Oil & Gas Company Uses Software-Defined LTE Network to Remotely Monitor SCADA
Success Story Highlights
Challenge — ARB Midstream decided LTE was the best option for connecting its many devices that measure the volume and quality of crude oil in the field. That said, the company’s lean IT team would need to protect its remotely monitored SCADA data without relying on traditional, expensive, and cumbersome security options.
Solution — For transporting SCADA information from oil pipelines to the cloud, ARB Midstream deployed Cradlepoint’s NetCloud Service for Industrial IoT (IIoT) — which includes extensive cloud functionality, SD-Perimeter technology, and IBR600 routers with built-in LTE.
Benefits — With LTE as the primary WAN link, this highly scalable solution keeps business-critical IIoT information available and secure for remote monitoring at all times.
ARB Midstream provides crude oil and gas liquids midstream and marketing/logistics solutions in North America. As the company prepared to roll out its new, custom, and cloud-centered supervisory control and data acquisition (SCADA) system designed for pipelines in Oklahoma and Texas, it also looked to replace its expensive VSAT satellite connectivity solutions. ARB Midstream needed reliable, cost-effective WAN links for its lease automatic custody transfer (LACT) units, which measure the volume and quality of crude oil prior to transportation.
“At highly automated oil and gas sites, connectivity is essential. If we lose communications, that site will shut itself down. We simply can’t let that happen,” said Jerod Blocker, operational technology manager, ARB Midstream.
LTE-based broadband — with remotely managed carrier flexibility — emerged as the leading option for transporting business-critical oil data from the field to the cloud, but several challenges needed to be addressed.
Expensive & Cumbersome Information Security Options — Protecting IIoT data from potential attacks is vital, but traditional tactics were problematic. MPLS provides secure transport but is highly expensive. IPSec tunnels were another option, but setting them up at each site would have taken huge efforts and man-hours, not to mention a lot of time — hindering the potential cost-effectiveness of the entire multisite project.
Reliance on Static IP Addresses — Buying a new IP address for each device would have been expensive and laborious to manage, which could have strained the company’s bottom line. Also, with the need to integrate each of the recently acquired sites into ARB’s corporate network, trying to do LAN reconfigurations manually would have been tremendously time-consuming.
Lean IT Team Trying to Manage Widespread IIoT Network — With just three people — and no networking specialists — on ARB Midstream’s IT team, managing cellular connectivity and security for oil measurement units at lots of locations would have been daunting.
What’s more, the company was looking to build an entire network infrastructure and SCADA system — including procurement — in 6 months.
ARB Midstream chose Cradlepoint’s NetCloud Service for IoT, providing cloud-managed cellular connectivity and data security for its LACT units, and ensuring the safe, uninterrupted transport of mission-critical IIoT information throughout Texas and Oklahoma.
The NetCloud Service includes edge computing, SD-Perimeter technology for overlay device-to-cloud security, and cloud configuration and troubleshooting, all delivered via an IIoT router with built-in LTE. Some of the locations also leverage a COR Extensibility Dock with the router, enabling automatic and instant failover from one carrier to another.
WAN Flexibility for Optimized Performance
ARB Midstream replaced its overly expensive VSAT links with LTE connectivity. When the team sets up an IIoT router with dual LTE modems, failover from one carrier to another during a network outage occurs automatically within 5-10 seconds.
“Many of our oil and gas pipeline sites are way out in areas that lack sufficient coverage with a particular carrier. Cradlepoint’s dual-modem solutions keep our SCADA information moving at the rate of business, which is nonstop,” Blocker said.
Cradlepoint’s multi-WAN, all-in-one routers also accommodate sites where ARB needs both multi-carrier connectivity and a tertiary satellite link.
Complete Separation of IIoT Data from Corporate Network
ARB used Cradlepoint’s NetCloud Perimeter feature, powered by SD-Perimeter technology, to set up a cost-effective private overlay network for the IIoT data gathered from its widely distributed LACT units. This allowed the company to keep each site’s pre-existing LAN configurations without reconfiguring subnets, IP addresses, and more.
Each invitation-only, zero trust network completely isolates and hides information being sent over the public Internet. Also, NetCloud Perimeter’s private IP space saved ARB Midstream from having to purchase a new address for each router.
“My entire industrial IoT system resides on a secure, software-defined overlay network — without that equipment even touching the corporate environment. This would have been impossible without Cradlepoint NetCloud Perimeter,” Blocker said.
Fast & Easy to Deploy
With zero-touch router deployment through NetCloud Manager and the ability to set up a perimeter-secured overlay network in just a few minutes through NetCloud Perimeter, ARB has a much more scalable edge solution as it continues to expand with new sites.
"The speed to deployment with Cradlepoint NetCloud and LTE routers is much faster than with traditional WAN and data center architecture,” Blocker said.
Network Management & Troubleshooting from Anywhere
Both ARB Midstream and contracted third parties use NetCloud Manager to centrally monitor LTE uptime and performance. They can instantly and simultaneously push cellular configuration changes, as well as security updates and patches, to all of their SCADA sites — rather than the expensive and time-consuming option of sending an IT professional to each location every time a network adjustment is needed.
“Cradlepoint NetCloud really allows us to be flexible without having a cadre of network engineers,” Blocker said.