Hi,
Is using data diode will be a good idea to include for a cloud based design of Ignition for added security? Thanks in advance.
âCloud-basedâ isnât really a factor. A data diode can protect a secure part of a plant from the rest, but thereâs no such thing as an Internet data diode. Something at each plant will have a TCP connection to Ignition or a MQTT broker or another OPC server. That is fundamentally bi-directional, if only for packet acknowledgements.
1 Like
Found this Proxy-Based Unidirectional Connection architecture.
How is that bidirectional connection fundamentally different from a direct connection? How are the proxies secured?
The diagram showing the data diode at the plant, then inherently bidirectional traffic to the cloud, is a good example of my point above.
The data diode would have to be two independent brains with a single one way communications channel between them for this to be valuable (and even then only useful if you have no need to remotely access the site, e.g. for maintenance or CCTV). If the gap is just implemented in software within one device, itâs just a protocol converter and gaining access to it from the internet means gaining access to the network.