TroutTrout

Reference Architectures for the Access Gate.

A library of validated network topologies for deploying the Trout Access Gate in real environments. Each architecture covers base topology, traffic flows, and key configuration points.

Architecture Principles

Built for Real Industrial Networks.

Every architecture is designed around the constraints of operational environments. No downtime, no agents, and you choose the footprint: full in-line carry for the widest coverage, or low-impact adjacent.

Flexible Deployment

Deployed in-line, the Access Gate can carry your VLANs and trunks and act as the machines' gateway, for the fullest coverage and control, even on sites without managed switches. Prefer minimal impact? It also deploys adjacent via routes and DNS, with no VLAN changes. Both are fully supported.

Traffic Flow Coverage

Each architecture documents north-south (VPN ingress) and east-west (lateral) flows, so you know exactly how traffic moves and where enforcement happens.

Incremental Adoption

Start with OT-only coverage and extend to IT. Or deploy single-site and expand to multi-site. Each architecture is a stepping stone, not a full replacement.

Multi-Site Ready

The multi-site architecture shows how enclaves extend across WAN links, giving you unified policy and visibility without a central cloud dependency.

Configuration Guidance

Every diagram includes key configuration points: what to connect, how to route traffic, and which policies to apply at the Access Gate level.

Software VNF, Services Platform

The Access Gate is software: a VNF (virtualized network function) that runs as a VM on x86 hardware you already own. Security is decoupled from proprietary hardware, so the same host also runs the secure services that pull OT in: remote access, protocol gateways, DNS and time, file sharing, historian and dashboards, and an update server. It is a platform, not just an appliance.

TAG Reference Architectures

A library of validated network topologies for deploying the Trout Access Gate in real environments. Each architecture covers base topology, traffic flows, and key configuration points.