About Kaspersky IoT Secure Gateway 100

Kaspersky IoT Secure Gateway 100 (hereinafter also referred to as the gateway) is a software/hardware system based on the Siemens SIMATIC IOT2040 device for the industrial internet of things (hereinafter also referred to as the Siemens SIMATIC IOT2040 or the device) that has the

This document contains a full description of the software portion of Kaspersky IoT Secure Gateway 100 and provides basic information about the hardware portion. For complete information on the Siemens SIMATIC IOT2040 device, please refer to the device User Guide. For information about the technical specifications of the Siemens SIMATIC IOT2040 device, please refer to the manufacturer's website.

Kaspersky IoT Secure Gateway 100 performs the following functions:

• Uses the
  OPC UA

  Specification defining the protocols and mechanism for data transfer in industrial networks as well as interaction between devices in these networks.

  protocol to receive data from the OPC UA server residing in the internal enterprise network.
• Forwards data received over the
  MQTT

  A network protocol that works on top of the TCP/IP protocol stack to exchange messages between devices on the internet of things.

  protocol to the
  MQTT broker

  A server that receives, filters, and forwards messages over the MQTT protocol.

  .
• Ensures the cybersecurity of the OPC UA server and supports the transmission of encrypted data.

Installation and initial configuration of Kaspersky IoT Secure Gateway 100 software is performed by experts of APROTECH LLC or its partners.

Kaspersky IoT Secure Gateway 100 is started when the Siemens SIMATIC IOT2040 device is powered on. Kaspersky IoT Secure Gateway 100 is stopped when the device is disconnected from the network.

Distribution kit

The distribution kit for Kaspersky IoT Secure Gateway 100 includes the following components:

• Siemens SIMATIC IOT2040 device for the industrial internet of things with the manufacturer-supplied configuration.
• Technical documentation for the Siemens SIMATIC IOT2040 device with the manufacturer-supplied configuration.
• MicroSD card with the Kaspersky IoT Secure Gateway 100 software pre-installed. The microSD card is installed in the microSD slot on the Siemens SIMATIC IOT2040 device.
• USB-UART adapter.
• File named legal_notices.txt that contains information about third-party code and resides on the microSD card.
• QR code containing a link to the electronic version of the User Guide for the software portion of Kaspersky IoT Secure Gateway 100 and information about the Kaspersky IoT Secure Gateway 100 software version (Release Notes).

Hardware and software requirements

Kaspersky IoT Secure Gateway 100 operating requirements

Kaspersky IoT Secure Gateway 100 works only on a Siemens SIMATIC IOT2040 device for the industrial internet of things.

To enable Kaspersky IoT Secure Gateway 100 to receive data from the OPC UA server over the OPC UA protocol, you need to configure the data transfer settings on this server. You can read about the OPC UA protocol specification on the developer's website. Kaspersky IoT Secure Gateway 100 version 2.0 supports OPC UA protocol version 1.04.

To enable Kaspersky IoT Secure Gateway 100 to forward data received from the OPC UA server to the MQTT broker over the MQTT protocol, you need to configure the MQTT broker to receive data from Kaspersky IoT Secure Gateway 100. You can read the MQTT protocol specification on the developer's website. Kaspersky IoT Secure Gateway 100 version 2.0 supports MQTT protocol version 3.1.1.

Kaspersky IoT Secure Gateway 100 configuration and diagnostic requirements

To perform gateway configuration and diagnostics, you will need a computer running a Linux operating system with a connected device that can read and write microSD memory cards and an available USB port for connecting the USB-UART adapter from the distribution kit.

The following applications must be installed on the computer:

• Simple text editor (for example, nano, mcedit, Vim, gedit, or Kate). We recommend using a text editor that supports highlighting of JSON syntax.

  To make changes to the gateway settings, you will need to connect the microSD card to the computer, mount the ext3 partitions of the card, and edit the JSON configuration files in the text editor.

• Application for establishing a communication session through the serial port (for example, PuTTY, screen, or minicom).

  To run gateway performance diagnostics, you will need to connect the gateway to the computer using the USB-UART adapter and establish a communication session. This document provides a detailed analysis of gateway diagnostics using the PuTTY application, but you can use a different application (in which case you should refer to the documentation of that application for information about establishing a communication session). PuTTY or another similar application let you receive diagnostic information through the serial port to help identify the likely reason for gateway operating issues, such as a configuration error, issues with certificates, or lack of a response on the server side.

Page top

Hardware overview

This section contains a brief overview of the hardware components of Kaspersky IoT Secure Gateway 100 (see the figure below). For complete information on the employed hardware, please refer to the User Guide for the Siemens SIMATIC IOT2040 device.

Siemens SIMATIC IOT2040 device

The numbers on the diagram represent the following components:

1 – Ethernet 10/100 Mbps interfaces (two connectors).

2 and 9 – holes for mounting brackets on a wall (two holes on the upper edge of the device chassis and two on the lower edge).

3 – LED indicators (five light-emitting diodes).

4 – right-side cover.

5 – left-side cover.

6 – hole for sealing the left-side cover.

7 – restart button.

8 – power connector.

The purpose of the USB and COM interfaces (RS232/422/485) and the User button are not examined in this document because these hardware components are not used in the software portion of Kaspersky IoT Secure Gateway 100 version 2.0.