The Xentara Security Model

It’s a wired world, with the Industrial Internet of Things (IIoT) and Manufacturing X demanding network connectivity from nearly every system. That’s why Xentara uses a multi-mesh security approach to keep your data safe from any attackers.

Keep Your Data Safe and Secure

Icon of a data server secured by a lock

You want to be sure who can access your data – and who can’t. That’s why Xentara features extremely fine grained access controls.

Access rights can be assigned to any part of the System Model – whether it’s a single data point, a data group, a devices, or an entire bus.

Icon of a data server secured by a lock
secure connections

Encrypt Your Connections

secure connections

Xentara uses secure communications protocols where possible. Usually, this involes the use of encryted Transport Layer Security (TLS) connections from and to other systems. TLS is the standard security protocol used by most secure communication protocols, like SSH and HTTPs.

In the case of third party protocols, Xentara always strives to default to the highest security and encryption level offered by the protocol.

Manage Your Users

user management

Xentara comes with advanced user and rights management functions.

Developers and administrators can assign rights to individual users or create roles with different access levels and assign them to users as needed. 

A hierarchy of roles allows inheriting permissions.

user management
a key

Authenticate Your Way

a key

Xentara uses multi-mesh authentication, allowing multiple different ways of authenticating remote clients. The following remote authentication methods are supported by Xentara:

  • OAuth 2.0
  • Certificate based
  • Username / Password

Which authentication methods are supported by a specific remote access service depends on the protocol used.

Nerd Stuff: Multi-Mesh Security

In this image, you can see an example of our multi-pronged security approach in action. 

The Xentara Security Services have authority over all incoming or outgoing connections, irrespective of type. Here, a websocket connection to a vendor specific web app is encrypted using SSL/TLS while the OPC UA Server automatically defaults to its protocol’s native encryption. 

Users can authenticate via password or certificate, and the access rights are defined in user roles.

click to enlarge
Skip to content