Standard deployment of Kaspersky IoT Secure Gateway 1000

The standard Kaspersky IoT Secure Gateway 1000 deployment pattern assumes installation of the system at the boundary between network segments to provide an opportunity to define a set of traffic filtering rules. An administrator can manage the system and track its state from the internal network through the Kaspersky IoT Secure Gateway 1000 web interface and via the Kaspersky Security Center 14.2 Web Console web plug-in.

The base scenarios ensure the operation of Kaspersky IoT Secure Gateway 1000 as the unidirectional gateway and network router device types.

Standard deployment pattern for the unidirectional gateway

The standard deployment pattern for Kaspersky IoT Secure Gateway 1000 as a unidirectional gateway (see the image below) assumes the following:

  1. The device is a software unidirectional gateway.
  2. The internal and external network stacks are divided at the process level.
  3. Data transfer between the internal and external networks is possible only through the special MessageConsumer programming interface.

    This provides unidirectional transmission of industrial telemetry data from the internal network to information systems on the external network. The TLS protocol is used to ensure the confidentiality of information being transmitted.

    The MessageConsumer API is implemented in the following applications:

    • Message Sender for processing traffic from the internal network
    • Message Receiver for processing traffic on the external network
  4. Message Sender is connected to the internal network.
  5. Kaspersky IoT Secure Gateway Network Protector is connected to the internal network only.

    Standard deployment of Kaspersky IoT Secure Gateway 1000 as a unidirectional gateway

Standard network router deployment pattern

The standard deployment pattern for Kaspersky IoT Secure Gateway 1000 as a network router (see the image below) assumes the following:

  1. The device is a network router.
  2. One network stack is responsible for routing traffic between network interfaces and supports an MQTT broker (Eclipse Mosquittoâ„¢) operating on the internal and external networks for messaging.
  3. Kaspersky IoT Secure Gateway Network Protector is connected to both the external and internal networks.

    Standard deployment of Kaspersky IoT Secure Gateway 1000 as a network router

Page top