Secure OT to IT Connections

The only closed-firewall solution for networking process data

The DataHub program uses the DHTP protocol to make outbound-only connections from plant or process. This keeps all inbound firewall ports closed, supports DMZs and forward proxies, and requires no VPNs—to provide secure OT to IT data flow.

Secure OT to IT Connections Closed Firewall Solution diagram
  • No exposure of the plant network: No VPNs means no extension of the plant’s security network. Works seamlessly within network proxies, data proxies and DMZ servers.
  • No disruptions from the IT network: Read-only options and non-intrusive connectivity ensure that the plant remains secure and functional, even if remote data access is degraded or a remote location is compromised.
  • No access beyond the required data:  The plant decides which data to make available remotely.
  • No compromise on performance: Real-time data is delivered at microseconds above network latency, easily scaling to 50,000+ data point changes per second, all the while preserving the data model across networks.
  • One-way or bidirectional data flow: Each connection can be configured as read-only or read-write, to support data monitoring or supervisory control.
  • Secure by design: With the DataHub program’s publish and subscribe architecture, security is built-in and always controlled at the Plant network.

Secure plant to cloud

The DataHub DHTP protocol’s unique ability to make outbound-only connections from the plant and an interposed DMZ can be leveraged to provide secure monitoring and supervisory control from the cloud.

Secure OT to IT Connections Secure Plant to Cloud diagram

  • Access plant data securely: Using a DataHub instance within a DMZ means no inbound firewall ports on either the plant network or the cloud.  The DataHub instance on the plant network provides an outbound connection to the DMZ, and the DataHub instance on the DMZ uses an outbound MQTT connection to send data to the cloud.
  • One-way or bidirectional data flow: Each connection can be configured as read-only or read-write, to support data monitoring or supervisory control.
  • Easy connections to popular cloud services: Pre-configured support for Azure IoT Hub, Google IoT, and AWS IoT Core.  Also connects to any MQTT broker like RabbitMQ or Mosquitto.
  • Cogent DataHub service for Azure Connections: Full integration with Cogent DataHub service for Azure and IBRESS.  Make plant-to-cloud and cloud-to-cloud connections.