Hello, all. Can you help me with some advise about connection relaying and PI architecture?
We are on the process to implement a demilitarized zone (DMZ) between our corporate network and our automation network.
Right now the only missing step is to break the direct connection between our PI server and the PI interfaces (PI OPC and VLX PI), which are on the corporate and automation networks, respectively.
We are considering the option of using a linux machine, on the DMZ, to relay the communication back and forth. My questions are:
- is this possible? If so, which ports we will have to open on the firewalls?
- is this advisable?
- is there a better solution?
we don´t have another license to create a PI to PI approach and we would rather keep the PI Server off the DMZ because we would have to open the ports to any client from the corporate network.
I´ve attached a simplified diagram, for better understanding.