Network operators in industries like oil and gas, utilities, and manufacturing need a central way to connect branch offices and transmit data from Industrial Internet of Things (IIoT) sensors.
With many IIoT devices operating in remote areas, software-defined wide area networks (SD-WANs) allow industrial organizations to choose the best path to transmit IIoT data. These remote paths could be over a broadband connection or cellular networks such as 2G, 3G, 4G, or 5G. SD-WAN also allows IIoT networks to reduce latency as it steers traffic toward a 5G path, says Anupam Upadhyaya, vice president of product management for network security at Palo Alto Networks.
Larry Lunetta, vice president of networking, portfolio, and communications marketing at HPE Aruba Networking, says IIoT environments have been a “walled garden” with locally managed protocols in areas such as factories and utilities. As IIoT devices gather data from a production cycle and send them to a global network, SD-WAN serves as the means to connect this data, usually in the cloud.
He says the SD-WAN acts as an “on-ramp” between local resources and geographically dispersed data. With multiple cloud platforms such as AWS, Google Cloud, and Microsoft Azure offering different ways to connect data, SD-WANs provide an overlay to connect networks on top of public clouds to bring geographically dispersed data together.
Choosing the right path via SD-WAN depends on performance issues, such as latency, jittering, and server response time. That requires an SD-WAN to understand both network and application performance so it can direct the IIoT network to an optimal path, Upadhyaya says.
IoT devices communicate with an application in the cloud, but it can take multiple paths to get to the cloud, including multiprotocol label switching (MPLS), broadband, or 5G. Products like Palo Alto’s Prisma SD-WAN use machine learning to help network operators determine the optimal path for IIoT devices, according to Upadhyaya.
Other vendors that offer SD-WAN include HP Aruba Networking and Cato Networks. Here are some key ways that SD-WAN can be important to IIoT.
SD-WAN benefit: Central management
SD-WAN offers central management that brings increased visibility of IIoT sensors and devices. This visibility allows organizations to mitigate the risk of outages, according to a Palo Alto Networks blog post.
Network operators use SD-WAN to manage the performance of IoT sensors to ensure they are operating properly. A central control plane also boosts interoperability between network hardware and IoT devices, according to Palo Alto.
“Since SD-WAN provides centralized control and correlation of networking information, administrators no longer have to manually evaluate data from multiple sources to understand how locations and applications are performing,” says Evin Safdia, director of product marketing at Cato Networks.
Cisco’s SD-WAN technology also provides end-to-end visibility, and Palo Alto’s Prisma solution monitors network and application performance in real time.
“SD-WAN is an application-aware network solution and makes policy decisions based on application performance criteria,” says Jonathan Forest, VP analyst at Gartner. “It can provide visibility into network and application performance for IIoT devices and endpoints.”
Network operators that monitor remote IIoT locations such as an oil rig, water tower, or shipping warehouse require visibility.
“When you think about industrial IoT, first of all, visibility is paramount,” Upadhyaya says. He says that discoverability and visibility built into Palo Alto Prisma SD-WAN lets organizations identify IoT devices and monitor traffic patterns wherever they are. SD-WAN could also help a power plant manage energy distribution and energy efficiency using IIoT sensors.
“Some of these [sensors] could be so remote that they do not have the most optimal network connection,” Upadhyaya says. “And that's really where SD-WAN shines.”
How SD-WAN helps with supply chains
An SD-WAN solution could help a manufacturing environment such as an automobile supply chain send data on the status and volume of vehicles in the supply chain as it is shared with a larger global network, Lunetta notes.
IIoT networks share the status of an automobile production cycle and indicate the timing of deliveries. A wide area network works well to send this supply chain data because data sources are geographically dispersed, according to Lunetta.
Predictive maintenance and telemetry
Sensors transmit predictive-maintenance info on when a machine might fail to a data center or the cloud over a wide area network using SD-WAN. The sensors communicate via a local wireless platform, which sends signals up to an SD-WAN. The SD-WAN then sends signals to a predictive maintenance application.
SD-WAN could help an oil refinery monitor oil levels, temperature, or operational efficiency. The SD-WAN technology could also enable a medical lab to monitor the temperature of a refrigerator.
“SD-WAN can automatically sense when a connection isn’t performing well and move that connection to another pipe,” Lunetta says.
Records of issues with IIoT machines are stored in the cloud and flow through SD-WAN. An SD-WAN solution can monitor bandwidth usage, latency, and server response time for an IIoT device, according to Upadhyaya.
Security via an SD-WAN
SD-WAN networks allow administrators to face IIoT security threats. These networks predefine access policies for how IIoT data travels. Encryption can be part of these access policies, according to Lunetta.
In addition, SD-WAN lets network managers control connectivity and which applications they can access. SD-WAN can eliminate blind spots so that network operators can see sensors or IIoT devices and authenticate them, Lunetta says.
SD-WAN discovers IoT devices and segments them while also blocking application traffic if a threat is detected, Upadhyaya says. He describes how many IIoT devices lack a sophisticated security posture. In an east-west segmentation, SD-WAN allows an IIoT network to determine which applications an IIoT device can talk to. An SD-WAN can apply security policies and allow an IIoT device to download or upload software.
SD-WAN works together with Secure Access Service Edge (SASE) solutions to secure IIoT networks.
“SASE supports branch office, remote worker, and on-premises secure-access use cases,” Gartner’s Forest says. “SASE is primarily delivered as a service and enables zero-trust access based on the identity of the device or entity, combined with real-time context and security and compliance policies.”
By using SD-WAN as part of a SASE solution, IIoT networks can perform malware inspection, segment IIoT traffic, and patch software virtually, which can prevent network attacks from zero-day exploits, says Dave Greenfield, director of technology evangelism at Cato.
In addition to security, pairing SD-WAN with SASE also enables cloud application optimization, according to Greenfield.
“Plants rely on the cloud like any other IT sector,” Greenfield says. “When paired with a Cato SASE architecture, SD-WAN ensures efficient traffic steering based on quality-of-service requirements and security policies. This delivers direct, secure cloud access while maintaining bandwidth efficiency.”