Why the Oil & Gas industry needs SD-WAN?

Oct 11, 2022

One of all the verticals for SD-WAN, the Oil & Gas industry stands to benefit from SD-WAN the most.

And this is for several reasons:

They require reliable connectivity between their branch centers and data centers as other verticals do.

But there are other factors, too: Sites are often remote, which are complex to manage; the workforce is sometimes in potentially hazardous areas where the environment needs to be adequately monitored, and there is increasing use of IIoT devices that are potential targets for cyber attacks. All these factors mean the requirements for reliability, latency, and security are more stringent than in other industries.

In this article, we go through the challenges the O&G industry faces and how SD-WAN can help address these challenges

What is SD-WAN?

Software Defined Networking (SD-WAN) allows connecting multiple sites together using various types of transport networks ( such as LTE, Broadband, MPLS, etc.) by using overlay technology.

Challenges of Oil & Gas Industry:

Remote Sites are complex to provision and manage

Oil & Gas sites are mostly dispersed, far and outside the main cities. These sites are not easily accessible by staff during emergencies, so remote maintenance is the key in such a situation.

In other words, these sites require efficient and fast ways to connect with the NOC centers for reporting and monitoring purposes.

Also, as new O&G sites are continuously added, so it is essential to integrate new sites with the network quickly.

However, the reality can be quite the opposite.

The O&G companies are dependent on the service providers to provide them with MPLS links to the branch sites, and traditionally service providers are slow to provide such service because of the manual processes involved in provisioning the link.

Unreliable communication can lead to disasters

Reliability is another essential requirement. The O&G sites are equipped with sophisticated monitoring devices that take readings round the clock and report back to distant NOC centers. This requires reliable and low latency communication between the sites and the HQ.

Furthermore, the abundance of inflammable and toxic liquid presents health risks to on-site employees. IoT-based wearables can help track the conditions of these employees, but all this requires reliable communication between the site and the NOC center.

IIoT is an opportunity but also has potential for new security risks

Industrial IoT ( IIOT) devices have become increasingly popular for use in the O&G industry. IoT enables an oil and gas company remotely monitor various on field-operations. Such as monitoring conditions (like oil spills) that could lead to emergencies.

On the other hand, the increased use of IoT technology has brought with it new cybersecurity risks that the oil and gas industry cannot afford to ignore.

For example, IIoT devices are often a target of cyber threats for multiple reasons: IIoT devices, especially those running firmware, are vulnerable to exploits and remain extremely exposed to cybercriminals. Some IoT devices lack device authentication/ authorization mechanisms, while many others do not support encryption methods.

Therefore it is common to hear in the news about DDoS campaigns against IoT devices. All these potential security requires the implementation of foolproof security mechanisms in the O&G communication infrastructure.

What is the difference between IoT and IIoT?

IoT (Internet of Things) is focused on devices that connect things together with a focus on end consumers. It involves the use of sensors and actuators to collect and analyze data from these connected objects. IIoT (Industrial Internet of Things) is focused specifically on critical systems such as healthcare, manufacturing, and transportation.

Digital Transformation in Oil & Gas Industry

The O&G is undergoing a digital transformation like any other industry. Cloudification of services is a necessary part of this digital transformation. As services are dispersed and decentralized, it is necessary to have a flexible way for any branch site to reach the service hosting location as efficiently as possible and with minimum latency. The traditional way of backhauling the traffic using MPLS through the DC is neither efficient nor fast

How can SD-WAN help the Oil & Gas industry?

Zero Touch Provisioning helps bringing up O&G remote sites quickly

When thinking about the remote locations in the O&G sector, automation is the key. Sending the installation team to each site to install and commission a network box is time-consuming, and the manual process is prone to error. This is where Zero Touch Provisioning ( ZTP) in SD-WAN can help.

Zero-touch provisioning (ZTP) enables devices to configure themselves automatically without manual intervention. ZTP can therefore automate the entire installation process, which means that it eliminates the need for an onsite visit and manual configuration, thus saving time and money.

Fig: Zero Touch Provisioning in SD-WAN

With the ZTP, a device can be up and running in minutes versus the traditional MPLS process, which can take days to weeks.

There are few simple steps in a ZTP process

1. Once the device is booted, it communicates with the DHCP server and requests an IP address

2. The DHCP server assigns an IP address to the CPE and tells it the location of the ZTP server from where to get the configuration files.

3. The CPE communicates with the ZTP server, which authenticates the device and provides all initial configuration files to the ZTP server. The CPE executes the files and stops the ZTP process

With the ZTP, the O&G industry can have the following benefits:

a. New device provisioning at branch sites. Bringing up devices quickly

b. Automate the upgrades, patches, and bug fixing. Automate other regular maintenance tasks

SD-WAN based ZTNA secures IIoT devices in the O&G industry.

As already mentioned, IIoT is becoming very popular in the O&G industry because IIoT allows O&G companies to monitor various on-field processes remotely. IIoT helps automatically collect essential data and helps in predictive as well as preventive maintenance. However, as mentioned earlier, IIoT devices are a target for cyber-attacks. This requires zero-trust network security, which the current connectivity methods are not able to provide.

SD-WAN ensures a Zero Trust Network Access (ZTNA) inherently, therefore, blocking everyone accesses the network unless the admin allows it.

SD-WAN can help provide such comprehensive security at various points on edge. on the prem., edge cloud, or a mix of both.

Fig: Security in SD-WAN

1. On-Prem. Security

On-Prem. security involves running all security functions on-premises. SD-WAN CPEs can provide next-generation firewall capabilities on-premises. This ensures that the undesired traffic from the internet is not able to reach the communication infrastructure, including the IIoT devices. For more sophisticated protection involving Anti DDoS, IPS, and IDS, an Open SD-WAN CPE based on uCPE ( universal CPE) Can help. A uCPE can run multiple VNFs ( Virtual Network Functions) on the same device offering sophisticated service chains.

2. SASE ( Secure Access Service Edge)

SASE is a framework for building secure networks that bring together cloud-native security technology—such as SWG, CASB, and ZTNA—with WAN capabilities.

With SASE, security functions such as SWG, ZTNA, and CASB can run in the cloud closer to the user.

SASE needs an efficient, fast, and flexible connectivity layer so that the customer traffic can reach it efficiently, which is provided by the SD-WAN CPE that runs on-premises therefore, SASE and SD-WAN go hand in hand, providing security and networking together.

Hybrid WAN can reduce the costs and time to connect the new O&G sites

Let’s admit it, enterprises need MPLS for reliable, predictable, and SLA-based connectivity to their HQ, and the O&G industry is no exception.

However, the time to provide MPLS services from a service provider can range from days to weeks.

On the other hand, O&G sites depend on fast connectivity to their DCs and remote management centers. They cannot afford to wait for the long provision cycles of MPLS.

As 4G or 5G connectivity is everywhere, so branches can start with the secure 4G/5G connectivity in the beginning and then transition to hybrid WAN once the service provider provisions the MPLS.

Fig: Hybrid WAN in SD-WAN

With SD-WAN, over 4G/5G, new sites can be provisioned overnight without waiting for the long provision cycles of the MPLS. Once MPLS is provisioned, the branch can load and share the traffic between the internet and MPLS. This can reduce the cost of WAN connectivity for the enterprise as well as expediting time to connect new sites.

SD-WAN is key to reliable and seamless cloud connectivity

Gone are the days when services were hosted in the data centers of enterprises. Today services reside elsewhere in the cloud. Any service an organization need is available is “as-a-service” in the cloud. Whether an organization needs compute or an application, it can get it in the cloud.

Now here is an issue.

With the traditional approach, everything passes through the Datacenter (DC) of the enterprises, where the traffic needs to pass through security checks. This requires expensive backhaul links to the HQ as it they need to be dimensioned accordingly.

Above all, such transit can also create a bad user experience as the users face a longer path to the services.

Fig: SaaS/Cloud Connectivity in SD-WAN

How can this problem be solved?

Internet is ubiquitous however not as reliable and secure as MPLS links.

SD-WAN can solve both these issues:

Users are given breakouts to the services at the premises using a secure tunnel to the cloud. Taking advantage of SD-WAN security as well as the ability of granular traffic control, the traffic can reach the services using shorted paths by using the internet.

Additionally, by taking advantage of the performance monitoring capabilities of the SD-WAN and the ability to switch links to the one that satisfies the required SLAs for latency and jitter, SD-WAN can provide more predictable and reliable connectivity.

SD-WAN is key to O&G Digital Transformation

O&G companies are undergoing digital transformation. Network transformation is also one of the pillars of digital transformation. Among them, cloudification of services is part and parcel of such transformation. Without a flexible network connectivity layer that provides reliable, secure low latency paths, it will be hard to achieve digitization goals, and that is where SD-WAN can help.

When selecting an SD-WAN solution, think about uCPE

We discussed the importance of SD-WAN for the O&G industry; the question is what kind of platform is suitable for an organization. Here an organization has a couple of choices.

1. Purpose-Built CPE

This CPE is designed for SD-WAN applications by a particular vendor. The OS is tightly tied to the hardware. This kind of purpose-built CPE is complex to manage, expensive, and can lead to vendor lock-in.

2. Universal CPE (uCPE)

uCPE, or universal CPE, is a server-based open platform and totally agnostic to the OS. The end user can choose hardware from one vendor and OS from the other. It is easy to swap hardware or software if the end user requires it. This kind of platform avoids vendor lock-in and is hence a recommended approach for any organization.

The other distinguishing feature of uCPE is the ability to run multiple VNFs (Virtual Network Functions) in one platform. A virtualization layer on the platform can help run multiple VNFs on the same platform.

So not only SD-WAN applications can be run on the CPE but also any other third-party VNF such as IPS, Firewall, etc., thus resulting in power and space savings as well as making the investment future-proof.

Fig: Physical CPE vs. uCPE

About Lanner’s uCPE platforms.

Lanner is a leader in the manufacturer of UPEs for various applications, including SD-WAN, Network Functions Virtualization (NFV), Software Defined Networks (SDN), Edge cloud, orchestration, and Open RAN. Lanner operates in the United States through its subsidiary, Whitebox Solutions (www.whiteboxsolution.com).

LANNER vCPE/uCPE devices are pre-integrated with major SD-WAN and VNF application providers offering various solutions customized for small and medium branches office to large datacenters in both desktop and rack-mounted form factors.

Latest blogs