How should a tunneler handle network security?

2 min read

Apr 5, 2016 1:14:18 PM


This is Part 2 of our “25 Things to Consider when Choosing an OPC Tunnel” series. How does the tunneler handle security?

Security is an integral consideration when choosing a tunneling solution.  This blog will cover some important aspects of security to consider when evaluating different tunneling solutions.


If you missed Part 1, we highly recommend that you read that post first.  Also, if you are unfamiliar with exactly what an OPC tunnel is please click here for a blog post explaining that topic.

Effective tunnelers offer multiple methods to ensure your data being sent across the network is secure.  There are 3 main considerations when evaluating security:

  1. Does the tunneler support encryption?
  2. Does the tunneler allow use of authentication?
  3. Can the tunnel be made read-only?

Does the tunneler support encryption?

You want the ability to encrypt the data being sent over the network using the highest available level of SSL encryption available for the combination of operating systems that you are using. This will avoid data being sent in a plain text readable format over the network.

If you want more security and have a WAN between your sites that is already secured by a VPN, the tunneler will run inside that VPN tunnel as well. A tunneler may also offer the ability to binary encode the data before it is SSL encrypted, which adds another layer of protection.

Info Graphic - Secure Tunneling of OPC Data

Does the tunnel allow use of authentication?

In addition to encryption options, a tunnel offers username and passwords. What good would the encryption be if a bad guy with your IP address could connect? An effective tunneler requires a login with a username and password in addition to encryption, and allows only authorized users to have access to your sensitive production data. By combining encryption, binary data encoding, and username/passwords, you obtain peace-of-mind for your data security.

Can the tunnel be made read-only?

Sometimes you want the other end of the tunnel to see the data but not make any changes. For example, when two companies are sharing data, they want their partner to view data but not change it. An effective tunneler supports both read–write and read–only connections, allowing you to choose which way your data flows. The tunneler may also allow simultaneous multiple tunnels between sites, which could allow you to put “reads” and “writes” into separate and isolated tunnels.

How a tunneler handles security is just one of the many considerations when choosing an OPC tunnel. To reiterate from our last post, choosing an effective tunneler that takes into account your application requirements will make a big difference in your operational effectiveness, resiliency, and profitability. Learn about the other reasons in the free whitepaper “25 Considerations when choosing a tunneling solution”.

Download Free Whitepaper

Win Worrall
Written by Win Worrall

Software ToolBox Technical Blog

We're engineers like you, so this blog focuses on "How to" appnotes, videos, tech team tips, product update announcements, user case studies, and other technical updates.  Subscribe to updates below. Your feedback and questions on posts are always welcomed - just use the area at the bottom of any post.

Subscribe to our Blog

Recent Posts

Posts by Topic

See all