Slide 1

Viola M2M GatewayIndustrial-grade gateway for Viola's Arctic ModemsConnects SCADA network with GPRS or other network Offers mobile operator independent static IP addressing for connected Arctic Modems Easy and quick to install and configure Firewall and VPN for secure communication 2 x 10/100 Base-T Ethernet portsHot Stand-By with secondary M2M Gateway Load Sharing with secondary M2M Gateway

M2M Gateway VersionsStandard19" 1U rackup to 300 Arctic clients (unlimited, traffic dependent)Enterprise19" 1U rackup to 2500 Arctic clients (unlimited, traffic dependent)redundant power supply, fans redundant hard disks

Security FeaturesStateful inspection firewallFilter rules for incoming, outgoing and routed trafficPacket loggingVPNSSH-VPN between Arctic and M2ML2TP between Arctic and M2MOpenVPN between client computer (SCADA) and M2MManagementHTTPS, SSHConsoleInstallation RequirementsM2M installation requires fixed and public IP address to where the client devices can connect toUsed ports (can be altered)TCP port 22 (SSH-VPN)TCP port 10 000 (WEB UI)UDP port 1701 (L2TP-VPN)UDP port 1194 (OpenVPN)Installation either directly to public IP or to DMZ zone

Internet

eth0 Public IPInternet

Public IPeth0 Private IPCompany Firewall / router with port forwardingSCADA ConnectionThe M2M Gateway is transparent for SCADA communication - the traffic is only encrypted and capsulated to VPNSCADA can be connected directly to M2M Ethernet port or remotely by using OpenVPN software VPNOpenVPN clients available for Windows, Linux and MacInternet

eth0 Public IPSCADAeth1

Internet

eth0 Public IPSCADAOpenVPNLoad SharingMultiple M2M Gateways can be connected parallelEach M2M Gateway must be available on different IP address or different TCP/UDP portIf SCADA is connected directly to M2M:sconfigure static routes to SCADA PCor enable proxy-ARP feature on M2MsIf SCADA is connected by using OpenVPNseparate OpenVPN connection to each M2MEach Arctic group connects primary to dedicated M2M

SCADAInternetAB

ABRedundancyEach Arctic can connect primary and secondary M2MIf the primary connection fails Automatic switching to backup happensEach M2M Gateway must be available on different IP address or different TCP/UDP portSCADA must be connected directly to M2M:senable proxy-ARP feature on M2Mswhen the SCADA PC makes ARP request the M2M gateway currently hosting the requested Arctic will replyCan be used together with Load SharingSettings can be copied between M2M's

SCADAInternet

Backup M2MPrimary M2MAAAB