Direct Connect for production OT data
Use Direct Connect for consistent latency on historian-to-cloud data pipelines. Use VPN for development and low-bandwidth connections.
8.3 Connectivity
VPCs and security groups help protect cloud workloads. Connecting those workloads to on-premises networks requires either a VPN tunnel over the internet or a dedicated private circuit.
Direct Connect vs VPN
Section titled “Direct Connect vs VPN”| Feature | Site-to-Site VPN | Direct Connect (AWS) / ExpressRoute (Azure) |
|---|---|---|
| Transport | Encrypted tunnel over public internet | Dedicated private fiber circuit |
| Bandwidth | Up to ~1.25 Gbps per tunnel | 1 Gbps, 10 Gbps, or 100 Gbps |
| Latency | Variable (internet path) | Consistent (dedicated path) |
| Setup time | Minutes | Weeks to months |
| Cost | Low (pay per hour) | High (monthly port fee + data transfer) |
| Encryption | IPsec (built-in) | Unencrypted by default (add IPsec when needed) |
| Redundancy | Dual tunnels (active/passive) | Dual connections to different locations |
Use VPN for development environments, low-bandwidth connections, and quick setup. Use Direct Connect for production workloads requiring consistent latency, high bandwidth, or regulatory requirements prohibiting internet transit.
For OT environments, Direct Connect delivers the consistent latency needed for historian data replication and SCADA-to-cloud data pipelines. A VPN over the internet introduces variable latency. Variable latency causes timeout conditions in time-sensitive data transfers.
NFV — Network Functions Virtualization
Section titled “NFV — Network Functions Virtualization”NFV (Network Functions Virtualization) replaces dedicated hardware appliances (routers, firewalls, load balancers) with software running on standard servers. A single physical server runs multiple VNFs (Virtual Network Functions) simultaneously. SDN (Software-Defined Networking) separates the control plane from the data plane. A central controller manages the network programmatically.
Key Takeaways
Section titled “Key Takeaways”NFV replaces hardware with software
Virtual firewalls, routers, and load balancers run on standard servers. NFV reduces hardware costs and enables rapid provisioning.
What Comes Next
Section titled “What Comes Next”Connectivity bridges the cloud and the plant. The next page covers how OT organizations use cloud for analytics and monitoring while keeping control commands on-premises.
References
Section titled “References”- AWS. (2024). AWS Direct Connect User Guide. https://docs.aws.amazon.com/directconnect/
- ETSI. (2013). Network Functions Virtualisation: Introductory White Paper. ETSI GS NFV 001.