IoT offers huge ROI potential for in the enterprise, industrial and smart city environments. With connected industrial devices, organizations can improve efficiency, better manage inventory, and enhance safety.
But those insights are only possible when connected devices are operating correctly and the data they generate is trustworthy. Those high hurdles have prevented many IoT initiatives from moving forward. Enabling enterprise-wide visibility and security means bridging the divide that has traditionally separated information technology (IT) networks in the enterprise with operational technology (OT) that runs in plants and factories.
Bridging entails sharing data across IT and OT systems, including legacy devices. That’s different from converging IT and OT, a highly disruptive process in which technologies and processes are assimilated and displaced to the exclusion of legacy systems. Bridging can provide a model by which convergence can be achieved over time, but convergence could leave the huge installed base of legacy devices out in the cold.
Siemens and Aruba have partnered to bridge the trust divide and ensure that the needs of both IT and OT can be satisfied. The Siemens and Aruba IoT solution platform is built around core building blocks, which together form its architecture for building trust-based IT and IoT networks for business-critical applications. This blog explores the building blocks for connectivity and data collection, security, edge computing and location services
Connectivity and Data Collection
Aruba offers broad solutions for connectivity and to support data collection in an IoT environment, including switches, remote access solutions, access points and controllers, network segmentation, and SD branch.
Aruba’s switch portfolio includes edge, aggregation, and core switches, including high availability options for non-stop operation. Zero-touch provisioning speeds installation, and cloud hosted, and on-premise management and monitoring options allow for a wide range of deployment scenarios. Rules-based monitoring and automatic correlation of network activities, combined with programmable scripting, lets customers target specific IoT security, network, system, and application-related activities.
Siemens Scalance product family includes industrial Ethernet switches, modems/routers, security appliances, and deterministic wireless systems. Siemens Ruggedcom communication networks are designed for harsh temperature and electromagnetic environments and include Layer 2 and 3 Ethernet switches, media converters, servers, routers, deterministic wireless systems, WAN radios, and modems. As a result of the partnership Siemens OSPF, DSCP, and other IP-backbone communications can now be carried via Aruba, Scalance, and Ruggedcom switches. Additionally, PROFINET device Ethernet traffic can be forwarded via Aruba, Scalance X, and Ruggedcom switches to address performance and environments requirements spanning from the factory floor to up to the data center
Aruba's remote access solutions provide secure communications to remote machines, users, and sites over WANs or cellular. Aruba’s VIA VPN clients can run on some Siemens platforms, and Aruba can terminate Scalance SC-600 industrial security appliance VPN tunnels at Aruba 7200 series Mobility Controllers, which act as VPN concentrators.
Reliable, secure Wi-Fi is critical for IoT systems. Aruba offers a broad range of indoor, outdoor, wide temperature, and hazardous area Wi-Fi access points. Aruba wireless controllers work with Siemens’ Scalance W1750D-2IA Access Points, simplifying the integration of IT and OT systems in jointly deployed industrial applications.
Segmenting IT and OT applications on the same physical infrastructure can provide a more cost-effective, scalable solution than operating two separate networks. Aruba can segment commonly shared infrastructure into multiple virtual networks without using VLANs – each with its own security and access rules – so one common infrastructure can service up to five owners with no cross-access, for example, to support a factory network, machine-as-a-service network, supplier network, and an auditor network.
Fast, reliable connections to the field is critical. Aruba's SD Branch solution combine wireless and wired infrastructure and management orchestration with cost-saving SD-WAN. Traffic and application path optimization, zero-touch provisioning, remote operations analytics, and end-to-end security make the solution ideal for multi-site IT and IoT applications including water, wastewater, pipelines, and logistics facilities.
Security from I/O to CEO
Security is a top concern for all IoT deployments from the I/O devices on the floor to the executive suite. Aruba’s end-to-end security solutions extend from IoT devices and machines to IT infrastructure and clients to protect the IoT infrastructure.
Aruba ClearPass provides policy management, network access control, authentication, guest access, and IoT device profiling. ClearPass RADIUS is compatible with and can authenticate Siemens Scalance industrial switches and routers and Ruggedcom ruggedized communications devices in jointly deployed IT and OT systems.
Data will remain protected and private with encryption. Aruba offers commercial and high-security encryption options that are validated to FIPS 140-2, Common Criteria, NATO, NSA Commercial Solutions for Classified, and other standards for use in sensitive environments.
Aruba also provides dynamic segmentation – or per-user, device, and machine tunneling – to ensure the integrity of the source, destination, and transport pathway. Per-user tunneling can authenticate Siemens devices via ClearPass, and tunnel the traffic to a secure destination. A role-based policy enforcement firewall and context-based policies, modeled after the expected mode of operation, enforce compliance and prevent wayward behavior.
Organizations can leverage their existing security investments with Aruba’s open, multivendor security framework. Aruba integrates with more than 100 next-generation firewalls, mobile device management, mobile application management, enterprise management systems, security information and event managers, and malware detection systems to monitor and manage behavior.
Finally, Aruba IntroSpectUser and Entity Behavior Analytics system provides user, device, and machine security anomaly detection, predictive threat modeling, and attack heuristics. IntroSpect uses AI-based machine learning to spot changes in user and device behavior that often indicate inside attacks that have evaded perimeter defenses.
Edge Computing
Customers can choose between HPE’s commercial-grade, or Siemens’ industrial class portfolio of edge compute servers to locally ingest, process, and respond to IoT data flows. The HPE platforms can be remotely managed without providing access to the data being processed, while the Siemens platforms can operate in unconditioned environments subject to high levels of electromagnetic interference.
Location Services
IoT systems that leverage location data can help organizations glean greater efficiencies and value. Location services have a broad set of use cases, from navigating sites to find equipment or capital assets to locating people.
The Aruba Meridian and Analytics and Location Engine product families deliver wayfinding, geofencing, and personnel and asset tracking services over Aruba’s wireless infrastructure. For example, upon detection of an out-of-normal machine state, the wayfinding service can guide an engineer directly to the machine. Upon approaching the machine, and breaking a geofence, the system can display the service record and the user’s guide for the machine – as well as notifying a billing application when the engineer arrived and left.
The Siemens Simatic RTLS Real-Time Locating System tracks mobile robots and self-navigating transport systems, while Siemens Simatic RFID systems track assets through production and the supply chain.
Related Content
Learn more about the Aruba and Siemens strategic partnership.
Blog: Siemens and Aruba collaborate to bridge the IT/OT divide.
