The best security solution I've seen and worked with in the PI world is from a company called Waterfall.

Esentially they point out that no matter how good the firewall, it is still software-based and therefore subject to hacking. There is a chance that someone could, theoretically, get from the internet into the Admin network, to the PI Server, through the firewall or DMZ and into the control network.

The risk, albeit tiny, is that a hacker could potentially shut down the plant hacking through the internet... May sound a bit paranoid but some say this is what happened during the blackouts in the Eastern US and Canada a few years ago.

The solution they propose puts a physical barrier between a PI Server on the control network and a duplicate PI Server on the admin network. Between them is a one-way laser connection via a proprietary protocol and using some purpose-built hardware and an agent that knows how to duplicate the PI server. Pretty wild stuff!

If my explanation is confusing (it's difficult without a white board!) feel free to post questions and I'll do my best to answer them or get you in direct touch with the guys at Waterfall.


Doug

check it out: http://www.waterfall-sol...com/home/Waterfall_SME_(SCADA_Monitoring_Enabler).aspx

RJK Solutions, RapidPI.