[tw04]

Why wouldn't you use a unidirectional connection for time series and event data? I understand why you might want to send things out to the rest of the world, I can't fathom why you wouldn't require physical access to have write access.

[procarch2019]

Some time series data interfaces only work with tcp comms, which means you can’t always rely on unidirectional networks. I agree you should use them where possible though.

I replied to a comment on a dupe post regarding PAT, in which analysis is done on process data and fed back into the process to increase efficiency or yield. Obviously there are varying levels of criticality where the risk vs the business reward might not be worth it though.

[exikyut]

Genuine question (that I've been seriously wondering about for a long time): how do you implement validated attestation that a piece of log data has reached nonvolatile storage, triggered appropriate alarms, and that those alarm events have been acknowledged, while using a data diode type setup?

[mikewarot]

If it is critical to have the log, it has to be local. Infrastructure shouldn't die if an internet connection goes down.

You can sent the status of the log out through the data diode, along with a copy of the data.

[8note]

What do you do when this attestation fails? Eg. A fox chewed through the cable and the ack can't be received.

[jtchang]

Depends on your setup but a message bus architecture with polling would work.