Deployment architecture

  • Published on Dec 6, 2024
  • 1 minute(s) read
Prev Next

Neeve Secure Edge (formerly View Secure Edge) is highly flexible and and can be deployed in various configurations to fit your OT/IT infrastructure needs. This article outlines some common deployment methods, each with its advantages and considerations. Neeve recommends using Secure Edge as the single point of connectivity between the OT network and the internet to ensure optimal security

Behind (preferred)

In this configuration, the Edge Node (formerly Edge iNode) is deployed inline behind the core IT infrastructure (switch and/or firewall).

Pros:

  • Creates “zero trust” perimeter, where all connections in and out of the OT network are secured through the Edge Node.

  • Enables centralized Remote Access to all OT devices, managed through Neeve cloud tools.

  • Requires only one outbound port (443) is required to be open for all traffic between the OT network and the cloud.

Cons:

  • Requires configuration changes to the existing IT switch or firewall.

Alone (preferred)

In this configuration, the Edge Node is connected directly to the WAN, with no intervening IT infrastructure.

Pros:

  • Creates “zero trust” perimeter where all connections in and out of the OT network are through the node.

  • Remote Access to all OT devices can be managed through Neeve cloud tools.

  • No impact on existing IT infrastructure, no reconfiguration is required.

Cons:

  • Neeve Secure Edge provides an L3 firewall, which is effective for small sites but may not meet the needs of larger installations.

Beside

In this configuration, the Edge Node is placed alongside the existing IT infrastructure, allowing data to flow through tor bypass the Edge Node.

Pros:

  • Facilitates Remote Access to devices without affecting existing traffic flow or requiring reconfiguration of existing routes.

  • OT equipment is still accessible from corporate networks and VPNs, while third-party vendors are managed and audited through the Edge Node.

Cons:

  • Security impact is limited as the Edge Node can be bypassed.

  • Requires additional configuration and route management by IT.

  • Makes OT device management more complex for outbound routes to cloud destinations.