We've got a project that is intended to monitor and control a few remote pumps. The client wants to use a web interface, so we are utilizing Perspective. The plan is to use a cloud service, IE AWS/Google Compute/AZURE to host the Ignition gateway, and then use a MOXA with Ignition EDGE to get the tag data from a small PLC up to the cloud.
Basically this
Now... my questions revolve around proper security, advice, and best practices.
What is the best way to protect the Perspective front end from surface attacks? Do I need to encapsulate this entire system, including the Gateway network access etc... behind an OpenVPN solution? Where the MOXA initiates acts as a VPN client up to the Cloud for data transfer, and the clients connect to a VPN as well prior to accessing the perspective application?
Or will a reverse proxy on the cloud provider and the Gateway network across the internet without a VPN secure enough?
This is a very small implementation for a customer that doesn't have any real IT support, so we are going to be implementing much of this solution for them, and I just want to make sure that we approach this in a secure and robust fashion. It's possible that if this solution works for the client, they may add a few more remote pumping stations, hence the edge and central gateway.
I'm all ears at this point... we are just starting to put this solution together so we have the opportunity to craft the cloud solution as needed, within reason, if we need to make recommendations for the cloud solution, or other software that need to run.