Direct Connect for production OT data
Use Direct Connect for consistent latency on historian-to-cloud data pipelines. Use VPN for development and low-bandwidth connections.
8.3 Connectivity
VPCs and security groups protect cloud workloads. Connecting those workloads to on-premises networks requires either a VPN tunnel over the internet or a dedicated private circuit.
Direct Connect vs VPN
Section titled “Direct Connect vs VPN”| Feature | Site-to-Site VPN | Direct Connect (AWS) / ExpressRoute (Azure) |
|---|---|---|
| Transport | Encrypted tunnel over public internet | Dedicated private fiber circuit |
| Bandwidth | Up to ~1.25 Gbps per tunnel | 1 Gbps, 10 Gbps, or 100 Gbps |
| Latency | Variable (internet path) | Consistent (dedicated path) |
| Setup time | Minutes | Weeks to months |
| Cost | Low (pay per hour) | High (monthly port fee + data transfer) |
| Encryption | IPsec (built-in) | Not encrypted by default (add IPsec if needed) |
| Redundancy | Dual tunnels (active/passive) | Dual connections to different locations |
Use VPN for development environments, low-bandwidth connections, and quick setup. Use Direct Connect for production workloads that require consistent latency, high bandwidth, or regulatory requirements that prohibit internet transit.
For OT environments, Direct Connect provides the consistent latency needed for historian data replication and SCADA-to-cloud data pipelines. A VPN over the internet introduces variable latency that causes timeout errors in time-sensitive data transfers.
NFV — Network Functions Virtualization
Section titled “NFV — Network Functions Virtualization”NFV (Network Functions Virtualization) replaces dedicated hardware appliances (routers, firewalls, load balancers) with software running on standard servers. A single physical server runs multiple VNFs (Virtual Network Functions) simultaneously. SDN (Software-Defined Networking) separates the control plane from the data plane, allowing a central controller to manage the network programmatically.
Key Takeaways
Section titled “Key Takeaways”NFV replaces hardware with software
Virtual firewalls, routers, and load balancers run on standard servers, reducing hardware costs and enabling rapid provisioning.
What Comes Next
Section titled “What Comes Next”Connectivity bridges the cloud and the plant. The next page covers how OT organizations use cloud for analytics and monitoring while keeping control commands on-premises.
References
Section titled “References”- AWS. (2024). AWS Direct Connect User Guide. https://docs.aws.amazon.com/directconnect/
- ETSI. (2013). Network Functions Virtualisation: Introductory White Paper. ETSI GS NFV 001.