CN220368720U - Network isolation device - Google Patents
Network isolation device Download PDFInfo
- Publication number
- CN220368720U CN220368720U CN202322264503.7U CN202322264503U CN220368720U CN 220368720 U CN220368720 U CN 220368720U CN 202322264503 U CN202322264503 U CN 202322264503U CN 220368720 U CN220368720 U CN 220368720U
- Authority
- CN
- China
- Prior art keywords
- interface
- microprocessor
- gateway module
- network
- isolation device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 62
- 238000013500 data storage Methods 0.000 claims description 36
- 230000008878 coupling Effects 0.000 claims 1
- 238000010168 coupling process Methods 0.000 claims 1
- 238000005859 coupling reaction Methods 0.000 claims 1
- 238000000034 method Methods 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 5
- 101100458361 Drosophila melanogaster SmydA-8 gene Proteins 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000001105 regulatory effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000019771 cognition Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 229910000838 Al alloy Inorganic materials 0.000 description 1
- 239000000956 alloy Substances 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000000306 component Substances 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000010935 stainless steel Substances 0.000 description 1
- 229910001256 stainless steel alloy Inorganic materials 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Small-Scale Networks (AREA)
Abstract
The embodiment of the application provides a network isolation device, which belongs to the technical field of computers. The network isolation device includes: the first gateway module comprises a first Ethernet unit and a first microprocessor, wherein the first Ethernet unit comprises a first network port, the first network port is used for receiving input data, the first microprocessor comprises a first MINI PCI-E interface, the first microprocessor is connected with the first Ethernet unit through the first MINI PCI-E interface, and the first microprocessor further comprises a first serial port; the second gateway module comprises a second Ethernet unit and a second microprocessor, the second Ethernet unit comprises a second network port, the second network port is used for outputting data, the second microprocessor comprises a second MINI PCI-E interface, the second microprocessor is connected with the second Ethernet unit through the second MINI PCI-E interface, and the second microprocessor also comprises a second serial port; the first serial port is connected with the second serial port.
Description
Technical Field
The application relates to the technical field of computers, in particular to a network isolation device.
Background
The traditional oil and gas pipeline station industrial control data exist in an SCADA (Supervisory Control And Data Acquisition, data acquisition and monitoring control system) regulation and control network, and for the purpose of guaranteeing the safe operation of a production regulation and control system, the data sharing requirement of non-regulation and control application is usually very careful, and the safety measures which are used at present usually guarantee the data safety of the regulation and control system by processing a control gate in a data sharing gateway. The traditional mode adopts a mode of setting unidirectional logic isolation engineering in an industrial gateway to realize unidirectional isolation of the network, thereby achieving the aim of ensuring the network security. The method of setting unidirectional logic isolation engineering in the industrial gateway has less equipment increase and simple network link.
However, the industrial gateway can only rely on engineers to perform engineering configuration on site in an engineering way so as to perform full or partial unidirectional isolation, and the isolation effect of the engineering gateway completely depends on the professional cognition level of the engineers, so that the expected isolation effect is very easy to be not achieved due to cognition errors; or if a third person such as a later maintenance engineer or the like misoperates to modify the configuration, the isolation rule is changed; the methods used by different configuration software are different, and engineers who have no experience in unidirectional isolation are often inadequate.
Disclosure of Invention
In view of the foregoing deficiencies in the prior art, an object of an embodiment of the present application is to provide a network isolation device, including:
the first gateway module comprises a first Ethernet unit and a first microprocessor, wherein the first Ethernet unit comprises a first network port, the first network port is used for receiving input data, the first microprocessor comprises a first MINI PCI-E interface, the first microprocessor is connected with the first Ethernet unit through the first MINIPCI-E interface, and the first microprocessor further comprises a first serial port;
the second gateway module comprises a second Ethernet unit and a second microprocessor, the second Ethernet unit comprises a second network port, the second network port is used for outputting data, the second microprocessor comprises a second MINIPCI-E interface, the second microprocessor is connected with the second Ethernet unit through the second MINIPCI-E interface, and the second microprocessor also comprises a second serial port;
the first serial port is connected with the second serial port.
In an embodiment of the present application, the first gateway module further includes a first real-time data register, the first microprocessor further includes a first DDR3 memory slot, and the first microprocessor is connected to the first real-time data register through the first DDR3 memory slot;
the second gateway module further comprises a second real-time data register, the second microprocessor further comprises a second DDR3 memory slot, and the second microprocessor is connected with the second real-time data register through the second DDR3 memory slot.
In an embodiment of the present application, the first gateway module further includes a first history data storage module, the first microprocessor further includes a first msta interface, and the first microprocessor is connected to the first history data storage module through the first msta interface;
the second gateway module further comprises a second historical data storage module, the second microprocessor further comprises a second mSATA interface, and the second microprocessor is connected with the second historical data storage module through the second mSATA interface.
In the embodiment of the application, at least two first network ports and two second network ports are provided, and the first network ports and the second network ports are RJ45 interfaces.
In an embodiment of the present application, the first microprocessor further includes at least 2 first USB interfaces, and the second microprocessor further includes at least 2 second USB interfaces, wherein the first USB interfaces and the second USB interfaces include a USB2.0 interface and a USB3.0 interface.
In an embodiment of the present application, the first microprocessor further comprises a first VGA interface, and the second microprocessor further comprises a second VGA interface.
In an embodiment of the present application, the first microprocessor further includes a first HDMI interface, and the second microprocessor further includes a second HDMI interface.
In an embodiment of the present application, the network isolation device further includes at least one power module, the power module is connected with the first gateway module and the second gateway module, respectively, and the power module includes a power interface, and the power interface is used for connecting an external power source.
In an embodiment of the present application, the network isolation device further includes a chassis, and the first gateway module and the second gateway module are embedded in the chassis;
the machine case includes first panel, and network isolating device's external interface all sets up in first panel, and wherein, external interface includes first net gape and second net gape, first USB interface and second USB interface, first VGA interface and second VGA interface, first HDMI interface and second HDMI interface and power supply interface.
In an embodiment of the application, the chassis further includes a second panel, and the second panel is provided with at least 2 power indicator lamps and at least 2 hard disk indicator lamps;
at least 2 power indicator lamps are respectively connected with the first gateway module and the second gateway module, and at least 2 hard disk indicator lamps are respectively connected with the first historical data storage module in the first gateway module and the second historical data storage module in the second gateway module.
Through the technical scheme, the serial port buses of the first gateway module and the second gateway module form an equipment internal network networking mode, and data of the first gateway module can only be transmitted to the second gateway module through serial port cooperation based on internal non-TCP/IP. Thus, the transmission channel, which the external network inputs via the first ethernet unit of the first gateway module and outputs via the second ethernet unit of the second gateway module based on the TCP/IP protocol, can be cut off. The transparent transmission link between the Ethernet input and the Ethernet output is physically blocked, so that unidirectional network isolation is realized, and the safety of data transmission is ensured.
Additional features and advantages of embodiments of the present application will be set forth in the detailed description that follows.
Drawings
The accompanying drawings are included to provide a further understanding of embodiments of the present application and are incorporated in and constitute a part of this specification, illustrate embodiments of the present application and together with the description serve to explain, without limitation, the embodiments of the present application. In the drawings:
FIG. 1 is a schematic diagram of a network isolation device according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a network isolation device according to another embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a power module connection according to an embodiment of the present disclosure;
FIG. 4 is a schematic structural view of a first panel according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a second panel according to an embodiment of the present application.
Description of the reference numerals
10. A network isolation device; 100. a first gateway module; 200. a second gateway module; 110. a first microprocessor; 111. a first MINIPCI-E interface; 112. a first serial port; 120. a first ethernet unit; 121. a first portal; 210. a second microprocessor; 211. a second MINIPCI-E interface; 212. a second serial port; 220. a second ethernet unit; 212. a second portal; 130. a first real-time data register; 112. a first DDR3 memory slot; 230. a second real-time data register; 212. a second DDR3 memory slot; 140. a first historical data storage module; 113. a first mSATA interface; 240. a second historical data storage module; 213. a second mSATA interface; 114. a first USB interface; 214. a second USB interface; 115. a first VGA interface; 215. a second VGA interface; 116. a first HDMI interface; 216. a second HDMI interface; 300. a power module; 310. a power interface; 410. a first panel; 420. a second panel; 421. a power indicator light; 422. hard disk pilot lamp.
Detailed Description
The following detailed description of specific embodiments of the present application refers to the accompanying drawings. It should be understood that the detailed description is presented herein for purposes of illustration and explanation only and is not intended to limit the present application.
It should be noted that, in the embodiment of the present application, directional indications (such as up, down, left, right, front, and rear … …) are referred to, and the directional indications are merely used to explain the relative positional relationship, movement conditions, and the like between the components in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indications are correspondingly changed.
In addition, if there is a description of "first", "second", etc. in the embodiments of the present application, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be regarded as not exist and not within the protection scope of the present application.
Fig. 1 schematically illustrates a network isolation device 10 according to a first embodiment of the present application. As shown in fig. 1, in one embodiment of the present application, there is provided a network isolation device 10, the network isolation device 10 including:
the first gateway module 100 comprises a first ethernet unit 120 and a first microprocessor 110, the first ethernet unit 120 comprises a first network port 121, the first network port 121 is used for receiving input data, the first microprocessor 110 comprises a first MINIPCI-E interface 111, the first microprocessor 110 is connected with the first ethernet unit 120 through the first MINIPCI-E interface 111, and the first microprocessor 110 further comprises a first serial port 112;
the second gateway module 200 includes a second ethernet unit 220 and a second microprocessor 210, where the second ethernet unit 220 includes a second network port 221, the second network port 221 is used for outputting data, the second microprocessor 210 includes a second MINIPCI-E interface 211, the second microprocessor 210 is connected to the second ethernet unit 220 through the second MINIPCI-E interface 211, and the second microprocessor 210 further includes a second serial port 212;
the first serial port 112 is connected to the second serial port 212.
It should be noted that, in the field of oil and gas pipe networks, the data security requirement for regulatory networks with industrial control data is higher than that of data networks with non-regulatory applications. In order to ensure the data security of the regulation system, the regulation network is generally required to be isolated from other data networks in a network unidirectional manner, and in this embodiment, the network unidirectional isolation is realized through the network isolation device 10.
Specifically, the network isolation device 10 includes a first gateway module 100 and a second gateway module 200, wherein the first gateway module 100 and the second gateway module 200 may have a structure of a PCB board (Printed Circuit Board, printed wiring board). The first gateway module 100 includes a first ethernet unit 120 and a first microprocessor 110; the second gateway module 200 includes a second ethernet unit 220 and a second microprocessor 210. The first microprocessor 110 and the second microprocessor 210 mainly realize the functions of instruction control and arithmetic logic of the whole network isolation device 10, are core components of the whole network isolation device 10, the first gateway module 100 and the second gateway module 200 both use the same microprocessor, and the microprocessors operate a software protocol stack based on the TCP/IP standard, so that serial port protocol messages and ethernet data frames can be processed at high speed. In one embodiment, the first microprocessor 110 and the second microprocessor 210 may each support interconversions between protocols such as Modbus protocol, IEC-104 protocol, and EtherNet/IP (Industrial Ethernet protocol). In one embodiment, the first microprocessor 110 and the second microprocessor 210 may employ a Intel Bay trail SOC chipset. The first microprocessor 110 includes a first MINIPCI-E interface 111; the second microprocessor 210 includes a second MINIPCI-E interface 211.MINIPCI-E is a PCI-E bus based interface, with the first microprocessor 110 being connected to the first Ethernet unit 120 through a first MINIPCI-E interface 111; the second microprocessor 210 is connected to the second ethernet unit 220 through a second MINIPCI-E interface 211.
The first microprocessor 110 further includes a first serial port 112; the second microprocessor 210 further includes a second serial port 212, which is an expansion interface using a serial communication method, and in one embodiment, may be an RS232 interface. In this embodiment, a serial port line is used between the first gateway module 100 and the second gateway module 200 to connect the first serial port 112 and the second serial port 212. The first serial port 112 and the second serial port 212 are used for parsing and transmitting the messages in the network isolation device 10.
The first ethernet unit 120 and the second ethernet unit 220 are responsible for acquiring, forwarding and transmitting data frames. In one embodiment, the first ethernet unit 120 and the second ethernet unit 220 may be 10/100M ethernet communication chips, supporting various protocols such as siemens S7TCP protocol, mitsubishi MC protocol, ohm-long finudp/TCP protocol, loose ET-LAN protocol, and the like.
The first ethernet unit 120 comprises a first portal 121; the second ethernet unit 220 comprises a second network port 221. The first network port 121 is a network port for receiving input data from the network isolation device 10, and the second network port 221 is a network port for outputting data from the network isolation device 10. In a production application, the network isolation device 10 receives data input by a regulatory network through the first network port 121, analyzes and converts an industrial communication protocol (such as Modbus) into another industrial communication protocol (such as IEC-104) on the first gateway module 100, and then the data after protocol conversion is transmitted to the second serial port 212 of the second gateway module 200 through the first serial port 112 of the first gateway module 100 inside the network isolation device 10, and is further output through the second network port 221. The integrity and security of the data transmission can be further ensured by setting the register address of the second ethernet unit 220 to be received by the mask in the real-time data register of the first gateway module 100.
In one embodiment, there are at least two first network ports 121 and second network ports 221, and both first network ports 121 and second network ports 221 are RJ45 interfaces.
It should be noted that, to enhance the data processing capability of the network isolation device 10, there are at least two first network ports 121 as data input interfaces and second network ports 221 as data output interfaces. And both the first network port 121 and the second network port 221 are RJ45 interfaces.
By the network isolation device 10, the serial buses of the first gateway module 100 and the second gateway module 200 form an intra-device network, and data of the first gateway module 100 can only be transmitted to the second gateway module 200 through serial port cooperation based on internal non-TCP/IP. Accordingly, the transmission path through which the external network is input via the first ethernet unit 120 of the first gateway module 100 and output via the second ethernet unit 220 of the second gateway module 200 based on the TCP/IP protocol can be cut off. The transparent transmission link between the Ethernet input and the Ethernet output is physically blocked, so that unidirectional network isolation is realized, and the safety of data transmission is ensured.
In one embodiment, the first gateway module 100 further includes a first real-time data register 130, the first microprocessor 110 further includes a first DDR3 memory socket 112, and the first microprocessor 110 is connected to the first real-time data register 130 by the first DDR3 memory socket 112;
the second gateway module 200 further includes a second real-time data register 230, the second microprocessor 210 further includes a second DDR3 memory socket 212, and the second microprocessor 210 is connected to the second real-time data register 230 through the second DDR3 memory socket 212.
In this embodiment, it should be noted that the first gateway module 100 further includes a first real-time data register 130, and the second gateway module 200 further includes a second real-time data register 230. The first real-time data register 130 and the second real-time data register 230 are used for storing real-time data, and may be equivalent to a memory, and read real-time data through register address information. In one embodiment, the operating frequency of the first real-time data register 130 and the second real-time data register 230 is 1600MHz, the power supply voltage is 1.35V (low voltage), the capacity can be 2G, and the maximum support is 8GB. The first microprocessor 110 further includes a first DDR3 memory slot 112, and the second microprocessor 210 further includes a second DDR3 memory slot 212. The first real-time data register 130 is plugged into the first DDR3 memory slot 112 to connect with the first microprocessor 110, and the second real-time data register 230 is plugged into the second DDR3 memory slot 212 to connect with the second microprocessor 210.
Referring to fig. 2, in one embodiment, the first gateway module 100 further includes a first history data storage module 140, the first microprocessor 110 further includes a first sata interface 113, and the first microprocessor 110 is connected to the first history data storage module 140 through the first sata interface 113;
the second gateway module 200 further includes a second history data storage module 240, and the second microprocessor 210 further includes a second msta interface 213, and the second microprocessor 210 is connected to the second history data storage module 240 through the second msta interface 213.
In this embodiment, it should be noted that the first gateway module 100 further includes a first historical data storage module 140, and the second gateway module 200 further includes a second historical data storage module 240. The first and second history data storage modules 140 and 240 are used for storing history data, and may be equivalent to a hard disk, and the history data in the first and second history data storage modules 140 and 240 is read through MySQL database. The first historical data storage module 140 and the second historical data storage module 240 can be set by a hard disk which can store more than 5000 pieces of data in one minute and has high-performance read-write speed.
It can be appreciated that, since the network isolation device 10 in this embodiment implements network unidirectional isolation between the regulatory network and other data networks, data is transmitted from the first gateway module 100 to the second gateway module 200 inside the network isolation device 10, and in order to further ensure data transmission security, the network security level of the first gateway module 100 inside the network isolation device 10 is set to be higher than that of the first gateway module 100. The capacity setting for the first historical data storage module 140 is greater than the capacity of the second historical data storage module 240. For example, the capacity of the first historical data storage module 140 is 512G and the capacity of the second historical data storage module 240 is 256G.
The first microprocessor 110 further includes a first mSATA interface 113, and the second microprocessor 210 further includes a second mSATA interface 213. The first history data storage module 140 accesses the first mSATA interface 113 to connect with the first microprocessor 110, and the second history data storage module 240 accesses the second mSATA interface 213 to connect with the second microprocessor 210.
Referring to fig. 2, in one embodiment, the first microprocessor 110 further includes at least 2 first USB interfaces 114, and the second microprocessor 210 further includes at least 2 second USB interfaces 214, wherein the first USB interfaces 114 and the second USB interfaces 214 include a USB2.0 interface and a USB3.0 interface.
In this embodiment, it should be noted that the USB interface is used for reading data, the first microprocessor 110 includes at least 2 first USB interfaces 114, and at least 2 first USB interfaces 114 include at least one USB2.0 interface and at least one USB3.0 interface; the second microprocessor 210 includes at least 2 second USB interfaces 214, and at least one USB2.0 interface and at least one USB3.0 interface are included in the at least 2 second USB interfaces 214.
In this embodiment, the USB interface is provided to improve the diversity of the access data of the network isolation device 10, so as to improve the data processing capability of the network isolation device 10.
Referring to fig. 2, in one embodiment, the first microprocessor 110 further includes a first VGA interface 115, and the second microprocessor 210 further includes a second VGA interface 215.
In this embodiment, it should be noted that the VGA interface is used to connect to the display device, and the first VGA interface 115 and the second VGA interface 215 are the same type of interface. The first microprocessor 110 may be connected to a display device through a first VGA interface 115, and the second microprocessor 210 may be connected to a display device through a second VGA interface 215.
Referring to fig. 2, in one embodiment, the first microprocessor 110 further includes a first HDMI interface 116, and the second microprocessor 210 further includes a second HDMI interface 216.
In this embodiment, it should be noted that the HDMI interface is used to connect to a display device, and the first HDMI interface 116 and the second HDMI interface 216 are the same type of interface. The first microprocessor 110 may be connected to a display device through the first HDMI interface 116, and the second microprocessor 210 may be connected to a display device through the second HDMI interface 216.
Referring to fig. 3, in one embodiment, the network isolation device 10 further includes at least one power module 300, the power module 300 being connected with the first gateway module 100 and the second gateway module 200, respectively, the power module 300 including a power interface 310, the power interface 310 being for connecting an external power source.
In this embodiment, it should be noted that the network isolation device 10 further includes at least one power module 300, and the power module 300 is used for supplying power to the entire network isolation device 10. The power module 300 includes a power interface 310, and the power interface 310 is used to connect to an external power source. In one embodiment, the power module 300 converts alternating current input through the power interface 310 at a voltage in the range of 90-264 VAC to direct current at 12V to supply power to the network isolated device 10. When there is only one power module 300, the power module 300 connects the first gateway module 100 and the second gateway module 200 at the same time; when there are two power modules 300, the first gateway module 100 and the second gateway module 200 may be connected to one of the power modules 300, respectively, to supply power through the different power modules 300, respectively.
Referring to fig. 4, in one embodiment, the network isolation device 10 further includes a chassis in which the first gateway module 100 and the second gateway module 200 are embedded;
the chassis includes a first panel 410, and external interfaces of the network isolation device 10 are all disposed on the first panel 410, where the external interfaces include a first network port 121 and a second network port 221, a first USB interface 114 and a second USB interface 214, a first VGA interface 115 and a second VGA interface 215, a first HDMI interface 116 and a second HDMI interface 216, and a power interface 310.
In this embodiment, it should be noted that the network isolation device 10 further includes a chassis (not shown), which is a closed or semi-closed structure with a certain internal space, and the first gateway module 100 and the second gateway module 200 are embedded in the chassis. In one embodiment, the chassis may be made of stainless steel and aluminum alloy materials, and may have a size of 483×300×44.5mm. The chassis includes a first panel 410, and the first network port 121 and the second network port 221 of the network isolation device 10, the first USB interface 114 and the second USB interface 214, the first VGA interface 115 and the second VGA interface 215, the first HDMI interface 116 and the second HDMI interface 216, and the power interface 310 are all disposed on the first panel 410.
Referring to fig. 5, in one embodiment, the chassis further includes a second panel 420, the second panel 420 being provided with at least 2 power indicator lights 421 and at least 2 hard disk indicator lights 422;
at least 2 power indicator lamps 421 are respectively connected with the first gateway module 100 and the second gateway module 200, and at least 2 hard disk indicator lamps 422 are respectively connected with the first history data storage module 140 in the first gateway module 100 and the second history data storage module 240 in the second gateway module 200.
In this embodiment, it should be noted that, the chassis further includes the second panel 420, and the relative positions of the first panel 410 and the second panel 420 are not strictly limited, and in an embodiment, the first panel 410 and the second panel 420 may be disposed opposite to each other or disposed adjacently to each other. The second panel 420 is provided with at least 2 power indicator lamps 421 and at least 2 hard disk indicator lamps 422. In one embodiment, the power indicator 421, the hard disk indicator 422, and all external interfaces of the network isolation device 10 may be disposed in the same panel.
At least 2 power indicator lamps 421 are respectively connected with the first gateway module 100 and the second gateway module 200, and at least 2 hard disk indicator lamps 422 are respectively connected with the first history data storage module 140 in the first gateway module 100 and the second history data storage module 240 in the second gateway module 200. When the first gateway module 100 and the second gateway module 200 are powered on and turned on, the at least 2 power indicator lamps 421 and the at least 2 hard disk indicator lamps 422 are turned on; when the first gateway module 100 and the second gateway module 200 are powered off, the at least 2 power indicator lamps 421 and the at least 2 hard disk indicator lamps 422 are turned off; when the first historical data storage module 140 and the second historical data storage module 240 are performing the read-write operation, the at least 2 hard disk lamps 422 flash.
In this embodiment, the practicality of the network isolation device is improved by setting the running state information of the indicator light output device.
In the description of the present application, it should be noted that the directions or positional relationships indicated by the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of description of the present application and to simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present application. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Wherein the terms "first location" and "second location" are two distinct locations and wherein the first feature is "above," "over" and "over" the second feature includes the first feature being directly above and obliquely above the second feature, or simply indicates that the first feature is level above the second feature. The first feature being "under", "below" and "beneath" the second feature includes the first feature being directly under and obliquely below the second feature, or simply means that the first feature is less level than the second feature.
In the description of the present application, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the terms in this application will be understood by those of ordinary skill in the art in a specific context.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (10)
1. A network isolation device, comprising:
the first gateway module comprises a first Ethernet unit and a first microprocessor, wherein the first Ethernet unit comprises a first network port, the first network port is used for receiving input data, the first microprocessor comprises a first MINIPCI-E interface, the first microprocessor is connected with the first Ethernet unit through the first MINIPCI-E interface, and the first microprocessor further comprises a first serial port;
the second gateway module comprises a second Ethernet unit and a second microprocessor, wherein the second Ethernet unit comprises a second network port, the second network port is used for outputting data, the second microprocessor comprises a second MINIPCI-E interface, the second microprocessor is connected with the second Ethernet unit through the second MINIPCI-E interface, and the second microprocessor further comprises a second serial port;
the first serial port is connected with the second serial port.
2. The network isolation device of claim 1, wherein the first gateway module further comprises a first real-time data register, the first microprocessor further comprises a first DDR3 memory socket, the first microprocessor is coupled to the first real-time data register by the first DDR3 memory socket;
the second gateway module further comprises a second real-time data register, the second microprocessor further comprises a second DDR3 memory slot, and the second microprocessor is connected with the second real-time data register through the second DDR3 memory slot.
3. The network isolation device of claim 1, wherein the first gateway module further comprises a first history data storage module, the first microprocessor further comprising a first sata interface, the first microprocessor being coupled to the first history data storage module through the first sata interface;
the second gateway module further comprises a second historical data storage module, the second microprocessor further comprises a second mSATA interface, and the second microprocessor is connected with the second historical data storage module through the second mSATA interface.
4. The network isolation device of claim 1, wherein there are at least two of the first and second ports, the first and second ports each being an RJ45 interface.
5. The network isolation device of claim 1, wherein the first microprocessor further comprises at least 2 first USB interfaces and the second microprocessor further comprises at least 2 second USB interfaces, wherein the first USB interfaces and the second USB interfaces comprise a USB2.0 interface and a USB3.0 interface.
6. The network isolation device of claim 1, wherein the first microprocessor further comprises a first VGA interface and the second microprocessor further comprises a second VGA interface.
7. The network isolation device of claim 1, wherein the first microprocessor further comprises a first HDMI interface and the second microprocessor further comprises a second HDMI interface.
8. The network isolation device of claim 1, further comprising at least one power module coupled to the first gateway module and the second gateway module, respectively, the power module comprising a power interface for coupling to an external power source.
9. The network isolation device of claim 1, further comprising a chassis, the first gateway module and the second gateway module being embedded in the chassis;
the chassis comprises a first panel, wherein external interfaces of the network isolation device are arranged on the first panel, and the external interfaces comprise a first network port, a second network port, a first USB interface, a second USB interface, a first VGA interface, a second VGA interface, a first HDMI interface, a second HDMI interface and a power supply interface.
10. The network isolation device of claim 9, wherein the chassis further comprises a second panel provided with at least 2 power indicator lights and at least 2 hard disk indicator lights;
the at least 2 power indicator lamps are respectively connected with the first gateway module and the second gateway module, and the at least 2 hard disk indicator lamps are respectively connected with the first historical data storage module in the first gateway module and the second historical data storage module in the second gateway module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202322264503.7U CN220368720U (en) | 2023-08-22 | 2023-08-22 | Network isolation device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202322264503.7U CN220368720U (en) | 2023-08-22 | 2023-08-22 | Network isolation device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN220368720U true CN220368720U (en) | 2024-01-19 |
Family
ID=89513931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202322264503.7U Active CN220368720U (en) | 2023-08-22 | 2023-08-22 | Network isolation device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN220368720U (en) |
-
2023
- 2023-08-22 CN CN202322264503.7U patent/CN220368720U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104731007A (en) | Backboard communication assembly and communication method for function security PLC | |
| CN204231391U (en) | A kind of locomotive vehicle-mounted general data communication gateway | |
| CN110799007B (en) | Industrial control computer and industrial control computer communication protection method | |
| CN104008082A (en) | Converter of 1553B bus remote terminal (RT) node and controller area network (CAN) bus | |
| CN102253913A (en) | Device for carrying out state acquisition and output control on multi-board-card port | |
| CN208188815U (en) | BMC module system | |
| CN205450908U (en) | Common type rack -mounted server based on godson 3A 2000 | |
| CN103532804A (en) | Double-Ethernet networking server provided with multi-serial ports | |
| CN214337931U (en) | Network data transmission system and switch with built-in network data transmission system | |
| CN102768561A (en) | Design method for twinbridge piece mainboard redundancy | |
| CN220368720U (en) | Network isolation device | |
| CN204406186U (en) | A kind of fieldbus controller | |
| CN108345558B (en) | RS485 centralized configuration unit supporting multiple protocols | |
| CN103885821B (en) | SCADA pre-procesors and its Multi-channel multi-line journey real-time scheduling method | |
| CN105607527A (en) | KNX-BACnet/IP protocol conversion gateway based on Cortex-M processor | |
| CN203876779U (en) | 64D block machine based on DTMF communication | |
| CN216162725U (en) | Data network shutdown machine | |
| CN206759478U (en) | A kind of network switch system | |
| CN203691435U (en) | Ethernet-based 1553B bus communication module | |
| CN210745181U (en) | Network safety monitoring and warning device of power generation equipment | |
| CN204795120U (en) | Split type extensible network message storage device | |
| CN204832891U (en) | High performance multipurpose treater card | |
| CN107911290A (en) | A kind of gateway device for maritime electronic communication | |
| CN202102335U (en) | Blade server based on Loongson 3A central processing unit (CPU) | |
| Hao et al. | Development for protocol conversion gateway of industrial field bus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |