What is the role of a replicator together with a data diode?
A standard implementation of a data diode contains software to enable one-way communication from upstream to downstream over the physical diode. This standard software (Appliance or Core) supports a fixed set of protocols, such as TCP, UDP, File Sharing, NTP, and SMTP. In case you need to send other types of application layer data, you will need to use so-called replicators.
Replicators can be considered add-ons to replicate data from a specialized system on the upstream network to the downstream network. Fox-IT has replicators for databases, Windows updates, and Industrial protocols. These replicators can be installed alongside the Core software, or on a separate server in case of the Appliance. The FoxDataDiode can be used in combination with a number of replicators, including:
The Fox Replicator PI can be used to replicate data from an OSIsoft PI Server to another, using a true one-way connection Fox DataDiode in between. Historian data collected in a PI Server within an Industrial Control Systems (ICS) network can be replicated to a PI Server in another network. By using a one-way connection instead of a normal two-way, bidirectional network connection, the ICS network is protected against attacks while facilitating availability of the historian data on another network, for example an office network.
The Fox Replicator OPC enables transparent replication of OPC data through the Fox DataDiode. Real-time data as well as historical data from critical production environments can be shared while the assets stay protected.
MODBUS data can be transparently replicated through the Fox DataDiode using the Fox Replicator MODBUS. In this way, the integrity of devices in critical production environments are protected. By using this solution, data from devices using the MODBUS protocol are replicated within an industrial control environment to another network. Examples include a one-way information flow from devices to monitoring stations or as input for historian databases.
The transfer of software updates through the Fox DataDiode is facilitated for several applications through available modules. For example the replication of Windows Updates using Microsoft’s WSUS system. Windows Updates are supported with a setup using Microsoft’s WSUS system. By employing WSUS servers in both the upstream as well as the downstream network, the WSUS software application module mirrors available updates from one side to another.
By replicating databases in the source network through the Fox DataDiode, information from these databases can be made available to users in the destination network. This can, for example, be a read-only copy of the original database. As databases have grown more complex and the need to replicate databases has become more complex as well, Fox-IT decided to utilize of-the-shelf solutions, developed by state-of-the art partners that have experience with databases and replication, such as MS-SQL.
Blog author: Tim van Pelt
Want to know more about the Fox Replicators? Do not hesitate to contact us via the form below.