Software Toolbox Technical Blog

2 min read

How should a tunneler handle network security?

Apr 5, 2016 1:14:18 PM


This is Part 2 of our “25 Things to Consider when Choosing an OPC Tunnel” series. How does the tunneler handle security?

Security is an integral consideration when choosing a tunneling solution.  This blog will cover some important aspects of security to consider when evaluating different tunneling solutions.


If you missed Part 1, we highly recommend that you read that post first.  Also, if you are unfamiliar with exactly what an OPC tunnel is please click here for a blog post explaining that topic.

Effective tunnelers offer multiple methods to ensure your data being sent across the network is secure.  There are 3 main considerations when evaluating security:

  1. Does the tunneler support encryption?
  2. Does the tunneler allow use of authentication?
  3. Can the tunnel be made read-only?

Does the tunneler support encryption?

You want the ability to encrypt the data being sent over the network using the highest available level of SSL encryption available for the combination of operating systems that you are using. This will avoid data being sent in a plain text readable format over the network.

If you want more security and have a WAN between your sites that is already secured by a VPN, the tunneler will run inside that VPN tunnel as well. A tunneler may also offer the ability to binary encode the data before it is SSL encrypted, which adds another layer of protection.

Info Graphic - Secure Tunneling of OPC Data

Does the tunnel allow use of authentication?

In addition to encryption options, a tunnel offers username and passwords. What good would the encryption be if a bad guy with your IP address could connect? An effective tunneler requires a login with a username and password in addition to encryption, and allows only authorized users to have access to your sensitive production data. By combining encryption, binary data encoding, and username/passwords, you obtain peace-of-mind for your data security.

Can the tunnel be made read-only?

Sometimes you want the other end of the tunnel to see the data but not make any changes. For example, when two companies are sharing data, they want their partner to view data but not change it. An effective tunneler supports both read–write and read–only connections, allowing you to choose which way your data flows. The tunneler may also allow simultaneous multiple tunnels between sites, which could allow you to put “reads” and “writes” into separate and isolated tunnels.

How a tunneler handles security is just one of the many considerations when choosing an OPC tunnel. To reiterate from our last post, choosing an effective tunneler that takes into account your application requirements will make a big difference in your operational effectiveness, resiliency, and profitability. Learn about the other reasons in the free whitepaper “25 Considerations when choosing a tunneling solution”.

Download Free Whitepaper

Win Worrall
Written by Win Worrall

Join Our Journey

Working in industrial automation since 1996, the Software Toolbox team has seen a lot. The level of automation system sophistication of our integrators and users has evolved, each driven by the demands of their market and clients.  Everyone's learning continues as technological change accelerates.

This blog is about sharing from these journeys.  From tips on implementing software, successes our clients have experienced, or new ideas and things to consider in your journey, we'll be sharing them here.

Subscribe to our Blog

Recent Posts

Posts by Topic

See all