Around the globe, governments, enterprises, factories, etc., are going through digital transformation. Digital transformation means different things to different entities — for some it could mean adopting a cloud environment or connecting IoT sensors. For others, it might mean updating the technical development stack. But at the heart of all these innovations is live data generation, data flow, and data analysis – in real time!
The demand for real-time data distribution is growing exponentially across IT systems as we strive to create more value for stakeholders, and a better user experiences. Solace PubSub+ Event Broker is a robust, reliable event broker that helps organizations manage these data distribution challenges.
Data and network security are also critical elements of any digital transformation. Networked systems are now subjected to growing cyber-attacks, with the cyber-security related challenges organizations face including:
- How to keep mission-critical and sensitive systems that house citizen data, nuclear power plants, etc., safe and secure?
- How to minimize security vulnerability due to human error?
- How to make sure that whatever is entering or going out of the organization’s IT network boundary is safe and secure?
- How to mitigate against any new firewall vulnerability?
- How to ensure that hackers will not penetrate our IT systems?
These are some of the challenges that ST Engineering Data Diode (aka DigiSafe Data Diode) tries to resolve. Data Diode is a network appliance or device that allows data to travel in only one direction, making bi-directional transfer of data physically impossible, which protects critical systems from inbound cyber-attacks. To give you an analogy, think of it like an airport checkpoint. When you get off the plane, you leave the terminal’s secure area by walking through a set of doors, past a guard who ensures nobody goes in that way, not even somebody like you who just left! Similarly, if you want to enter the terminal’s secure area from unsecure area, you need to present your ID and a boarding pass and go through a series of checkpoints like x-rays, scanners, and swab checks.
Similarly, data diodes are used in mission-critical or high-security environments, such as defense, power plants, etc. They serve as connections between two or more networks of differing security classifications. Data Diode ensures the confidentiality and integrity of those sensitive networks that an organization needs to protect. Thus, together PubSub+ Event Broker and data diode technology can provide both cybersecurity and the network connectivity needed for real-time data transfer.
Both data distribution and data diodes are here to stay to solve the challenges of secure transfer of real-time data. We are seeing an increase in demand for these two technologies coming together. In this article, I will explore how these two technologies can be architected and deployed together.
Use cases of Solace PubSub+ Event Broker and ST Engineering Data Diode
One of the critical technical building blocks used to ensure that the right data flows to the correct entity, in a timely manner, is the data distribution mechanism. Solace PubSub+ Event Broker guarantees that the right messages from the senders will be delivered to the recipients on time, even though the messages may be encapsulated in different formats and/or transmitted using different protocols. By integrating Solace PubSub+ Event Broker and ST Engineering Data Diode as a holistic solution, we can bridge the data flows securely across different networks. The scenarios below illustrate various sample use cases.
Message Flowing Through Two Different Departments
There is a need to flow real-time information from one department to another which have different security classification. For instance, secure citizen data (like social security number, passport detail, medical record, etc.) needs to move from a central government database to a less secure department like the Ministry of Health, or a passenger’s passport information in the airport immigration system needs to flow in real time to a highly secure immigration control department.
Monitoring IoT Devices
IoT sensor monitoring data in a highly secure nuclear power plant or refinery or factory needs to be transmitted to the headquarters. The operation team, which is at the headquarters, needs this data in real time for monitoring purposes. The data can be transmitted only in one direction. The data can only be read, and no command can be sent back. This allows safety against unnecessary control of highly secure resources.
Also, for a highly secure corporate system, Data Diode and Solace PubSub+ Event Broker can be used to transfer the data from IoT devices to the corporate network securely.
Solace PubSub+ Event Broker and ST Engineering Data Diode Joint Architecture
The section will describe how Solace PubSub+ Event Broker and ST Engineering Data Diode can be integrated as a holistic solution to transfer messages securely between two “isolated” networks and applications. These may be two government agencies distributing information to each other, or it may be increased real-time communication between OT and IT networks as adoption of Industry 4.0 architecture increases.
Since Data Diode already has MQTT connectors, we will leverage the Solace PubSub+ Event Broker’s native MQTT capabilities to do the integration.
MQTT is a lightweight publish-subscribe messaging protocol that’s fast becoming the de facto protocol of choice for Internet of Things (IoT) applications. MQTT’s popularity is primarily due to its small bandwidth usage and low power consumption.
Thus, the integration between the two product is something as below:
Installing PubSub+ Event Broker
For Solace PubSub+ Event Broker, you have multiple (free) ways to set up an instance:
- Install a Docker container running locally or any of the cloud environment
- Set up a free 30-day trial instance on Solace Cloud (easiest way to get started)
Please post on Solace Community if you have any issues setting up an instance.
Setting up MQTT protocol:
PubSub+ Event Broker acts as an MQTT broker. There is no additional software required for this. We need to make sure that the MQTT service in the broker is enabled and take note of the port number where the service is running. This can be done very easily using PubSub+ Broker Manager.
ST Engineering Data Diode Setup
ST Engineering Data Diode supports MQTT broker data replication. In this case, Solace PubSub+ Event Broker works as MQTT Broker in both networks.
You need to make sure that the MQTT service in the Data Diode is enabled and running. You can ensure this by logging into the ST Engineering Data Diode Sender/Receiver Management Portal.
For more details on diode setup, please contact the ST Engineering team.
Conclusion
Both Solace PubSub+ Event Broker and ST Engineering Data Diode are important enabling technologies for digital transformation in this age of digital disruption. Solace PubSub+ Event Broker provides a highly reliable broker that supports open protocols for real-time data distribution at scale, and ST Engineering Data Diode offers enhanced security of these transfers. I hope this post provides you with a better understanding of how these two products work together to provide a highly secure, reliable and high performance solution for data distribution.
Explore other posts from category: For Developers