Documentation
Industrial VPN (OT/SCADA) and remote sites
Connecting PLCs, machines and remote industrial sites without ever exposing them on the Internet: this is a central mesh VPN use case. VIGIL brings an encrypted private network, zero inbound ports, policy-based segmentation and the broadcast of IP business protocols — with a limit we own up to clearly for non-IP protocols.
The OT context: never expose a PLC
In an industrial (OT) environment, a PLC or a SCADA system must never be directly reachable from the Internet. Remote maintenance too often goes through risky remote access (exposed RDP, port forwarding, modems). Sites and machines need to be joined in a private network, segmented from IT, with no inbound attack surface.
Connecting sites and machines without an inbound port
- Zero inbound ports on the site side: a single connected node makes a whole workshop reachable in the private network.
- End-to-end encryption: the infrastructure transports without reading; even a compromised relay exposes only metadata.
- Continuity: the session survives network changes (4G/5G, unstable links) and a cut-off island keeps working between already-verified members.
Segmentation, audit and business broadcast
- Segmentation through ordered ACLs: every stream explicitly authorized (who talks to what), with signed, verifiable generations.
- Hash-chained audit and MFA on sensitive actions: remote maintenance is traced.
- IP business broadcast: UDP broadcast and multicast cross the mesh (discovery, IP application protocols) — see /en/docs/l2-multicast.
Remote maintenance and controlled publishing
A mesh service (HMI, historian, dashboard) can be exposed cleanly over HTTP or TCP through publications, without making the rest of the OT visible. Each customer keeps its own workspace, access rights and audit — ideal for an integrator operating several sites. See /en/docs/cas-entreprise for the governance side.