SlideShare a Scribd company logo

Distrix_Software_Defined_Infrastructure_White_Paper

T
Thomas Mehlhorn
1 of 14
Download to read offline
1© 2016 Distrix Networks Ltd. All Right Reserved A Distrix Networks White Paper January 7, 2016 Distrix Software Defined Infrastructure Making complex networks manageable
2 © 2016 Distrix Networks Ltd. All Right Reserved Introduction Distrix approaches networking by layering an advanced Software Defined Infrastructure (SDI) on top of existing equipment and networks. Distrix applies management, routing, rules, redundancy and security to data at any layer – from the physical port through the transport layer all the way to the application layer – making it the most flexible and adaptable solution for Industrial Internet connectivity. This flexibility brings exceptional power and control to hybrid industrial IT/OT networks that typically include UDP/IP/Serial communications across a variety of transport methods, and with the ability to tag data streams with derived metadata, Distrix can increase the performance of existing networks and better utilize resources flexibly and dynamically. The Distrix solution runs on commonly used OT or IT systems, and has the flexibility and low footprint requirements to enable it to embed responsive logic and control right into the network itself – without the additional expense of wholesale network replacement, and with the advantage of staged deployments and advanced interoperability.
3 The Power of the Distrix Gateway The Distrix Gateway provides the network and application separation needed for optimal Industrial Internet Network design. Distrix Tunnels focus on the needs of the applications, while Distrix Link Modules manage the underlying infrastructure, and the Distrix Core provides the ability to put the two together and provide optimal application performance with a dynamic and resilient Software Defined Infrastructure. The result is IT and OT applications acting and reacting independently or in concert, as business rules dictate. Supported Platforms x86/x64 Windows 7 Ubuntu Linux Raspberry Pi 2 Raspbian Jessie x64 Red Hat/CentOS Linux ARM9 Very flexible; please contact Distrix Sales to discuss your needs. Distrix Gateways are installed on existing networking and control equipment to provide a common interface through Distrix Link Modules to leverage the power of advanced Software Defined Networking across IT and OT systems and equipment. The Distrix Gateway establishes Distrix Tunnels to transmit data easily and efficiently, regardless of actual physical infrastructure
4 © 2016 Distrix Networks Ltd. All Right Reserved Overview with Distrix Core The Distrix Core, a key component of the Distrix Gateway, creates and manages the Distrix SDI using a unique distributed intelligence network model, enabling individual nodes to host functions that are usually centrally controlled. This distributed approach boasts far greater power and flexibility than centralized systems. Action is taken where the data itself is traversing the network, with no need to adjust or even configure physical infrastructure. This capability extends from filtering and contextualized logic to dynamic and reactive logical routing. With gateways exchanging path information, the Core monitors and selects which gateways in the network constitute the optimal route to the destination for a particular Tunnel Stream regardless of the physical infrastructure. The power of the Core is also extensible, with a modular plugin architecture connecting the Core to physical infrastructure or applications - separating peripheral functions of Distrix and providing flexibility in implementations. This architecture includes open APIs for the creation of customized plugins to meet customers’ specific needs. Tying all this together with a REST API allows for external applications to take direct advantage of the Software Defined Infrastructure to manage, scale, and monitor the individual nodes or the important data traffic that is critical to the business. Applications can effectively configure or reconfigure the network and add new services dynamically without the need for rigorous network design.
5 Feature Details Traffic Routing Gateways read tagged data streams and relate that to the originating and receiving nodes in order to route traffic based on changing conditions Endpoint Identification The flexibility of a Distrix network means that the Distrix Core and Prioritization can identify and prioritize end points for data on the fly – an originating node may have a variety of potential endpoints; the Distrix Core on each node helps to define the most appropriate one based on current conditions. Optimization By constantly monitoring their piece of the network in relation to the capabilities of different linkages and the needs of the data itself as defined by its meta-data, the Distrix Core acts as a distributed optimization center. Management Distrix Core is able to give IT and OT managers significant and timely insight to network health and utilization through analytics that would not otherwise be available with a centrally monitored or fragmented system.
6 © 2016 Distrix Networks Ltd. All Right Reserved Advanced and Responsive Software Defined Infrastructure With Distrix Link Modules Distrix Link modules interface with the underlying physical network while creating the software overlay infrastructure, adding flexibility, redundancy and security to the entire system. Distrix Link Modules build connections between Distrix Gateways and provide detailed network metrics to the Distrix Core on the links formed across the network,enabling the system to determine what interfaces are optimal for a particular data stream, considering bandwidth, latency, cost of use, and other factors. The result is a dynamic network that resolves connectivity based on changing conditions, and reacts instantly by re-routing and assigning higher priority to data streams that deserve it with no disruption to other data flows. The network is stabilized and optimized, and the operator receives constant and verified contextualized knowledge of the network’s performance and the state of its components.
7 USE CASES Video traffic starts transmitting on a security perimeter breach and results in non- critical data being suspended while the video traffic is routed a 3G connection. A broken fiber links renders connectivity to a actuator limited but this critical data can be routed over a secondary WiFi link. Changing bandwidth availability on a satellite uplink causes critical data to take priority and non-critical data to be cached or transmitted through higher latency channels. Type Features and Advantages UDP The UDP Link Module is the recommended Link Module for use across IP networks. It provides Distrix with the greatest flexibility for link and stream management including the use of both reliable and unreliable Tunnel Streams. UDP links can be defined in a way that specifies the connection to and from specific interfaces on both Windows and Linux. This allows the designated use of multiple interfaces on devices for seamless link transition and aggregated bandwidth. UDP link module overhead is minimal. Resultant latency of stream overhead across Distrix links is typically in a single digit microsecond range, and bandwidth impact is limited to the addition of a small Distrix header. The UDP Link Module can be configured to listen on one or more ports for other Distrix Gateway connections. To help prevent denial of service attacks, the UDP link module can be configured to require acceptance of a cookie by the targeting gateway. Serial The Distrix Serial Link Module can be used to connect two Distrix Gateways to each other using crossover serial connections. More commonly, serial will be used to connect Distrix to a serial communications device, such as commonly used spectrum hopping radio or satellite gateways. In these cases, Distrix will set up a connection as DTE rather than DCE. Serial properties are configurable and can use hardware flow control if appropriate. TCP Some networks and firewalls block UDP traffic on all ports. In these cases, the TCP Link Module can be used as an alternative means of forming links between Distrix Gateways over IP networks. Because TCP is an inherently reliable connection, some additional traffic overhead can be expected.
8 © 2016 Distrix Networks Ltd. All Right Reserved Targeted Data Streams With Distrix Tunnels Distrix communication channels, called Distrix Tunnels, form secure tagged data streams, and accommodate multiple origins, destinations, and channels while responding to constantly changing network conditions. Encryption adds further Tunnel capabilities by securing communications either from one gateway to another, or by network class for even finer grained control. Because the intelligence of the network is resident within Distrix Gateways, end points define the destination of their payload, not the route to be taken. This inherent design provides the most flexible network design possible. By tagging the data stream as part of the encryption and encapsulation process, Distrix Tunnels are able to cross reference relevant network and application states and needs in order to pick the most appropriate path for that particular data stream. The power of Distrix Tunnel communications is enhanced further with its ability to be defined at any of several layers - from the port, up to the application. This can be leveraged to improve network performance and capabilities as well. For example, Distrix may provide QoS where an application does not normally allow it; it may compensate for lost packets, and packet size and wait times may be adjusted to either improve performance or reduce overall traffic. With Distrix Tunnels data can be filtered based on upper and lower threshold values, frequency of data transmission, or other characteristics – and appropriate action can be taken. For example, a data feed from a temperature monitor may not be high priority traffic, unless it exceeds a certain value, or unless it is triggered with a certain frequency. In addition, with data manipulation capabilities, Distrix Tunnels can provide on the fly translations to provide greater integration between systems, such as converting hex values from a PLC to decimal or binary as needed by a database server.
9 Type Method Details Digital Connection at input and Read/write is initiated from the pins using OS drivers. Interrupt and output pins of general polling mode supported. Polling interval configurable in microseconds, purpose IO port with automatic monitoring to send data data only on change of a pin value. Ethernet Encapsulation of Tunnel behaves as a pseudo-wire connection with routing capabilities. Ethernet frames Linux tap and bridge utilities provide direct access to Ethernet packets to and from the physical interface. Tunnel endpoints are configured as a switch by default to connect multiple gateways and share data from each interface among several identified endpoints. HTTP/S Point to Point Proxy Addresses and ports accessing network resources hosted at origin are proxied to a bind address at the destination. SSL/TLS supported. Connections can be pipelined to improve connection performance to commonly used resources. Splunk Point to Point The Distrix TCP tunnel module can be used to write various data types directly to a Splunk Indexer by identifying a TCP listen port on the Splunk indexer, and writing to that port using the Distrix TCP tunnel. By implementing Hybrid Tunnels, a number of datatypes are easily collected from the network edge and written securely to Splunk. Hybrid tunnels that can be configured without any data conversion requirements include the GPIO, Serial, TCP, and Modbus tunnels. Serial RS-232 and RS-422/485 Standard serial configuration parameters (i.e. flow control and baud rate), or tuned to serial device and infrastructure properties. IP IPv4 and IPv6 Devices on each local network are configured to use the Distrix as the gateway for the connected networks, or to have a local default gateway route traffic for the remote network through the Distrix gateway. NAT translation, remapping, and DNS support provided. Fine grained client / server specificity controls the ability to create connections Modbus Modbus RTU or TCP Both Modbus RTU (RS-485 or RS-232) and Modbus TCP are supported by the Modbus Tunnel Module in both Master and Slave mode. The configuration allows definition of the coils and registered to be written to or polled. As a Master or Client, the frequency at which to communicate with the Slave or Server can be configured. Data is communicated in simple textual format. In Hybrid mode, data conversions can be easily applied through policies. Application Application socket The application tunnel module is a library that links into the user’s program and writes to an application socket. It can be used to either integrate a secure remote connection into an existing application, or embed Distrix capabilities into an application to simplify the implementation of the network stack. The application tunnel can also be used in application to application or in hybrid modes. Hybrid mode simplifies the integration of sensor and system data to database or monitoring applications.
10 © 2016 Distrix Networks Ltd. All Right Reserved Increasing the Power of Existing Networks With the Distrix Software Defined Infrastructure overlaying a virtual network through Distrix Gateways, the ability to manipulate and manage data in the network itself opens up tremendous possibilities for increased efficiency, insight, and contextualized action through payload and communications header analysis and modification. A number of policies are included for common functions, and custom policies can be easily generated for additional functionality. In many OT networks, sensor data is collected from operational systems and provides little or no information other than a measured value. In order to analyze the data in a wider operational context, additional information is very helpful. With Distrix, timestamp, location and other configuration management information can be added to the data stream for a much clearer view of the operation’s overall Industrial Internet. Data collected from devices such as PLCs are often hexadecimal representations of values collected by the local system. With Distrix, calculations or data conversions can be applied to raw data values at the source, to provide user readable data to an analytical system, opening the door for very advanced visualizations and automation, as well as data translation for system integration. Distrix provides the ability for overall data communication to be reduced by filtering less valuable data, which might be defined by setpoints, frequency, or other measures. Data filtering is often used in conjunction with other modifications in the data stream to simultaneously reduce data volume increase data value, for greater efficiency and reduced complexity of the network itself. With Distrix, several inputs can be used to manage various aspects of network performance. Response times from network resources can be leveraged to determine endpoint preference and complex rules can be developed to manage the network automatically and dynamically under changing conditions. With Distrix Policy Modules Metadata addition Data manipulation Data filtering Dynamic routing
11 Since the full functionality of the Distrix software has a footprint of under 50MB, it can be added to many legacy and new OT and IT endpoints, such as motor controllers, PLCs and Smart Grid meters. Whatever the device, Distrix Links encapsulates, encrypts, and hides data at the packet level, meaning data is protected in transit, regardless of whether it travels across the internet, over radio transmission, or in the clear. Packet Level Encryption of Device Data Advanced Security Capabilities Distrix software was originally designed and deployed for the US Predator Drone program, where highly stealth, secure and reliable communications are mission critical requirements. The capabilities born out of the Drone program and other secure government operations are available to customers of the Distrix solution. In a world where experts advise companies to create a security posture under the assumption that attackers may already be operating inside their network, Distrix provides a secure OT/IT end to end solution even if a portion of the existing network is compromised. Distrix provides multiple layers of encryption, securing data at the packet level via Distrix Links as well as end to end through Distrix Tunnels. Distrix Links encapsulate and encrypt packet data between network nodes. Distrix Tunnels provide end to end application layer encryption and security as well as user authentication and role based access. A unique Distrix Tunnel is established for each individual data endpoint. Each Distrix Tunnel is encrypted independently with its own unique key that can only be accessed at the data source and end destination, so the data is protected end to end until it reaches the terminating Distrix node. In the unlikely event that one Tunnel is compromised, the other Distrix Tunnels remain secure with their own unique keys. Unique Encryption per Distrix Tunnel
12 © 2016 Distrix Networks Ltd. All Right Reserved Advanced Security Capabilities Continued Since Distrix is able to select any layer of the OSI model for data transmission, sensitive data does not have to be delivered through the traditional Physical connections, Data links or Application layers that hackers and other adversaries may be watching. Data can be sent over any channel, whether or not it was intended for that application or protocol. These covert communication channels can be dynamically changed based on policy, if desired. Data packets that are encapsulated at the source (per the process above) can then be randomly transmitted across a variety of links, ports and protocols. Modbus TCP traffic, for example, does not have to be transmitted via Port 502, but can be encapsulated and delivered randomly via UDP streams via port 5060, SNMP traffic via Port 161, etc, and then reassembled at the destination endpoint. The packets remain in their original protocol, they are simply encapsulated and disguised as a different protocol and transmitted across different channels. This stealth capability adds a layer of security so that data is safely and covertly communicated even if systems are compromised and being sniffed by hackers. Distrix allows customers to use their own encryption at any point in the transmission, adding even more layers of protection. Customers can combine any or all of the above encryption and covert communications techniques for multiple layers of security. With this approach, adversaries would need to successfully penetrate every layer in order to retrieve sensitive customer data. Even if hackers had successfully breached a portion of the customer’s existing network prior to the Distrix solution implementation, Distrix is able to encapsulate data at the packet level at the source as well as provide an encrypted end to end Distrix Tunnel within that customer network and across the internet, so data remains protected even in the most hostile environments. Distrix also provides extensible management tools for additional security, such as: Rich authentication and authorization Handshake validation for network infrastructure connections Covert Communication Channels Multi-layered End to End Security Additional Security Management Tools Grouping for network management User Class assignment
13 Complete Control With Distrix Management SELECTED REPORTING ELEMENTS Successful Industrial Internet deployments require control and insight, and Distrix provides the functionality as well as the extensibility to leverage other dedicated platforms as needed. The Distrix API enables comprehensive network monitoring and management. Instantaneous feedback of the states of each layer of both the Distrix network and the underlying physical infrastructure keep operators and other users informed. A basic GUI is provided with the Distrix platform for core functionality, which may be further expanded by integration with dedicated IT and OT monitoring platforms. Distrix Links Performance characteristics - Bandwidth - Latency - Jitter Utilization - Bandwidth Used - Data volumes transmitted and received Queued data The Distrix Gateway CPU utilization Licensing status Distrix Tunnels Bandwidth of streams by direction Tunnel addressing Host and requestor addressing Control Gateway license management User authentication and privilege delegation Network security management Network infrastructure configuration Creation and configuration of link targets Tunnel endpoint configuration
14 © 2016 Distrix Networks Ltd. All Right Reserved About Distrix Distrix unlocks the benefits of advanced, integrated enterprise and operational systems to increase security, competitiveness and asset utilization while reducing costs and risks. Distrix Application Specific Software Defined Networking is the ideal platform to leverage the advantages of the Industrial Internet of Things. Distrix solutions do not require wholesale network equipment replacement, they are easily staged for minimal business disruption, and they are easily integrated with a remarkably small footprint – helping ensure asset longevity and upgradeability. 1880 West 1st Ave, Suite 200 Vancouver, BC V6J 1G5 Canada 1-855-657-7275 info@Distrix.com http://www.Distrix.com To contact our offices:

Recommended

Towards an Open Data Center with an Interoperable Network (ODIN) Volume 3: So...
Towards an Open Data Center with an Interoperable Network (ODIN) Volume 3: So...Towards an Open Data Center with an Interoperable Network (ODIN) Volume 3: So...
Towards an Open Data Center with an Interoperable Network (ODIN) Volume 3: So...IBM India Smarter Computing
 
Camp finall
Camp finallCamp finall
Camp finallRowshina Nikzad
 
SDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologySDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologyIRJET Journal
 
Active Network Service Composition
Active Network Service CompositionActive Network Service Composition
Active Network Service CompositionIJERD Editor
 
Lt2520382043
Lt2520382043Lt2520382043
Lt2520382043IJERA Editor
 
TERM PAPER
TERM PAPERTERM PAPER
TERM PAPERMadhav Sharma
 
Cloud computing and Software defined networking
Cloud computing and Software defined networkingCloud computing and Software defined networking
Cloud computing and Software defined networkingsaigandham1
 
Design and Implementation of TARF: A Trust-Aware Routing Framework for WSNs
Design and Implementation of TARF: A Trust-Aware Routing Framework for WSNsDesign and Implementation of TARF: A Trust-Aware Routing Framework for WSNs
Design and Implementation of TARF: A Trust-Aware Routing Framework for WSNsijsrd.com
 

Recommended

Towards an Open Data Center with an Interoperable Network (ODIN) Volume 3: So...
Towards an Open Data Center with an Interoperable Network (ODIN) Volume 3: So...Towards an Open Data Center with an Interoperable Network (ODIN) Volume 3: So...
Towards an Open Data Center with an Interoperable Network (ODIN) Volume 3: So...IBM India Smarter Computing
 
Camp finall
Camp finallCamp finall
Camp finallRowshina Nikzad
 
SDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologySDN: A New Approach to Networking Technology
SDN: A New Approach to Networking TechnologyIRJET Journal
 
Active Network Service Composition
Active Network Service CompositionActive Network Service Composition
Active Network Service CompositionIJERD Editor
 
Lt2520382043
Lt2520382043Lt2520382043
Lt2520382043IJERA Editor
 
TERM PAPER
TERM PAPERTERM PAPER
TERM PAPERMadhav Sharma
 
Cloud computing and Software defined networking
Cloud computing and Software defined networkingCloud computing and Software defined networking
Cloud computing and Software defined networkingsaigandham1
 
Design and Implementation of TARF: A Trust-Aware Routing Framework for WSNs
Design and Implementation of TARF: A Trust-Aware Routing Framework for WSNsDesign and Implementation of TARF: A Trust-Aware Routing Framework for WSNs
Design and Implementation of TARF: A Trust-Aware Routing Framework for WSNsijsrd.com
 
Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Mumbai Academisc
 
Cs6703 grid and cloud computing unit 4
Cs6703 grid and cloud computing unit 4Cs6703 grid and cloud computing unit 4
Cs6703 grid and cloud computing unit 4RMK ENGINEERING COLLEGE, CHENNAI
 
Glossary of introduction to networks
Glossary of introduction to networksGlossary of introduction to networks
Glossary of introduction to networksevelyn
 
An intrusion detection system for detecting malicious nodes in manet using tr...
An intrusion detection system for detecting malicious nodes in manet using tr...An intrusion detection system for detecting malicious nodes in manet using tr...
An intrusion detection system for detecting malicious nodes in manet using tr...ijctet
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalYatindra shashi
 
An Investigation into Convergence of Networking and Storage Solutions
An Investigation into Convergence of Networking and Storage Solutions An Investigation into Convergence of Networking and Storage Solutions
An Investigation into Convergence of Networking and Storage Solutions Blesson Babu
 
Switching Innovations
Switching InnovationsSwitching Innovations
Switching InnovationsLarch Networks ltd.
 
Final report
Final reportFinal report
Final reportRaja Farhat
 
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...IBM India Smarter Computing
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
“Reducing packet loss in manet”
“Reducing packet loss in manet”“Reducing packet loss in manet”
“Reducing packet loss in manet”Alexander Decker
 
IJSRED-V1I1P5
IJSRED-V1I1P5IJSRED-V1I1P5
IJSRED-V1I1P5IJSRED
 
E018113036
E018113036E018113036
E018113036IOSR Journals
 
ONP 2.1 platforms maximize VNF interoperability
ONP 2.1 platforms maximize VNF interoperabilityONP 2.1 platforms maximize VNF interoperability
ONP 2.1 platforms maximize VNF interoperabilityPaul Stevens
 
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...Tal Lavian Ph.D.
 
Peer to peer system
Peer to peer systemPeer to peer system
Peer to peer systemJahanzaib Niazi
 
27859 a new distributed architecture for remote communications 2013
27859 a new distributed architecture for remote communications 201327859 a new distributed architecture for remote communications 2013
27859 a new distributed architecture for remote communications 2013Benjamin Kyalo
 
Software Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesSoftware Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesEswar Publications
 
Report-SDN
Report-SDNReport-SDN
Report-SDNDeeptiman Mallick
 
19 23
19 2319 23
19 23Ijarcsee Journal
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled PresentationMarcel de Bont
 
GCresume
GCresumeGCresume
GCresumeGabner Cineas
 

More Related Content

What's hot

Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Mumbai Academisc
 
Glossary of introduction to networks
Glossary of introduction to networksGlossary of introduction to networks
Glossary of introduction to networksevelyn
 
An intrusion detection system for detecting malicious nodes in manet using tr...
An intrusion detection system for detecting malicious nodes in manet using tr...An intrusion detection system for detecting malicious nodes in manet using tr...
An intrusion detection system for detecting malicious nodes in manet using tr...ijctet
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalYatindra shashi
 
An Investigation into Convergence of Networking and Storage Solutions
An Investigation into Convergence of Networking and Storage Solutions An Investigation into Convergence of Networking and Storage Solutions
An Investigation into Convergence of Networking and Storage Solutions Blesson Babu
 
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...IBM India Smarter Computing
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
“Reducing packet loss in manet”
“Reducing packet loss in manet”“Reducing packet loss in manet”
“Reducing packet loss in manet”Alexander Decker
 
IJSRED-V1I1P5
IJSRED-V1I1P5IJSRED-V1I1P5
IJSRED-V1I1P5IJSRED
 
ONP 2.1 platforms maximize VNF interoperability
ONP 2.1 platforms maximize VNF interoperabilityONP 2.1 platforms maximize VNF interoperability
ONP 2.1 platforms maximize VNF interoperabilityPaul Stevens
 
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...Tal Lavian Ph.D.
 
27859 a new distributed architecture for remote communications 2013
27859 a new distributed architecture for remote communications 201327859 a new distributed architecture for remote communications 2013
27859 a new distributed architecture for remote communications 2013Benjamin Kyalo
 
Software Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesSoftware Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesEswar Publications
 

What's hot (20)

Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...
 
Cs6703 grid and cloud computing unit 4
Cs6703 grid and cloud computing unit 4Cs6703 grid and cloud computing unit 4
Cs6703 grid and cloud computing unit 4
 
Glossary of introduction to networks
Glossary of introduction to networksGlossary of introduction to networks
Glossary of introduction to networks
 
An intrusion detection system for detecting malicious nodes in manet using tr...
An intrusion detection system for detecting malicious nodes in manet using tr...An intrusion detection system for detecting malicious nodes in manet using tr...
An intrusion detection system for detecting malicious nodes in manet using tr...
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposal
 
An Investigation into Convergence of Networking and Storage Solutions
An Investigation into Convergence of Networking and Storage Solutions An Investigation into Convergence of Networking and Storage Solutions
An Investigation into Convergence of Networking and Storage Solutions
 
Switching Innovations
Switching InnovationsSwitching Innovations
Switching Innovations
 
Final report
Final reportFinal report
Final report
 
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...
Towards an Open Data Cente with an Interoperable Network (ODIN) Volume 5: WAN...
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
“Reducing packet loss in manet”
“Reducing packet loss in manet”“Reducing packet loss in manet”
“Reducing packet loss in manet”
 
IJSRED-V1I1P5
IJSRED-V1I1P5IJSRED-V1I1P5
IJSRED-V1I1P5
 
E018113036
E018113036E018113036
E018113036
 
ONP 2.1 platforms maximize VNF interoperability
ONP 2.1 platforms maximize VNF interoperabilityONP 2.1 platforms maximize VNF interoperability
ONP 2.1 platforms maximize VNF interoperability
 
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
 
Peer to peer system
Peer to peer systemPeer to peer system
Peer to peer system
 
27859 a new distributed architecture for remote communications 2013
27859 a new distributed architecture for remote communications 201327859 a new distributed architecture for remote communications 2013
27859 a new distributed architecture for remote communications 2013
 
Software Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesSoftware Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related Issues
 
Report-SDN
Report-SDNReport-SDN
Report-SDN
 
19 23
19 2319 23
19 23
 

Viewers also liked

Diktatorerna skriver historia
Diktatorerna skriver historiaDiktatorerna skriver historia
Diktatorerna skriver historiaeva13ham
 
Revenue Cycle Management
Revenue Cycle ManagementRevenue Cycle Management
Revenue Cycle ManagementDivyang Bhatt
 
presentation_Spikersuppa_Lydgalleri2013
presentation_Spikersuppa_Lydgalleri2013presentation_Spikersuppa_Lydgalleri2013
presentation_Spikersuppa_Lydgalleri2013Andreas Hald Oxenvad
 
Passenger rights in context of European Parliament
Passenger rights in context of European ParliamentPassenger rights in context of European Parliament
Passenger rights in context of European ParliamentOlgaSehnalova
 
Lucia mancero 3
Lucia mancero 3Lucia mancero 3
Lucia mancero 3VMANCERO
 

Viewers also liked (16)

Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
 
GCresume
GCresumeGCresume
GCresume
 
Diktatorerna skriver historia
Diktatorerna skriver historiaDiktatorerna skriver historia
Diktatorerna skriver historia
 
MANOJ_new_CV
MANOJ_new_CVMANOJ_new_CV
MANOJ_new_CV
 
Douglas Gauld3
Douglas Gauld3Douglas Gauld3
Douglas Gauld3
 
Theorys
Theorys Theorys
Theorys
 
Revenue Cycle Management
Revenue Cycle ManagementRevenue Cycle Management
Revenue Cycle Management
 
Etude de la WIFI sur NS2
Etude de la WIFI sur NS2Etude de la WIFI sur NS2
Etude de la WIFI sur NS2
 
Milady trabajo 2
Milady trabajo 2Milady trabajo 2
Milady trabajo 2
 
CLMS_Keynote_2
CLMS_Keynote_2CLMS_Keynote_2
CLMS_Keynote_2
 
Documento Académico
Documento AcadémicoDocumento Académico
Documento Académico
 
SB
SBSB
SB
 
id -matric cert.
id -matric cert.id -matric cert.
id -matric cert.
 
presentation_Spikersuppa_Lydgalleri2013
presentation_Spikersuppa_Lydgalleri2013presentation_Spikersuppa_Lydgalleri2013
presentation_Spikersuppa_Lydgalleri2013
 
Passenger rights in context of European Parliament
Passenger rights in context of European ParliamentPassenger rights in context of European Parliament
Passenger rights in context of European Parliament
 
Lucia mancero 3
Lucia mancero 3Lucia mancero 3
Lucia mancero 3
 

Similar to Distrix_Software_Defined_Infrastructure_White_Paper

Exploration lan switching_chapter1
Exploration lan switching_chapter1Exploration lan switching_chapter1
Exploration lan switching_chapter1nixon
 
Ccnp™ advanced cisco® router
Ccnp™ advanced cisco® routerCcnp™ advanced cisco® router
Ccnp™ advanced cisco® routerchiliconcarne
 
Advanced Design and Optimization of Data Center Interconnection Networks.pptx
Advanced Design and Optimization of Data Center Interconnection Networks.pptxAdvanced Design and Optimization of Data Center Interconnection Networks.pptx
Advanced Design and Optimization of Data Center Interconnection Networks.pptxService Solutions Pvt. Ltd. (SSL)
 
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEA SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEKate Campbell
 
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEA SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEIRJET Journal
 
76924356 synopsis-network
76924356 synopsis-network76924356 synopsis-network
76924356 synopsis-networklklokesh
 
Project DRAC: Creating an applications-aware network
Project DRAC: Creating an applications-aware networkProject DRAC: Creating an applications-aware network
Project DRAC: Creating an applications-aware networkTal Lavian Ph.D.
 
1Running Head Network Design3Network DesignUn.docx
1Running Head Network Design3Network DesignUn.docx1Running Head Network Design3Network DesignUn.docx
1Running Head Network Design3Network DesignUn.docxeugeniadean34240
 
SD_WAN_NFV_White_Paper
SD_WAN_NFV_White_PaperSD_WAN_NFV_White_Paper
SD_WAN_NFV_White_PaperMarc Curtis
 
JPJ1406 Distributed, Concurrent, and Independent Access to Encrypted Cloud ...
JPJ1406 Distributed, Concurrent, and Independent Access to Encrypted Cloud ...JPJ1406 Distributed, Concurrent, and Independent Access to Encrypted Cloud ...
JPJ1406 Distributed, Concurrent, and Independent Access to Encrypted Cloud ...chennaijp
 
JPD1405 Distributed, Concurrent, and Independent Access to Encrypted Cloud D...
JPD1405 Distributed, Concurrent, and Independent Access to Encrypted Cloud D...JPD1405 Distributed, Concurrent, and Independent Access to Encrypted Cloud D...
JPD1405 Distributed, Concurrent, and Independent Access to Encrypted Cloud D...chennaijp
 
Software Defined Networking (SDN): A Revolution in Computer Network
Software Defined Networking (SDN): A Revolution in Computer NetworkSoftware Defined Networking (SDN): A Revolution in Computer Network
Software Defined Networking (SDN): A Revolution in Computer NetworkIOSR Journals
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
ComputerNetworksAssignment
ComputerNetworksAssignmentComputerNetworksAssignment
ComputerNetworksAssignmentRebecca Patient
 
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...Kiran Sirupa
 

Similar to Distrix_Software_Defined_Infrastructure_White_Paper (20)

Exploration lan switching_chapter1
Exploration lan switching_chapter1Exploration lan switching_chapter1
Exploration lan switching_chapter1
 
Ccnp™ advanced cisco® router
Ccnp™ advanced cisco® routerCcnp™ advanced cisco® router
Ccnp™ advanced cisco® router
 
Advanced Design and Optimization of Data Center Interconnection Networks.pptx
Advanced Design and Optimization of Data Center Interconnection Networks.pptxAdvanced Design and Optimization of Data Center Interconnection Networks.pptx
Advanced Design and Optimization of Data Center Interconnection Networks.pptx
 
Software defined networking
Software defined networkingSoftware defined networking
Software defined networking
 
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEA SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
 
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEA SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
 
76924356 synopsis-network
76924356 synopsis-network76924356 synopsis-network
76924356 synopsis-network
 
Project DRAC: Creating an applications-aware network
Project DRAC: Creating an applications-aware networkProject DRAC: Creating an applications-aware network
Project DRAC: Creating an applications-aware network
 
1Running Head Network Design3Network DesignUn.docx
1Running Head Network Design3Network DesignUn.docx1Running Head Network Design3Network DesignUn.docx
1Running Head Network Design3Network DesignUn.docx
 
Essay On Ethernet
Essay On EthernetEssay On Ethernet
Essay On Ethernet
 
SD_WAN_NFV_White_Paper
SD_WAN_NFV_White_PaperSD_WAN_NFV_White_Paper
SD_WAN_NFV_White_Paper
 
JPJ1406 Distributed, Concurrent, and Independent Access to Encrypted Cloud ...
JPJ1406 Distributed, Concurrent, and Independent Access to Encrypted Cloud ...JPJ1406 Distributed, Concurrent, and Independent Access to Encrypted Cloud ...
JPJ1406 Distributed, Concurrent, and Independent Access to Encrypted Cloud ...
 
Multi cloud networking
Multi cloud networkingMulti cloud networking
Multi cloud networking
 
JPD1405 Distributed, Concurrent, and Independent Access to Encrypted Cloud D...
JPD1405 Distributed, Concurrent, and Independent Access to Encrypted Cloud D...JPD1405 Distributed, Concurrent, and Independent Access to Encrypted Cloud D...
JPD1405 Distributed, Concurrent, and Independent Access to Encrypted Cloud D...
 
Software Defined Networking (SDN): A Revolution in Computer Network
Software Defined Networking (SDN): A Revolution in Computer NetworkSoftware Defined Networking (SDN): A Revolution in Computer Network
Software Defined Networking (SDN): A Revolution in Computer Network
 
2010fall ch31 naymka
2010fall ch31 naymka2010fall ch31 naymka
2010fall ch31 naymka
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
 
ComputerNetworksAssignment
ComputerNetworksAssignmentComputerNetworksAssignment
ComputerNetworksAssignment
 
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
 
sdn.pptx
sdn.pptxsdn.pptx
sdn.pptx
 

Distrix_Software_Defined_Infrastructure_White_Paper

  • 1. 1© 2016 Distrix Networks Ltd. All Right Reserved A Distrix Networks White Paper January 7, 2016 Distrix Software Defined Infrastructure Making complex networks manageable
  • 2. 2 © 2016 Distrix Networks Ltd. All Right Reserved Introduction Distrix approaches networking by layering an advanced Software Defined Infrastructure (SDI) on top of existing equipment and networks. Distrix applies management, routing, rules, redundancy and security to data at any layer – from the physical port through the transport layer all the way to the application layer – making it the most flexible and adaptable solution for Industrial Internet connectivity. This flexibility brings exceptional power and control to hybrid industrial IT/OT networks that typically include UDP/IP/Serial communications across a variety of transport methods, and with the ability to tag data streams with derived metadata, Distrix can increase the performance of existing networks and better utilize resources flexibly and dynamically. The Distrix solution runs on commonly used OT or IT systems, and has the flexibility and low footprint requirements to enable it to embed responsive logic and control right into the network itself – without the additional expense of wholesale network replacement, and with the advantage of staged deployments and advanced interoperability.
  • 3. 3 The Power of the Distrix Gateway The Distrix Gateway provides the network and application separation needed for optimal Industrial Internet Network design. Distrix Tunnels focus on the needs of the applications, while Distrix Link Modules manage the underlying infrastructure, and the Distrix Core provides the ability to put the two together and provide optimal application performance with a dynamic and resilient Software Defined Infrastructure. The result is IT and OT applications acting and reacting independently or in concert, as business rules dictate. Supported Platforms x86/x64 Windows 7 Ubuntu Linux Raspberry Pi 2 Raspbian Jessie x64 Red Hat/CentOS Linux ARM9 Very flexible; please contact Distrix Sales to discuss your needs. Distrix Gateways are installed on existing networking and control equipment to provide a common interface through Distrix Link Modules to leverage the power of advanced Software Defined Networking across IT and OT systems and equipment. The Distrix Gateway establishes Distrix Tunnels to transmit data easily and efficiently, regardless of actual physical infrastructure
  • 4. 4 © 2016 Distrix Networks Ltd. All Right Reserved Overview with Distrix Core The Distrix Core, a key component of the Distrix Gateway, creates and manages the Distrix SDI using a unique distributed intelligence network model, enabling individual nodes to host functions that are usually centrally controlled. This distributed approach boasts far greater power and flexibility than centralized systems. Action is taken where the data itself is traversing the network, with no need to adjust or even configure physical infrastructure. This capability extends from filtering and contextualized logic to dynamic and reactive logical routing. With gateways exchanging path information, the Core monitors and selects which gateways in the network constitute the optimal route to the destination for a particular Tunnel Stream regardless of the physical infrastructure. The power of the Core is also extensible, with a modular plugin architecture connecting the Core to physical infrastructure or applications - separating peripheral functions of Distrix and providing flexibility in implementations. This architecture includes open APIs for the creation of customized plugins to meet customers’ specific needs. Tying all this together with a REST API allows for external applications to take direct advantage of the Software Defined Infrastructure to manage, scale, and monitor the individual nodes or the important data traffic that is critical to the business. Applications can effectively configure or reconfigure the network and add new services dynamically without the need for rigorous network design.
  • 5. 5 Feature Details Traffic Routing Gateways read tagged data streams and relate that to the originating and receiving nodes in order to route traffic based on changing conditions Endpoint Identification The flexibility of a Distrix network means that the Distrix Core and Prioritization can identify and prioritize end points for data on the fly – an originating node may have a variety of potential endpoints; the Distrix Core on each node helps to define the most appropriate one based on current conditions. Optimization By constantly monitoring their piece of the network in relation to the capabilities of different linkages and the needs of the data itself as defined by its meta-data, the Distrix Core acts as a distributed optimization center. Management Distrix Core is able to give IT and OT managers significant and timely insight to network health and utilization through analytics that would not otherwise be available with a centrally monitored or fragmented system.
  • 6. 6 © 2016 Distrix Networks Ltd. All Right Reserved Advanced and Responsive Software Defined Infrastructure With Distrix Link Modules Distrix Link modules interface with the underlying physical network while creating the software overlay infrastructure, adding flexibility, redundancy and security to the entire system. Distrix Link Modules build connections between Distrix Gateways and provide detailed network metrics to the Distrix Core on the links formed across the network,enabling the system to determine what interfaces are optimal for a particular data stream, considering bandwidth, latency, cost of use, and other factors. The result is a dynamic network that resolves connectivity based on changing conditions, and reacts instantly by re-routing and assigning higher priority to data streams that deserve it with no disruption to other data flows. The network is stabilized and optimized, and the operator receives constant and verified contextualized knowledge of the network’s performance and the state of its components.
  • 7. 7 USE CASES Video traffic starts transmitting on a security perimeter breach and results in non- critical data being suspended while the video traffic is routed a 3G connection. A broken fiber links renders connectivity to a actuator limited but this critical data can be routed over a secondary WiFi link. Changing bandwidth availability on a satellite uplink causes critical data to take priority and non-critical data to be cached or transmitted through higher latency channels. Type Features and Advantages UDP The UDP Link Module is the recommended Link Module for use across IP networks. It provides Distrix with the greatest flexibility for link and stream management including the use of both reliable and unreliable Tunnel Streams. UDP links can be defined in a way that specifies the connection to and from specific interfaces on both Windows and Linux. This allows the designated use of multiple interfaces on devices for seamless link transition and aggregated bandwidth. UDP link module overhead is minimal. Resultant latency of stream overhead across Distrix links is typically in a single digit microsecond range, and bandwidth impact is limited to the addition of a small Distrix header. The UDP Link Module can be configured to listen on one or more ports for other Distrix Gateway connections. To help prevent denial of service attacks, the UDP link module can be configured to require acceptance of a cookie by the targeting gateway. Serial The Distrix Serial Link Module can be used to connect two Distrix Gateways to each other using crossover serial connections. More commonly, serial will be used to connect Distrix to a serial communications device, such as commonly used spectrum hopping radio or satellite gateways. In these cases, Distrix will set up a connection as DTE rather than DCE. Serial properties are configurable and can use hardware flow control if appropriate. TCP Some networks and firewalls block UDP traffic on all ports. In these cases, the TCP Link Module can be used as an alternative means of forming links between Distrix Gateways over IP networks. Because TCP is an inherently reliable connection, some additional traffic overhead can be expected.
  • 8. 8 © 2016 Distrix Networks Ltd. All Right Reserved Targeted Data Streams With Distrix Tunnels Distrix communication channels, called Distrix Tunnels, form secure tagged data streams, and accommodate multiple origins, destinations, and channels while responding to constantly changing network conditions. Encryption adds further Tunnel capabilities by securing communications either from one gateway to another, or by network class for even finer grained control. Because the intelligence of the network is resident within Distrix Gateways, end points define the destination of their payload, not the route to be taken. This inherent design provides the most flexible network design possible. By tagging the data stream as part of the encryption and encapsulation process, Distrix Tunnels are able to cross reference relevant network and application states and needs in order to pick the most appropriate path for that particular data stream. The power of Distrix Tunnel communications is enhanced further with its ability to be defined at any of several layers - from the port, up to the application. This can be leveraged to improve network performance and capabilities as well. For example, Distrix may provide QoS where an application does not normally allow it; it may compensate for lost packets, and packet size and wait times may be adjusted to either improve performance or reduce overall traffic. With Distrix Tunnels data can be filtered based on upper and lower threshold values, frequency of data transmission, or other characteristics – and appropriate action can be taken. For example, a data feed from a temperature monitor may not be high priority traffic, unless it exceeds a certain value, or unless it is triggered with a certain frequency. In addition, with data manipulation capabilities, Distrix Tunnels can provide on the fly translations to provide greater integration between systems, such as converting hex values from a PLC to decimal or binary as needed by a database server.
  • 9. 9 Type Method Details Digital Connection at input and Read/write is initiated from the pins using OS drivers. Interrupt and output pins of general polling mode supported. Polling interval configurable in microseconds, purpose IO port with automatic monitoring to send data data only on change of a pin value. Ethernet Encapsulation of Tunnel behaves as a pseudo-wire connection with routing capabilities. Ethernet frames Linux tap and bridge utilities provide direct access to Ethernet packets to and from the physical interface. Tunnel endpoints are configured as a switch by default to connect multiple gateways and share data from each interface among several identified endpoints. HTTP/S Point to Point Proxy Addresses and ports accessing network resources hosted at origin are proxied to a bind address at the destination. SSL/TLS supported. Connections can be pipelined to improve connection performance to commonly used resources. Splunk Point to Point The Distrix TCP tunnel module can be used to write various data types directly to a Splunk Indexer by identifying a TCP listen port on the Splunk indexer, and writing to that port using the Distrix TCP tunnel. By implementing Hybrid Tunnels, a number of datatypes are easily collected from the network edge and written securely to Splunk. Hybrid tunnels that can be configured without any data conversion requirements include the GPIO, Serial, TCP, and Modbus tunnels. Serial RS-232 and RS-422/485 Standard serial configuration parameters (i.e. flow control and baud rate), or tuned to serial device and infrastructure properties. IP IPv4 and IPv6 Devices on each local network are configured to use the Distrix as the gateway for the connected networks, or to have a local default gateway route traffic for the remote network through the Distrix gateway. NAT translation, remapping, and DNS support provided. Fine grained client / server specificity controls the ability to create connections Modbus Modbus RTU or TCP Both Modbus RTU (RS-485 or RS-232) and Modbus TCP are supported by the Modbus Tunnel Module in both Master and Slave mode. The configuration allows definition of the coils and registered to be written to or polled. As a Master or Client, the frequency at which to communicate with the Slave or Server can be configured. Data is communicated in simple textual format. In Hybrid mode, data conversions can be easily applied through policies. Application Application socket The application tunnel module is a library that links into the user’s program and writes to an application socket. It can be used to either integrate a secure remote connection into an existing application, or embed Distrix capabilities into an application to simplify the implementation of the network stack. The application tunnel can also be used in application to application or in hybrid modes. Hybrid mode simplifies the integration of sensor and system data to database or monitoring applications.
  • 10. 10 © 2016 Distrix Networks Ltd. All Right Reserved Increasing the Power of Existing Networks With the Distrix Software Defined Infrastructure overlaying a virtual network through Distrix Gateways, the ability to manipulate and manage data in the network itself opens up tremendous possibilities for increased efficiency, insight, and contextualized action through payload and communications header analysis and modification. A number of policies are included for common functions, and custom policies can be easily generated for additional functionality. In many OT networks, sensor data is collected from operational systems and provides little or no information other than a measured value. In order to analyze the data in a wider operational context, additional information is very helpful. With Distrix, timestamp, location and other configuration management information can be added to the data stream for a much clearer view of the operation’s overall Industrial Internet. Data collected from devices such as PLCs are often hexadecimal representations of values collected by the local system. With Distrix, calculations or data conversions can be applied to raw data values at the source, to provide user readable data to an analytical system, opening the door for very advanced visualizations and automation, as well as data translation for system integration. Distrix provides the ability for overall data communication to be reduced by filtering less valuable data, which might be defined by setpoints, frequency, or other measures. Data filtering is often used in conjunction with other modifications in the data stream to simultaneously reduce data volume increase data value, for greater efficiency and reduced complexity of the network itself. With Distrix, several inputs can be used to manage various aspects of network performance. Response times from network resources can be leveraged to determine endpoint preference and complex rules can be developed to manage the network automatically and dynamically under changing conditions. With Distrix Policy Modules Metadata addition Data manipulation Data filtering Dynamic routing
  • 11. 11 Since the full functionality of the Distrix software has a footprint of under 50MB, it can be added to many legacy and new OT and IT endpoints, such as motor controllers, PLCs and Smart Grid meters. Whatever the device, Distrix Links encapsulates, encrypts, and hides data at the packet level, meaning data is protected in transit, regardless of whether it travels across the internet, over radio transmission, or in the clear. Packet Level Encryption of Device Data Advanced Security Capabilities Distrix software was originally designed and deployed for the US Predator Drone program, where highly stealth, secure and reliable communications are mission critical requirements. The capabilities born out of the Drone program and other secure government operations are available to customers of the Distrix solution. In a world where experts advise companies to create a security posture under the assumption that attackers may already be operating inside their network, Distrix provides a secure OT/IT end to end solution even if a portion of the existing network is compromised. Distrix provides multiple layers of encryption, securing data at the packet level via Distrix Links as well as end to end through Distrix Tunnels. Distrix Links encapsulate and encrypt packet data between network nodes. Distrix Tunnels provide end to end application layer encryption and security as well as user authentication and role based access. A unique Distrix Tunnel is established for each individual data endpoint. Each Distrix Tunnel is encrypted independently with its own unique key that can only be accessed at the data source and end destination, so the data is protected end to end until it reaches the terminating Distrix node. In the unlikely event that one Tunnel is compromised, the other Distrix Tunnels remain secure with their own unique keys. Unique Encryption per Distrix Tunnel
  • 12. 12 © 2016 Distrix Networks Ltd. All Right Reserved Advanced Security Capabilities Continued Since Distrix is able to select any layer of the OSI model for data transmission, sensitive data does not have to be delivered through the traditional Physical connections, Data links or Application layers that hackers and other adversaries may be watching. Data can be sent over any channel, whether or not it was intended for that application or protocol. These covert communication channels can be dynamically changed based on policy, if desired. Data packets that are encapsulated at the source (per the process above) can then be randomly transmitted across a variety of links, ports and protocols. Modbus TCP traffic, for example, does not have to be transmitted via Port 502, but can be encapsulated and delivered randomly via UDP streams via port 5060, SNMP traffic via Port 161, etc, and then reassembled at the destination endpoint. The packets remain in their original protocol, they are simply encapsulated and disguised as a different protocol and transmitted across different channels. This stealth capability adds a layer of security so that data is safely and covertly communicated even if systems are compromised and being sniffed by hackers. Distrix allows customers to use their own encryption at any point in the transmission, adding even more layers of protection. Customers can combine any or all of the above encryption and covert communications techniques for multiple layers of security. With this approach, adversaries would need to successfully penetrate every layer in order to retrieve sensitive customer data. Even if hackers had successfully breached a portion of the customer’s existing network prior to the Distrix solution implementation, Distrix is able to encapsulate data at the packet level at the source as well as provide an encrypted end to end Distrix Tunnel within that customer network and across the internet, so data remains protected even in the most hostile environments. Distrix also provides extensible management tools for additional security, such as: Rich authentication and authorization Handshake validation for network infrastructure connections Covert Communication Channels Multi-layered End to End Security Additional Security Management Tools Grouping for network management User Class assignment
  • 13. 13 Complete Control With Distrix Management SELECTED REPORTING ELEMENTS Successful Industrial Internet deployments require control and insight, and Distrix provides the functionality as well as the extensibility to leverage other dedicated platforms as needed. The Distrix API enables comprehensive network monitoring and management. Instantaneous feedback of the states of each layer of both the Distrix network and the underlying physical infrastructure keep operators and other users informed. A basic GUI is provided with the Distrix platform for core functionality, which may be further expanded by integration with dedicated IT and OT monitoring platforms. Distrix Links Performance characteristics - Bandwidth - Latency - Jitter Utilization - Bandwidth Used - Data volumes transmitted and received Queued data The Distrix Gateway CPU utilization Licensing status Distrix Tunnels Bandwidth of streams by direction Tunnel addressing Host and requestor addressing Control Gateway license management User authentication and privilege delegation Network security management Network infrastructure configuration Creation and configuration of link targets Tunnel endpoint configuration
  • 14. 14 © 2016 Distrix Networks Ltd. All Right Reserved About Distrix Distrix unlocks the benefits of advanced, integrated enterprise and operational systems to increase security, competitiveness and asset utilization while reducing costs and risks. Distrix Application Specific Software Defined Networking is the ideal platform to leverage the advantages of the Industrial Internet of Things. Distrix solutions do not require wholesale network equipment replacement, they are easily staged for minimal business disruption, and they are easily integrated with a remarkably small footprint – helping ensure asset longevity and upgradeability. 1880 West 1st Ave, Suite 200 Vancouver, BC V6J 1G5 Canada 1-855-657-7275 info@Distrix.com http://www.Distrix.com To contact our offices: