Does ziti have a way to use profibus? I am trying to introduce Ziti as a OT SDN. Can it replace or be used with profibus? I am working on OT that uses profibus but needs encryption
Hi @mcardoza1 ,
Ziti doesn't currently have a way to use profibus. It does have a pluggable transport layer, so someone could theoretically add support for it. I don't see any GoLang libraries to support profibus, so adding support would probably be relatively challenging.
That’s one of the challenges we’re facing. I want to introduce Ziti as a SDN to replace profibus or be used in conjunction with. I figured it wouldn’t be a plug and play kinda of thing.
If you're interesting in implementing it, I can give you some pointers on where to start.
There's a transport library: GitHub - openziti/transport
You'd want to implement the transport.Conn interface found here: https://github.com/openziti/transport/blob/main/connection.go
The code at this point assumes a connection oriented, reliable transport. That will likely change in the future as we add support for UDP links, but it's the current requirement.
You'd also need to implement an Address implementation and a corresponding AddressParser.
If you had all that, you could probably compile a version of the router and go sdk which supported profibus.
I'm not sure what pieces you're thinking would need to support profibus, if it's just the edge or if you'd also want the fabric mesh. If you've got Go support, then the edge listener in the router would be set as well as router to router links. If you want anything other than Go based apps on the edge clients, you'd also need to add support for profibus to the C-SDK. There I'm not sure what you'd need to do, but if you're interested, let us know and someone is more familiar with the C-SDK can chime in.
Is running (converting) profibus to TCP/IP an option?
I don't know yet but I will update you as soon as I find out. I am setting up an Allen Bradley PLC with profibus connectors and a test appliance. The idea is to prove OT sensors can be protected with Zero Trust in the Nuclear sector and I know SDKs is the best way. This is all theory for now. But I feel this will change the ICS industry.
You might consider incorporating something like EdgeX Foundry to sit between your appliance and your backend. EdgeX Foundry has the concept of "device connectors" (or "southside connectors") to translate industrial protocols. See Our Platform | EdgeX Foundry, The Open Source Edge Platform. A few protocols are listed on that page, including Mobus, BACnet, and, maybe most interesting, OPC UA Server. You might be able to configure OPC for Profibus. The EdgeXFoundry backlog (Backlog - EdgeX Wiki - EdgeX Confluence) notes future direct support for Profibus.
I don't have direct experience with EdgeX, but @TheLumberjack has worked with it quite a bit and made a video of EdgeX Foundry and OpenZiti working together referenced here: Bryon Nevis on LinkedIn: #security #iot #edgexfoundry #zerotrust #openziti @TheLumberjack is also working with Edge Foundry on some deeper integrations using OpenZiti SDKs.
I proposed some solutions for doing this in our Discord. It depends on the specific environment he's working in. Those environmental details are essential to provide the right software or hardware solution.
I shared some Anybus-brand physical gateway devices that can connect PROFIBUS to Ethernet/IP. Perhaps the devices I shared could run Ziti, similar to how OpenWRT or any other gateway can.
It's also a conversation I intend to have with Anybus to help with that EdgeX Foundry backlog.