I have a hub and spoke architecture set up where we have a central gateway on a “Corporate network”, which is connected via Gateway Network connections to two other production gateways running on a “plant network”.
Network segregation is important for obvious security reasons.
Currently the production gateways have two NICs to bridge both networks, but a cyber security audit is being done which recommends removing the “Corporate network” on these servers, and making sure all remote access is done via the Ignition Gateway network, so we can utilize Security Zone rules etc…
My question is: can we develop on the production gateway projects through a designer that is launched on the corporate network utilizing the Gateway Network that all the servers are part of?
No, and if you remove the “Corporate Network” NICs on the “Production Network” servers I don’t know how you expect the Gateway Network connection between corporate and production to continue to work either.
edit: or does the central gateway have a NIC for the “Production Network” as well?
Hi Kevin, thanks for the fast response.
I’m trying to clarify the exact network and server NIC setup with the customer. Will post an update when i can.
I know there is a firewall in place, perhaps they intend to keep the NIC’s as is, but use the firewall to block traffic on that level
The intention is to manage all the routing required through firewall rules.
My understanding of linked gateways over the gateway network is that a gateway can access the following remote gateway data:
- Alarm journal
- Realtime tag provider
But we can’t access database connections remotely?
For instance, if we wanted to build a report in the Corporate gateway, that was to access database tables in the Production DB servers, how would we best go about designing that?