M2M Gateway Features

Jari Lahti, CTO

www.violasystems.com

Viola M2M Gateway

Industrial-grade gateway for Viola's Arctic

Modems
Connects SCADA network with GPRS or other
network
Offers mobile operator independent static IP
addressing for connected Arctic Modems
Easy and quick to install and configure
Firewall and VPN for secure communication
2 x 10/100 Base-T Ethernet ports
Hot Stand-By with secondary M2M Gateway
Load Sharing with secondary M2M Gateway

M2M Gateway Versions

Standard
19" 1U rack
up to 300 Arctic clients (unlimited, traffic dependent)

Enterprise

19" 1U rack
up to 2500 Arctic clients (unlimited, traffic dependent)
redundant power supply, fans
redundant hard disks

Security Features
Stateful inspection firewall
Filter rules for incoming, outgoing and routed traffic
Packet logging
VPN
SSH-VPN between Arctic and M2M
L2TP between Arctic and M2M
OpenVPN between client computer (SCADA) and
M2M
Management
HTTPS, SSH
Console

Installation Requirements
M2M installation requires fixed and public IP address to
where the client devices can connect to
Used ports (can be altered)
TCP port 22 (SSH-VPN)
TCP port 10 000 (WEB UI)
UDP port 1701 (L2TP-VPN)
UDP port 1194 (OpenVPN)
Installation either directly to public IP or to DMZ zone

Internet

Internet

eth0
Public IP

eth0
Public IP

Private IP
Company

Firewall / router with port

forwarding

SCADA Connection
The M2M Gateway is transparent for SCADA
communication - the traffic is only encrypted and
capsulated to VPN
SCADA can be connected directly to M2M Ethernet port
or remotely by using OpenVPN software VPN
OpenVPN clients available for Windows, Linux and Mac
SCADA

Internet

SCADA
OpenVPN

eth1

eth0
Public IP

Internet

eth0
Public IP

Load Sharing
Multiple M2M Gateways can be connected parallel
Each M2M Gateway must be available on different IP
address or different TCP/UDP port
If SCADA is connected directly to M2M:s
configure static routes to SCADA PC
or enable proxy-ARP feature on M2Ms

If SCADA is connected by using OpenVPN

separate OpenVPN connection to each M2M

Each Arctic group connects primary to dedicated M2M

A

SCADA

Internet
B

Redundancy
Each Arctic can connect primary and secondary M2M
If the primary connection fails Automatic switching to
backup happens
Each M2M Gateway must be available on different IP
address or different TCP/UDP port
SCADA must be connected directly to M2M:s
enable proxy-ARP feature on M2Ms
when the SCADA PC makes ARP request the M2M
gateway currently hosting the requested Arctic will reply

Can be used together with Load Sharing

Settings can be copied between M2M's
A

Primary M2M

Internet

A
Backup M2M

SCADA