3. 3
The Power of the Distrix Gateway
The Distrix Gateway provides the network and application separation needed for optimal Industrial Internet
Network design. Distrix Tunnels focus on the needs of the applications, while Distrix Link Modules manage the
underlying infrastructure, and the Distrix Core provides the ability to put the two together and provide optimal
application performance with a dynamic and resilient Software Defined Infrastructure. The result is IT and OT
applications acting and reacting independently or in concert, as business rules dictate.
Supported Platforms
x86/x64 Windows 7
Ubuntu Linux
Raspberry Pi 2 Raspbian Jessie
x64 Red Hat/CentOS Linux
ARM9 Very flexible; please contact Distrix
Sales to discuss your needs.
Distrix Gateways are installed on existing networking and control equipment to provide
a common interface through Distrix Link Modules to leverage the power of advanced
Software Defined Networking across IT and OT systems and equipment.
The Distrix Gateway establishes Distrix Tunnels to transmit data
easily and efficiently, regardless of actual physical infrastructure
5. 5
Feature Details
Traffic Routing Gateways read tagged data streams and relate that to the
originating and receiving nodes in order to route traffic based
on changing conditions
Endpoint Identification The flexibility of a Distrix network means that the Distrix Core
and Prioritization can identify and prioritize end points for data on the fly – an
originating node may have a variety of potential endpoints;
the Distrix Core on each node helps to define the most
appropriate one based on current conditions.
Optimization By constantly monitoring their piece of the network in
relation to the capabilities of different linkages and the
needs of the data itself as defined by its meta-data, the
Distrix Core acts as a distributed optimization center.
Management Distrix Core is able to give IT and OT managers significant
and timely insight to network health and utilization through
analytics that would not otherwise be available with a
centrally monitored or fragmented system.
7. 7
USE CASES
Video traffic starts transmitting on a security perimeter breach and results in non-
critical data being suspended while the video traffic is routed a 3G connection.
A broken fiber links renders connectivity to a actuator limited but this critical data can
be routed over a secondary WiFi link.
Changing bandwidth availability on a satellite uplink causes critical data to take priority
and non-critical data to be cached or transmitted through higher latency channels.
Type Features and Advantages
UDP The UDP Link Module is the recommended Link Module for use across IP
networks. It provides Distrix with the greatest flexibility for link and stream
management including the use of both reliable and unreliable Tunnel Streams.
UDP links can be defined in a way that specifies the connection to and from
specific interfaces on both Windows and Linux. This allows the designated use
of multiple interfaces on devices for seamless link transition and aggregated
bandwidth.
UDP link module overhead is minimal. Resultant latency of stream overhead
across Distrix links is typically in a single digit microsecond range, and
bandwidth impact is limited to the addition of a small Distrix header.
The UDP Link Module can be configured to listen on one or more ports for
other Distrix Gateway connections. To help prevent denial of service attacks,
the UDP link module can be configured to require acceptance of a cookie by
the targeting gateway.
Serial The Distrix Serial Link Module can be used to connect two Distrix Gateways
to each other using crossover serial connections. More commonly, serial will be
used to connect Distrix to a serial communications device, such as commonly
used spectrum hopping radio or satellite gateways. In these cases, Distrix will
set up a connection as DTE rather than DCE. Serial properties are configurable
and can use hardware flow control if appropriate.
TCP Some networks and firewalls block UDP traffic on all ports. In these cases, the
TCP Link Module can be used as an alternative means of forming links between
Distrix Gateways over IP networks. Because TCP is an inherently reliable
connection, some additional traffic overhead can be expected.
9. 9
Type Method Details
Digital Connection at input and Read/write is initiated from the pins using OS drivers. Interrupt and
output pins of general polling mode supported. Polling interval configurable in microseconds,
purpose IO port with automatic monitoring to send data data only on change of a pin
value.
Ethernet Encapsulation of Tunnel behaves as a pseudo-wire connection with routing capabilities.
Ethernet frames Linux tap and bridge utilities provide direct access to Ethernet packets
to and from the physical interface. Tunnel endpoints are configured as
a switch by default to connect multiple gateways and share data from
each interface among several identified endpoints.
HTTP/S Point to Point Proxy Addresses and ports accessing network resources hosted at origin are
proxied to a bind address at the destination. SSL/TLS supported.
Connections can be pipelined to improve connection performance
to commonly used resources.
Splunk Point to Point The Distrix TCP tunnel module can be used to write various data types
directly to a Splunk Indexer by identifying a TCP listen port on the
Splunk indexer, and writing to that port using the Distrix TCP tunnel.
By implementing Hybrid Tunnels, a number of datatypes are easily
collected from the network edge and written securely to Splunk. Hybrid
tunnels that can be configured without any data conversion
requirements include the GPIO, Serial, TCP, and Modbus tunnels.
Serial RS-232 and RS-422/485 Standard serial configuration parameters (i.e. flow control and baud
rate), or tuned to serial device and infrastructure properties.
IP IPv4 and IPv6 Devices on each local network are configured to use the Distrix as the
gateway for the connected networks, or to have a local default gateway
route traffic for the remote network through the Distrix gateway. NAT
translation, remapping, and DNS support provided. Fine grained client /
server specificity controls the ability to create connections
Modbus Modbus RTU or TCP Both Modbus RTU (RS-485 or RS-232) and Modbus TCP are supported
by the Modbus Tunnel Module in both Master and Slave mode. The
configuration allows definition of the coils and registered to be written to
or polled. As a Master or Client, the frequency at which to communicate
with the Slave or Server can be configured. Data is communicated in
simple textual format. In Hybrid mode, data conversions can be easily
applied through policies.
Application Application socket The application tunnel module is a library that links into the user’s
program and writes to an application socket. It can be used to either
integrate a secure remote connection into an existing application, or
embed Distrix capabilities into an application to simplify the
implementation of the network stack. The application tunnel can also
be used in application to application or in hybrid modes. Hybrid mode
simplifies the integration of sensor and system data to database or
monitoring applications.
11. 11
Since the full functionality of the Distrix software has a footprint of under 50MB, it can be added to many
legacy and new OT and IT endpoints, such as motor controllers, PLCs and Smart Grid meters. Whatever the
device, Distrix Links encapsulates, encrypts, and hides data at the packet level, meaning data is protected in
transit, regardless of whether it travels across the internet, over radio transmission, or in the clear.
Packet Level Encryption of Device Data
Advanced Security Capabilities
Distrix software was originally designed and deployed for the US Predator Drone program, where highly
stealth, secure and reliable communications are mission critical requirements. The capabilities born out of the
Drone program and other secure government operations are available to customers of the Distrix solution. In a
world where experts advise companies to create a security posture under the assumption that attackers may
already be operating inside their network, Distrix provides a secure OT/IT end to end solution even if a portion
of the existing network is compromised.
Distrix provides multiple layers of encryption, securing data at the packet
level via Distrix Links as well as end to end through Distrix Tunnels.
Distrix Links encapsulate
and encrypt packet data
between network nodes.
Distrix Tunnels provide end to end application
layer encryption and security as well as user
authentication and role based access.
A unique Distrix Tunnel is established for each individual data endpoint. Each Distrix Tunnel is encrypted
independently with its own unique key that can only be accessed at the data source and end destination, so
the data is protected end to end until it reaches the terminating Distrix node. In the unlikely event that one
Tunnel is compromised, the other Distrix Tunnels remain secure with their own unique keys.
Unique Encryption per Distrix Tunnel
13. 13
Complete Control
With Distrix Management
SELECTED REPORTING ELEMENTS
Successful Industrial Internet deployments require control and insight, and Distrix provides the functionality
as well as the extensibility to leverage other dedicated platforms as needed. The Distrix API enables
comprehensive network monitoring and management. Instantaneous feedback of the states of each layer of
both the Distrix network and the underlying physical infrastructure keep operators and other users informed.
A basic GUI is provided with the Distrix platform for core functionality, which may be further expanded by
integration with dedicated IT and OT monitoring platforms.
Distrix Links Performance characteristics
- Bandwidth
- Latency
- Jitter
Utilization
- Bandwidth Used
- Data volumes transmitted and received
Queued data
The Distrix Gateway CPU utilization
Licensing status
Distrix Tunnels Bandwidth of streams by direction
Tunnel addressing
Host and requestor addressing
Control Gateway license management
User authentication and privilege delegation
Network security management
Network infrastructure configuration
Creation and configuration of link targets
Tunnel endpoint configuration