Key-Points of the RAD SecFlow-1p Industrial IoT Gateway
Ruggedized IOT gateway
· One or two embedded LTE modems
· Two SIM cards for maximum link resiliency
· GPS for location reporting
· Wi-Fi access point
· Zone-based stateful firewall
· Edge computing by hosting 3rd party container software for customized applications
· Zero Touch provisioning
· Support of RAD’s SD-CloudAccess solution
· SCADA Protocol Gateway for IEC-101, IEC-104, Modbus-RTU/TCP, and DNP3 protocols*
· Terminal server*
· Dry contacts support*
· Serial Tunneling, IEC 101 to IEC 104*
SecFlow®-1p is an industrial IoT gateway, a member of RAD’s SecFlow suite of ruggedized Ethernet products. This is an open platform hosting third-party software, besides its communication capabilities. In its maximum configuration, the RAD SecFlow-1p can support four GbE Copper ports and two GbE SFP ports, two serial ports (single RS-232 port or one RS-232 plus one RS-485/2W), built-in WiFi modem, GPS receiver for location indication and a cellular modem with two SIM cards or two modems for maximum link resiliency. SecFlow-1p is equipped with serial interfaces for connectivity of legacy equipment. As a gateway it converts legacy serial protocols to modern IP-based protocols, enabling seamless communication from the IP SCADA to both the old and new RTUs. This provides a single box solution for multi-service applications and smooth migration to all-IP networks. SecFlow-1p features DIN-rail mounting, IP30 protection level, wide operating temperature range (-40°C to 65°C) without fans, or regular temperature range (-20°C to 60°C) for desktop application.
Interoperability of the RAD SecFlow-1p
SecFlow-1p operates with SecurityGateway, SecFlow-1v, Secflow-1 and SecFlow-2. ROUTING SecFlow-1p features static routing, OSPF, BGP and 10 VRFs.
The device features a VPN gateway with two operation modes: · Inter-site connectivity using IPsec tunnels · Remote user access using SSH Inter-site VPN based encrypted link ensures L3 transparent connection of the Ethernet networks sites. For remote access, the router uses an SSH-encrypted tunnel, with user authentication and specific access authorization.
Market Segments and Applications
SecFlow-1p addresses the Industrial IoT, for example: · Out-of-band management using cellular uplink · Smart meter concentration · Smart Retail · Distributed automation in secondary substations · Water Resources Management
Single/Dual LTE Modems and GPS
With embedded LTE modems, connectivity is available from day 1 without waiting for a wire-based connection. SecFlow-1p features flexible configuration with option for one LTE modem with two SIM cards, or two embedded LTE modems, for maximum resiliency. Optional support of GPS for location reporting is also available. The SecFlow-1p HW is ready for future support of 5G modems.
Disaggregated Operating System
SecFlow-1p comes bundled with pCPE-OS, RAD’s carrier-grade, 64-bit, Linux-based operating system, designed to run on several HW platforms, including ARM- and X86-based CPEs. pCPE-OS is a security hardened operating system, optimized to provide maximum performance with small SW footprint.
Containers - Next Level of Flexibility
RAD SecFlow-1p can host containerized edge applications, supporting any 3rd party containers, which extend its original functionality to a new level for Industrial IoT solutions. Containers can easily be installed and managed via SecFlow-1p’s Web interface, or RADview NMS.
SD-CloudAccess enables access-agnostic application-aware traffic distribution across multiple access links, featuring bonding, failover, application based steering, and top up. This technology allows traffic to burst into a second cellular connection when the primary link bandwidth is not sufficient to meet the SLA. RAD’s SD-CloudAccess solution can be purchased as an add-on service. For more information, refer to the SD-CloudAccess documentation.
Management and Security of the RAD SecFlow-1p
SecFlow-1p can be managed via Web, CLI, or by NETCONF.
Embedded Advanced Security
To optimize SecFlow-1p for meeting the evolving security needs of distributed environments, pCPE-OS includes embedded security features and options, such as stateful, zone-based firewall, threat protection and DPI. The NGFW functionality, including zone-based stateful firewall, DPI for application recognition, IDS/IPS and DDOS prevention, do not require additional licenses. It is possible to specify URLs, Web content filtering, and much more.
Zero Touch Provisioning
For easy and safe deployment, RAD offers Zero Touch provisioning thus reducing OPEX and providing a simple way to securely deploy thousands of elements in the network. SecFlow-1p also supports a variety of access protocols including SFTP.
*This feature will be realease in a future version