One Server, Multiple Networks
The Ignition Gateway supports dual-NIC servers, and can act as a bridge between multiple networks, or communicate with multiple sites over a corporate WAN. Since clients talk to databases and PLCs through the Gateway, clients can be launched from both a corporate network and an isolated control network, and provide full access to both. Built-in security settings can restrict project access to users on different networks, either by restricting certain things in a project, or denying access to a whole project based on user role and network location.
Start with the Ignition Security Hardening Guide and the Server Sizing and Architecture Guide for an overview on how to implement Security Architecture.
Security Engineering is required for non-standard applications and Enterprise Integration. The ISA 62443 series of standards is a great starting point to determine the level of security required to meet your risk needs. The NIST Cybersecurity Framework (CSF) is another option.
Be especially careful with high access or risk environments, such as Internet accessible gateways, or Operational Technology (OT) environments with high safety requirements.
Using a single Ignition system to perform distinct functions increases risk. Consider separating Ignition architectures and security providers (e.g. Identity Providers, databases, etc) when:
- Dealing with multiple different application types (“use cases”)
- Dealing with different types of sensitive data (e.g. Personally Identifiable Information, banking, versus organizational trade secrets)
Frontend Ignition gateways host “stateless” services with visualization modules such as Perspective, Vision, and Reporting. Using application load balancers can protect Ignition, create redundancy, and scale performance. Any number of identically configured gateways may be used to scale out. Configure the load balancer to favor persistent connections (“sticky sessions”).
Remote providers allow access to data. Consider “read only” gateway network connections if needed.
Ignition “I/O” gateways are used for machine-to-machine communication and are usually segmented from Internet connections and user remote access. These gateways host tag systems, PLC connections, database connections, historians, etc, which are considered to be “stateful”. Ignition I/O gateways are best protected with Ignition redundancy or redundant systems implemented below Ignition. End users should not need to communicate directly with I/O gateways.
Ignition I/O gateways should be scaled out by adding additional gateways. I/O gateways should host distinct content from each other. For example, “Gateway A” might connect to PLC 1 and PLC2, while “Gateway B” connects to PLC3. Both support Ignition redundancy.
Scaling is often separated by geographic location or process function. Consider using Ignition Edge gateways close to the data source. Utilizing Store and Forward from edge gateways to a central gateway or database mitigates the effects of a network outage.