Can PrivX operate within a network architecture that is in line with the Purdue ICS (Industrial Control Systems) model, specifically for providing access to level 3.0 systems?
Yes PrivX would typically be deployed within your DMZ (level 3.5) and operate in line with PERA/Perdue best practices for providing zero trust and RBAC to ICS/OT systems. The solution will allow defined access to be proxied through it creating a tightly controlled but user friendly environment.
Will I need to install additional software like agents in order to access OT systems?
PrivX does NOT require agents to be installed on target OT systems, agents can however be utilised for source side authentication to PrivX itself but this is not mandatory. (This is generally implemented when using native clients for SSH/RDP use cases which can also operate in bastion mode.)
Will PrivX interfere with how OT systems are accessed/used locally?
No, the solution does NOT interfere with local OT device access or operation, PrivX will be used to connect to OT systems (level 3 and 2) that manage devices in the levels below it i.e. (levels 1 and 0)
Updated about 1 year ago