Information and characteristics

Information and characteristics

The solution can have a 2-tier or 3-tier architecture made of:

  • Edge sensors which are installed in the industrial network. These sensors are dedicated to capture network traffic, decode protocols using the Deep Packet Inspection engine and send meaningful information to the Center.

  • The Center, a central platform gathering data from all the Edge Sensors and acting as the monitoring, detection and management platform for the whole solution.

  • Optionally, a third-tier Global Center to which all Centers are connected, for a central view of all Centers deployed within an organization for alerting, reporting and management functions.

To safeguard the data collected from the industrial network and ensure maximum reliability, the Center includes a RAID storage array. It also includes redundant internal cooling fans (x3) and dual hot-swappable power supplies.

During the installation of the Center, you will have the opportunity to set up Center data synchronization to a Global Center. Although, if you choose to set up a global infrastructure, you must install the Global Center first, then the Centers, and finally, the sensors.

Networks or segments involved

From perspective, three important networks will be involved with the platform:

  • The Administration network, used to access the Center User Interface (UI) and interact with authorized external services (NTP, DNS, API, SIEM, etc.).

  • The Collection network, used to manage all sensors. This network must be isolated from the operational traffic plant (separated VLAN/subnet).

  • The Acquisition/Industrial network, used for all industrial plant traffic and/or external interconnection under consideration that will be analyzed by the sensors (SPAN traffic collected).

Example of a installation (without Global Center):

Configuring single or dual interface (not applicable to a Global Center)

For security reasons, it is recommended to use the Center on two separate networks, respectively connected to the following interfaces:

  • The Administration network interface (eth0), which gives access to the user interface.

  • The Collection network interface (eth1), which connects the Center to the sensors.

The Center provides two dedicated and separate 10 Gigabit Ethernet network ports to connect to these two networks.

However, in case of incompatibility with the industrial network infrastructure or for limited environments, you can use a single network interface (eth0).

Refer to the Architecture Guide for more information about defining environment configuration.

IPv6 support for Cyber Vision administration services

You can use both IPv4 and IPv6 protocols for administration services in Cyber Vision.

You can use IPv6 on center eth0 for all your administration-related access, such as:

  • Accessing the web UI.

  • Integrating with third-party solutions such as syslog, ISE configurations, and LDAP.

Consider these limitations:

  • License operations only work with direct transport; Transport Gateway and HTTP/HTTPS Proxy are not supported.

  • Sensor data collection uses only IPv4, whether performed on eth0 or eth1.