System architecture

This section discusses the high-level system architecture and connections initiated across Information Technology (IT) and Operational Technology (OT) security zones. Unless noted, all connections across zones are set up with RSA algorithm with a 2048-bit key length and PKCS#7 padding scheme, and then data transmission over the connection is done with symmetric keys.

IT zone systems can be defined as the computer, data storage, and networking infrastructure and processes that are used to create, process, store, secure, and exchange all forms of electronic data. They are the data processing systems that serve as the repositories for an organization’s information, making data available to business applications and users of the applications. The utility has an IT zone, and the Itron Azure Environment also operates as an IT zone.

While IT zone systems are the repositories and processors of data, their OT zone counterparts are responsible for generating the information processed by the IT zone.

OT zone systems monitor events, processes, and physical devices, and make adjustments in enterprise and industrial operations. In the energy industry environments, OT zone systems typically include systems such as ADMS, SCADA, OMS, and the head end.

DI deployments on the GenX network

  • EAC sends data to and receives from DI Cloud Services in the Itron Azure Environment

  • EAC sends data to and receives data from Tenant Management Services in the Itron Azure Environment

  • EAC sends data to and receives from users in the utility's IT zone

  • The customer's Microsoft Entra ID (formerly AAD) in the utility's IT zone sends data to and receives from the Tenant Management Services in the Itron Azure Environment

  • DI application user interfaces send data to and receive from users in the utility's IT zone

  • The API Gateway in the Itron Azure Environment sends data to the customer systems in the utility's IT zone via Data Hub and Azure Service Bus

  • The OHS in the OT zone sends data to the Azure Blob Storage, Azure Service Bus, and IHC in the Itron Azure Environment

  • Meters at consumer premises send data to and receive from the OT zone's Gateway

  • Meters at consumer premises send data via the consumers' WI-Fi to the Cloud Receiver in the Itron Azure Environment

DI deployments on the OpenWay Riva network

  • EAC sends data to and receives from DI Cloud Services in the Itron Azure Environment

  • EAC sends data to and receives data from Tenant Management Services in the Itron Azure Environment

  • EAC sends data to and receives from users in the utility's IT zone

  • The customer's Microsoft Entra ID (formerly AAD) in the utility's IT zone sends data to and receives from the Tenant Management Services in the Itron Azure Environment

  • DI application user interfaces send data to and receive from users in the utility's IT zone

  • The API Gateway in the Itron Azure Environment sends data to the customer systems in the utility's IT zone via Data Hub and Azure Service Bus

  • The OHS in the OT zone sends data to the Azure Blob Storage, Azure Service Bus, and IHC in the Itron Azure Environment

  • Meters at consumer premises send data to and receive from the OT zone's Gateway