Deployment Architecture

The View Secure Edge is highly flexible and can be deployed in multiple configurations. The document below outlines a few of the more typical ways the device is deployed within the OT/IT infrastructure. Each deployment has it’s pros-and-cons but View recommends using the Secure Edge as the single point of connectivity between the OT network and the internet.

Behind (Preferred)

iNode is deployed inline behind the core IT infrastructure (switch and/or firewall)

Pros:

• Creates “zero trust” perimeter where all connections in and out of the OT network are through the iNode

• Remote Access to all OT devices can be managed through View cloud tools

• Only one outbound port (443) is required to be open for all traffic in and out of OT network to the cloud

Cons:

• Will require a configuration change to IT switch/firewall

Beside

iNode is placed “beside” the existing IT infrastructure, allowing data to flow through the iNode or bypass the iNode.

Pros:

• Can provide Remote Access to devices with no impact to existing traffic flow and no need for reconfiguration of existing routes.

• OT equipment is still accessible from corporate networks & VPN while 3rd party vendors are managed/audited through iNode.

Cons:

• iNode’s impact on security is limited as it can be bypassed easily.

• Requires more configuration and route management by IT

• OT device management is more complex for outbound routes to cloud destinations.