Customer Needs

Network security for ICS/SCADA that control industrial IoT (IIoT) systems in warehouses

Enable devices in warehouse to securely access databases in datacenters, while prohibiting access for all other devices

Critical application server required controlled failover ‘on-demand’ between datacenters


Size and complexity of company’s distributed datacenters and warehouses

Single-destination IP addresses create failover obstacles

Limited budget for IIoT networking and security


Dramatically improved security posture by cloaking critical and vulnerable resources; eliminating network attack vectors

Optimized operational integrity by seamlessly and securely bridging their ICS and SCADA networks with IT technologies

All requirements were addressed at a fraction of the cost and time to deploy, compared to alternatives


An industry with no room for error

A global transportation company plays in a fiercely competitive industry that has zero tolerance for network downtime, sluggish performance, or cyber breaches. The company’s complex and sprawling environment houses IT and OT (operational technology) systems across many distributed datacenters, some managed by third parties. ICS and SCADA networks control vital industrial IoT (IIoT) equipment residing in several warehouses.

Two of the company’s datacenters have infrastructure tied to a centralized warehouse application that manages the IIoT equipment located in multiple warehouses. To ensure always-on availability, the warehouse application server required controlled failover on-demand between datacenters. In addition, the application requires that specific devices and IIoT systems in the warehouses have access to databases situated in a secure, un-routeable network zone, in separate datacenters.


Securing the new world of Industrial IoT (IIoT)

Network security was required for the ICS/SCADA systems controlling the IIoT equipment. IT needed to provide the warehouse application and IIoT systems inbound access to databases to the secure database network zone without exposing the network to attacks.


Rapid and fluid failover

The warehouse application is dependent upon single-destination IP addresses that create frustrating system failover obstacles. Since DNS is not used in these environments, seamless and rapid failover of the application server between datacenters was problematic. The only viable alternatives were route injection or AnyCast, but given the size and complexity of the company’s network, failover could have taken hours to resolve.


Safe and secure with micro-segmentation and cloaking

Using Tempered Networks’ Identity Defined Networking (IDN) solution, the carrier was able to easily provision a warehouse overlay network to micro-segment and cloak the warehouse infrastructure. Additionally, they added the warehouse application server and the databases to the warehouse overlay, enabling encrypted peer-to-peer communications between these explicit systems. With IDN, the devices’ policies and access enforcement are based on unique cryptographic identities and machine network authorization, not IP addresses.


“We were under significant pressure to identify a cost-effective and proven segmentation solution that addressed our business critical and industrial IoT functional requirements. IDN seamlessly bridged all our IT and OT requirments at a fraction of the cost of alternative technologies.”

VP of Infrastructure

No need for complex SDN, firewalls, ACLs, etc.

The customer considered traditional IT solutions like firewalls, VPNs, and ACLs, but they are not only impractical for IIoT deployments, but also too complex and costly to maintain. SDN and SD-WAN failed as alternatives due to their complexity and limited reach.


Network mobility without constraints

Tempered Networks’ HIPrelay, an identity-based router, enabled them to safely allow select trusted warehouse devices to access the datacenters’ databases. Because IDN enables seamless and rapid movement of any IP resource across subnets, networks, and clouds without IP address constraints, and overcomes limitations of routing convergence and DNS, the carrier easily tackled the vexing datacenter failover issue.


Seamlessly and securely connect IIoT and IT systems

The customer has significantly improved its security posture by segmenting its ICS and SCADA networks and cloaking all its IIoT equipment, warehouse application servers and related databases. With IDN, all devices and systems in the hardened, encrypted warehouse overlay network are invisible to anything outside the overlay and cannot be violated. Furthermore, IDN gave them an ideal way to seamlessly and securely bridge their ICS and SCADA networks and IT technologies.

The warehouse application is now resilient to datacenter failover challenges, because IDN removes the constraints associated wtih single-destination IP addresses. Since IDN does not require changes or upgrades to existing infrastructure, the deployment was simple, seamless, and significantly more cost-effective compared to traditional IT solutions considered.




Experience the same simplicity, security, and connectivity that our customers achieved.