Cyberium OWA-3U-1G-10G-OT Edition
What is OWA-3U-1G/10G
OWA-3U-1G/10G OT Edition is a powerful, hardware-enforced security gateway designed to allow strict unidirectional data flow from 1+ Gbps to 10+ Gbps (distinct hardware). By creating a physical barrier between IT and OT domains, it ensures airgap-grade separation of critical operational systems — far beyond what firewalls can offer. Its secure-by-design architecture enables both real-time transfer of OT data (SCADA, DCS, Historian) to IT or cloud systems and safe delivery of alarms and events— without exposing critical assets to outsider cyber threats. It enforces a physical separation of duty between production (OT) and supervision (IT) layers.
Built for compliance with the most stringent security frameworks such as IEC 62443 and NIS2, and integrating an optional up-to- EAL7+ Data Diode at heart, Cyberium’s OWA product line enables secure convergence of IT/OT systems without compromising the integrity, availability, or safety of industrial operations.
Datasheet OT Edition
- KEY CHARACTERISTICS
- Complete Physical Separation. Upstream and downstream proxies physically separated; Redundant power supply per proxy.
- Strict Unidirectionality. No returning data link, not even on a separate channel for data flow control.
- True Bandwidth. 1 Gbps / 10+ Gbps sustained on a single link, optimized for file and multi-protocol transfer.
- Absolute Reliability. 0-packet loss , 0-file loss , and 0-file corruption.
- Built for Resilience. Active/Active High Availability (1); Automated fail-over upon system failure (1); - Automatic traffic recovery upon downstream (IT) unavailability.
- Eased Compliance with. IEC/ISA 62443 FR 5 Restricted Data Flow SL-C 4, NERC CIP version 5, NIS2 & NEI 08-09. Includes an Optional EAL7+ or ANSSI-certified Data Diode.
- OT Systems Compatibility. A vast range of protocols and systems through deployed Agents software and native connectors.. See a full list at below
- Seamless Deployment. Transparent to end-users. No change in the network. Easy admin. No extra workload for administrators. Above-grade MTBF.
- Reverse Secure Updater. IT-to-OT secured OT updates and patches (WSUS) protected by advanced dual Anti-Viruses (1)
Technical Specs
HARDWARE APPLIANCE
| Ordering SKU | OWA-1U-500M or OWA-1U-1G |
| Mounting | 19” Rack Mounting, Rack kit included, Sliding rails. 2U Rack Space for the two proxies +1U for the Optical Data Diode option |
| Dimensions & Weight By proxy server (x2) Without Data Diode | 1G: H 42.8 mm W 482 mm D 548.13 mm
13.23 Kg / 29,17 Lb 10G: H 42.8 mm W 482 mm D 816.92 mm 17.53 Kg / 38,64 Lb |
| Operating T° | 5 °C to 45 °C (41 °F to 113 °F) with no direct sunlight on the equipment |
| MTBF | > 50 000 hr |
NETWORK / CONNECTIVITY
| Port / Interfaces By proxy server | 1G: 4x 1/10 Gbps (SFP+), 2x 1 Gbps (Copper) 10G: 4x 1/10 Gbps (SFP+), 2x 25 Gbps (SFP+) |
| USB / Other By proxy server (x2) | 2x USB-port - by proxy 1x VGA-port - by proxy |
| Max end-to-end Throughput | 1 Gbps or 10 Gbps (depending on the chosen version) - True deliverable capacity |
| File Sending Benchmark | Above 1000 files of 125 KB sent /sec at 1 Gbps |
ELECTRICAL
| Power | 100-240 V AC |
| Power Supply By proxy server (x2) | 1G: 2x 600 W PSU (two per proxy) 10G: 2x 800 W PSU (two per proxy) |
| Avg Consumption | 250 W |
PROTOCOLS & OT SYSTEMS COMPATIBILITY
| Industrial Protocols | MQTT, OPC UA/DA, Modbus, DNP3, IEC.104 |
| Historians and similar OT systems | AVEVA Pi2Pi Replication AspenTech (InfoPlus21) Bently Nevada (S1) Emerson (AMS Optics) GE (OSM: On-Site Manager) Honeywell (Uniperformance PHD) Yokogawa (Data Historian) |
| Centralized Monitoring | Cisco Splunk (extended API integration) ArcSight (via SYSLOG) Generic SIEM integration (via SYSLOG) Generic SNMP Traps Screen view (via HDMI replicator) |
| Alarms & Events | Hexagon (PAS) Emerson (DeltaV AgileOps) |
| IT Protocols | UDP, HTTP, HTTPS, REST API, SMTP |
| File Transfer | FTP / SFTP / FTPS MFT (Managed File Transfer), including: Live Folder & File Synchronization Windows File Share SMB, CIFS |
| Generic Database Replicator for DCS/SCADA applications |
Simple SQL DB Full/Incremental Backup Replicator (Oracle / MS SQL) Advanced SQL DB Granular Change Replicator (Oracle / MS SQL) |
MANAGEABILITY & RESILIENCE
| High Availability | Active/Active - automated fail-over with the purchase of a second OWA appliance + High Availability Option |
| Solution Monitoring | Either through Syslog OR Web GUI central console enables monitoring of traffic, health and performances, downstream of the proxy appliances |
| Logging | Every configuration change and every traffic is logged |
| Administration Account | Separated on the upstream and downstream proxies |
HOW DOES IT WORKS?
There are no secrets to success. It is the result of preparation, hard work, and learning from failure.
