly coming to an end. In 5 years or less I'd bet that's just not a thing any more. It'll be a quaint memory, like how you could run your own email server a decade or two ago and actually expect it to work.
I absolutely knew you ran at least one email server and was thinking about it when I wrote that. I almost tagged you. But running your own mail server makes you an anachronism at this point.
There is plenty of activity from us little people on SMTP/IMAP-focused mailing lists, and the recipes to have a mail server play nicely in the modern world are well documented (locked-down relaying, then SPF and DKIM, most importantly). It isn't trivial, but it is not rocket science. Anyone who can set up their own cloud server with DNS and reverse DNS should grok the email requirements in DNS, too.
Setting up for private/internal use IS trivial. Enterprises that don't do so for their automation requirements make me scratch my head.
I am confused by your prediction. I am using the Sierra Wireless SMS alarming on several projects and don't want that to stop working. How is an RV50 connected to Ignition's SMS alarming module any different from the cellular provider's perspective than Joe Schmoe with a smart phone?
My prediction is not an indicator that IA is going to stop supporting these modules/hardware or do anything to make it stop working... just my prediction on where the celluar/telco industry is heading...
If nothing else, there will be more regulatory hoops to jump through. We already saw this with Twilio 10DLC registration.
I am currently debating between Twilio and an Airlink RV50. I don't really follow what you are saying. In fact, you listed a reason to NOT go with Twilio (10DLC registration) but have not pointed to any specific reason to NOT go with the Airlink device. Can you elaborate? Any new information to share in the last year and a half?
The Sierra modems are a massive security risk. They can’t be configured with a gateway address, so you have to have them on the same subnet as the ignition servers. That is a no go for most IT departments as the normal rule is that server subnets should never leave the datacenter/server room for physical access security. Also the modems themselves are just not great and terrible to set up, even with the IA guide.
Twilio is a pain, lots of hoops to jump through to prevent spam in most countries, and they are geared as a company to bulk campaign SMS, not low volume, high reliability. This means they are not worried about downtime for their services as most of their customers don’t care much about a couple hours of delay for the messages. Here in Aus we have a lot of downtime from twilio and customers get disillusioned very fast.
I’m interested in a source on this one. Those acronyms you mention are US ones and I see no references to sharing server networks outside administrative zones without firewalls in the research I have done. The world uses IEC 62443 for manufacturing network security standards. Again I can’t find backup for this approach being wrong.
CISA has presented at ICC in the past and handed out non-re-distributable material. But most is public. They key is that SCADA servers and their databases belong on the plant network with the devices, and the innermost firewall is between that plant network and the rest of the world.
(This is one of the reasons that I consider Windows unsuitable as either gateway's or DB's OS--it is not safe to run Windows in production on the same LAN as poorly-secured (or unsecured) manufacturing equipment.
This bit here still supports my notion that a 4G device should be outside that inner firewall, wherever your servers are located inside that zone.
This may be true, but there is no reason the VLAN/subnet with the servers on it needs to be on a network physically outside the plant network server room, that’s what the plant network routers exist for. This forms your Layer 2 ACL boundary that protects the server from broadcast traffic, bad ip configurations and nefarious actors that have plant level network port access.
The entire CPwE design uses VLANs and routing for logical separation of all devices on the floor that are unrelated, this is just the extension of that.
If you are routing between your plant automation devices and your SCADA, you have to put forwarding gateway addresses in them. While that's fine for certain well-defended technologies, the vast majority of small devices are too vulnerable to be trusted with routing. That's why the SCADA server belongs in the same subnet. (It doesn't need to be a different subnet to apply layer 2 filtering.)
If you are requiring layer 3 routing between plant devices and Ignition, you are screwing up. IMNSHO.
Most factories have more than 200 Ethernet devices on the floor, so you run out of addresses on a single subnet, coupled with most small devices not coping with broadcast traffic, if you set up a network like this you will have significant issues long term. This also does not match the industry standard models for networking a plant.
Devices only need a gateway set up if they need external network access by themselves. The SCADA server can be comfortably source NAT added to a subnet and none of the devices need gateways configured at all.