• No results found

Plant-wide Network Infrastructure. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

N/A
N/A
Protected

Academic year: 2021

Share "Plant-wide Network Infrastructure. Copyright 2012 Rockwell Automation, Inc. All rights reserved."

Copied!
74
0
0

Loading.... (view fulltext now)

Full text

(1)
(2)

Agenda

Testing Considerations

Physical Layer Design Consideration Logical Design Considerations

EtherNet/IP Considerations Additional On-site Information

(3)

What you will learn

 Design guidance, recommendations, best practices and solutions

developed by Rockwell Automation and our ecosystem of partners to help customers successfully design and deploy robust, secure and

future-ready Plant-wide EtherNet/IP networks utilizing common network

(4)

EtherNet/IP Network Infrastructure Booth

Additional On-site Information
(5)

Network Infrastructure Wall

Additional On-site Information

 Integrated Architecture – Booth 915

 Cisco – Booth 1307

 Industrial Intelligence enabling secure network access, cloud computing, mobility and

collaboration solutions

 Panduit – Booth 1301

 Enterprise and industrial automation Unified Physical Infrastructure (UPI)

 Fluke Networks – Booth 1511

 Common tool sets for enterprise and industrial automation applications

Convergence-Ready OEM Machine High Availability Time Synchronization Integrated Safety Integrated Motion Convergence-ReadyOEM Machine

(6)

Workshops, Hands-On Lab

Additional On-site Information

 L19 - Applying EtherNet/IP in Real-Time Applications

 Rockwell Automation

 8:00AM, 10:00AM, 12:30PM, 2:30PM

 W15 - Designing EtherNet/IP Machine Level Networks

 Rockwell Automation

 12:30PM

 W16 - Fundamentals of Securing EtherNet/IP Networks

 Rockwell Automation and Cisco

 2:30PM

 W21 - Scalable Secure Remote Access Solutions

 Rockwell Automation and Cisco

(7)

EtherNet/IP: “IP” - Industrial Protocol

EtherNet/IP Considerations

 Standard

 IEEE 802.3 - standard Ethernet, Precision Time Protocol (IEEE-1588)

 IETF - Internet Engineering Task Force, standard Internet Protocol (IP)

 IEC - International Electrotechnical Commission – IEC 61158

 ODVA - Common Industrial Protocol (CIP)

 IT Friendly and Future-Ready (Sustainable)

 Established - products, applications and vendors

 Multidiscipline control and information platform

 ODVA

 Supported by global industry vendors such as

Cisco Systems®, Omron®, Schneider Electric®

Bosch Rexroth AG® and Rockwell Automation

 Conformance & Performance Testing

http://www.odva.org

What’s the difference?

Ethernet IP

(8)

Converged Industrial Application

EtherNet/IP Considerations

 Machine Control and Operator Interface

 Integrated Machine Safety

 Time Synchronization

 Integrated Motion

 Video – inspection

 Mobility & Collaboration

Controller

Motion Network Safety Network I/O Network Plant Network

Disparate Network Technology

Safety I/O

Single Network Technology

Camera Controller VFD Drive HMI I/O Servo Drive Plant

(9)

Plant-Floor Network Convergence

EtherNet/IP Considerations

EtherNet/IP – Enabling & Driving

(10)

Industrial Network Design Methodology

EtherNet/IP Considerations

 Understand application and functional requirements

 Devices to be connected – industrial and non-industrial

 Data requirements for availability, integrity and confidentiality

 Communication patterns, topology and resiliency requirements

 Types of traffic – information, control, safety, time synchronization, motion control, voice, video

 Develop a logical framework (roadmap)

 Define zones and segmentation

 Place applications and devices in the logical framework

based on requirements

 Develop a physical framework to align with and

support the logical framework

 Determine security requirements

 Take into consideration IT requirements

 Establish early dialogue with IT for

plant-wide applications

 Use technology & industry standards,

reference models and reference architectures

MANAGE / MONITOR IMPLEMENT AUDIT DESIGN/PLAN ASSESS

Avoiding

Network Sprawl!!

Because Network

Infrastructure Matters!!

(11)

Enabling Plant-wide Network Convergence

EtherNet/IP Considerations

Successful Plant-wide Network

Convergence Requires

Collaboration

Simplification

(12)

EtherNet/IP Ecosystem Partners

EtherNet/IP Considerations

Plant-wide EtherNet/IP Ecosystem - Design and Deployment

The Established #1 Industrial Ethernet

Network Testing, Verification, Certification & Troubleshooting Tools

Physical Layer Network Infrastructure IT Convergence

http://www.ethernetippartners.net/

Leader in Industrial Network

Infrastructure

(13)

EtherNet/IP Ecosystem Partners

EtherNet/IP Considerations

These industry leaders are collaborating to provide recommendations, design guidance, best practices and solutions to help customers successfully design and deploy robust, secure and future-ready Plant-wide EtherNet/IP

networks utilizing common network infrastructure assets.

Enabling Network Convergence

 Plant-floor (industrial) network convergence

 Plant-floor & Enterprise (IT) network convergence

Providing Collateral  Design Guides  Application Guides  Whitepapers  Webcasts  Seminars

(14)

EtherNet/IP Ecosystem Partners

EtherNet/IP Considerations

Logical Framework Physical Framework

Micro Data Center  Racks  Patching  Cable Management  Copper/Fiber Catalyst 3750 StackWise Switch Stack

FactoryTalk Application Servers

 View  Historian  AssetCentre,  Transaction Manager FactoryTalk Services Platform  Directory  Security/Audit Data Servers Gbps Link for Failover Detection Firewall (Active) Firewall (Standby) I/O Levels 0–2 HMI Cell/Area Zone #1 Redundant Star Topology Flex Links Resiliency

Cell/Area Zone #3 Bus/Star Topology Cell/Area Zones Demilitarized Zone (DMZ) Enterprise Zone Levels 4 and 5 Rockwell Automation Stratix 8000 Layer 2 Access Switch

Cisco ASA 5500

Industrial Zone Site Operations and Control

Level 3 Remote Access Server Catalyst 6500/4500 ERP, Email, Wide Area Network (WAN)

Network Services

 DNS, DHCP, syslog server

 Network and security mgmt

Drive Controller HMI I/O Controller Drive Controller Drive HMI Cell/Area Zone #2 Ring Topology

Resilient Ethernet Protocol (REP)

I/O I/O  End Device  Control Panel  Network Zone  Copper, Fiber, Wireless Testers  Network Discovery  Protocol Statistics  Network Discovery  Protocol Statistics Common Toolsets Patch Management Remote Gateway Services Application Mirror

AV Server Plant Firewall:

 Inter-zone traffic segmentation

 ACLs, IPS and IDS

 VPN Services

 Portal and Terminal Server proxy

(15)

Reference Architectures

Logical Design Considerations

Recommendations and guidance to help reduce Latency and Jitter, to

help increase data Availability, Integrity and Confidentiality, and to help design and deploy a Robust, Secure and Future-Ready EtherNet/IP

network infrastructure

 Robust Physical Layer

 Segmentation

 Resiliency Protocols and Redundant Topologies

 Time Synchronization

 Prioritization - Quality of Service (QoS)

 Multicast Management

 Convergence-Ready Solutions

 Security - Defense-in-Depth

(16)

Segmentation

Logical Design Considerations

 Segmentation techniques for smaller building block approach, to create

smaller Layer 2 domains

 Structure and Hierarchy

 Logical Model – Geographical and Functional Organization of IACS Devices

 Campus Network Model - Multi-tier Switch Model – Layer 2 & Layer 3

 Logical Framework

 Physical Segmentation

 Multiple Network Interface Cards (NICs) - CIP Bridge

 NAT Appliance

 Logical Segmentation

 VLANs

 Minimize Network Sprawl

 Smaller Fault Domains (e.g. Layer 2 loops)

 Smaller Broadcast Domains

(17)

Segmentation - Physical - Isolation

Logical Design Considerations

Controller VFD Drive HMI I/O I/O Servo Drive Controller VFD Drive HMI I/O I/O Servo Drive Controller VFD Drive HMI I/O I/O Servo Drive Sneakernet  Islands of Automation

(18)

Segmentation - Physical - Multiple NICs

Logical Design Considerations

 Isolated networks - two NICs for

physical network segmentation  Converged networks – logical segmentation

 Benefits

 Clear network ownership demarcation line

 Challenges

 Limited visibility to control network devices for asset management

 Limited future-ready capability

 Benefits

 Plant-wide information sharing for data collection and asset management

 Future-ready

 Challenges

 Blurred network ownership demarcation line

Converged Network Shared Layer 2 Network VLAN 102 Control Network Levels 0-2 Plant Network Level 3 Layer 2 Network Layer 2 Network Control Network Levels 0-2 Plant Network Level 3

(19)

Segmentation - Physical - Multiple NICs

Logical Design Considerations

 Converged networks logical segmentation

-two NICs for scalability, performance, capacity and flexibility

 Isolated networks - two NICs for

physical network segmentation

 Benefits

 Clear network ownership demarcation line

 Challenges

 Limited visibility to control network devices for asset management

 Limited future-ready capability

 Benefits

 Plant-wide information sharing for data collection and asset management

 Future-ready

 Challenges

 Blurred network ownership demarcation line

Layer 2 Network Layer 2 Network Segmented (using VLANs), Layer 2 Network VLAN 103 VLAN 102 Converged Network Control Network Levels 0-2 Plant Network Level 3 Control Network Levels 0-2 Plant Network Level 3

(20)

Segmentation - Physical - NAT Appliance

Logical Design Considerations

NAT 9300-ENA Machine 1 Subnet 10.10.10.0/24 Machine 2 Subnet 10.10.10.0/24 Line Subnet 10.17.10.0/24 Layer 2 Network Layer 2 Network Layer 2 Network

(21)

Segmentation – Logical - VLANs

Logical Design Considerations

 Layer 2 network service, VLANs segment a

network logically without being restricted by physical connections

 VLAN established within or across switches

 Data is only forwarded to ports within the

same VLAN

 Devices within each VLAN can only

communicate with other devices on the same VLAN

 Segments traffic to restrict unwanted

broadcast and multicast traffic

 Software configurable using managed

switches

 Benefits

 Ease network changes – minimize network cabling

 Simplifies network security management - domains

of trust

 Increase efficiency

= VLAN 42 - Scanners/Cameras = VLAN 102 - EtherNet/IP Device = VLAN 10 - VoIP

Drive

(22)

Segmentation - Logical - VLANs

Logical Design Considerations

 Layer 2 VLAN Trunking

 Independent of physical switch location

 Logically group assets by type, role, logical

area, physical area or a hybrid of these

 Devices communicate as if they are on the

same physical segment – no re-cabling required

 Software configurable using managed

switches

 A Layer 3 device (Router or Layer 3

switch) is required to forward traffic between different VLANs

 Inter-VLAN routing

(23)

Segmentation - Logical - VLANs

Logical Design Considerations

 Multi-Layer Switch

 Layer 2 VLAN Trunking

 Layer 3 Inter-VLAN routing

= VLAN 42 – Scanners/Cameras = VLAN 102 – EtherNet/IP Device = VLAN 10 - VoIP

Drive

Controller HMI

= VLAN 42 – Scanners/Cameras = VLAN 102 – EtherNet/IP Device = VLAN 10 - VoIP Drive Controller HMI Layer 3 Switch Layer 2 Network

Multiple VLANs Layer 2 Network

(24)

Segmentation - Logical - VLANs

Logical Design Considerations

Levels 0–2 Cell/Area Zones Stratix 8000 (Layer 2) Switches Catalyst 3750 StackWise Switch Stack Servo Drive I/O Controller VFD Drive Industrial Zone Controller I/O VFD Drive I/O HMI I/O I/O Servo Drive Controller Controller I/O Safety I/O VFD

Drive Cell/Area Zone #2 VLAN 20 Subnet 10.20.10.0/24 Cell/Area Zone #3 VLAN 30 Subnet 10.30.10.0/24 Cell/Area Zone #4 VLAN 40 Subnet 10.40.10.0/24 Management VLAN VLAN 50 Subnet 10.50.10.0/24

Multiple VLAN Routing on Stratix 8000 (REP) Ring

Cell/Area Zone #1 VLAN 10 Subnet 10.10.10.0/24 HMI HMI HMI

(25)

Physical Layer Design Considerations

 Design and implement a

robust physical layer

 Environment Classification - MICE

 More than cable

 Connectors

 Patch panels

 Cable management

 Grounding, Bonding and Shielding

(noise mitigation)

 Standard Physical Media

 Wired vs. Wireless

 Copper vs. Fiber

 UTP vs. STP

 Singlemode vs. Multimode

 SFP – LC vs. SC

 Standard Topology Choices

Switch-Level & Device-Level

Cable Selection ENET-WP007

LAN Troubleshooting Guide

Industrial Ethernet Physical Infrastructure Reference Architecture Design Guide

ODVA Guide

Fiber Guide ENET-TD003

(26)

Unified Physical Infrastructure

Physical Layer Design Considerations

Align Converge Optimize

Building: Enterprise Solution Plant-Floor: Industrial Automation Solution

Office: Data Center Solution

(27)

Network Infrastructure

Physical Layer Design Considerations

Fiber Routing Systems Copper Cabling Systems Fiber Cabling Systems Grounding & Bonding Systems Cable Management Cable Ties and Accessories Zone Cabling Systems Managed Network Systems Cabinets & Rack Systems Identification IN-ROUTE™ IN-FIELD™ IN-PANEL™ IN-ROOM™ IN-FRASTRUCTURE ™

(28)

Network Distribution Installation Pitfalls

Physical Layer Design Considerations

Installation is critical for system performance, security and testability.

(29)

Office  Industrial

Environmental Focus - M.I.C.E.

Physical Layer Design Considerations

TIA 1005

 M.I.C.E. provides a method of

categorizing the environmental

classes for each plant Cell/Area zone.

 This provides for determination of the level of “hardening” required for the network media, connectors,

pathways, devices and enclosures.

 The MICE environmental

classification is a measure of product robustness:

 Specified in ISO/IEC 24702

 Part of TIA-1005 and ANSI/TIA-568-C.0

standards  Examples of rating:  1585 Media : M3I3C3E3  M12: M3I3C3E3  RJ-45: M I C E ncreased Environmental  Severity 

(30)

Control Panel Solutions

Mitigate EMI noise risk, save space and optimize EtherNet/IP connectivity

S

f

Simplifying network

infrastructure from

Enterprise to Plant

Network Zone Enclosure

Building Block for Robust, Secure, Scalable Network Distribution

Micro Data Center

Building Block for Enterprise to Plant-Floor Convergence

Validated Building Blocks

Physical Layer Design Considerations

Leverage Reference Architecture & Validated Building Blocks

to Speed Deployment and Reduce Risks

(31)

Control Panel Networking

Physical Layer Design Considerations

 No room for deploying fiber or copper drops?

 Concerns about high voltage, arc flash risks?

 Need to improve manageability?

CONTROL PANEL TOO CROWDED FOR

(32)

Control Panel Networking

Physical Layer Design Considerations

1. Mount Integrated Zone Enclosure- robust, secure, tested 2. Distribute copper or fiber to panel

3. Use DIN Patch box to patch to devices in panel

(33)

IN-FRASTRUCTURE -

Grounding/Bonding

Physical Layer Design Considerations

For the Data Center For Control Panels

Reduce risks of noise coupling at every level with robust,

structured grounding/bonding

(34)

Fiber Optic Infrastructure Planning

Physical Layer Design Considerations

Joint application guide

 Increase the integrity and

availability of EtherNet/IP networks with fiber solutions from trusted partners!

(35)

Polymer Coated Fiber:

Physical Layer Design Considerations

(36)

Defense-in-Depth - Physical Security

Physical Layer Design Considerations

 Keyed solutions for

copper and fiber

 Lock-in, Blockout

products secure connections

(37)

Design/Spec Tools

Physical Layer Design Considerations

(38)

Robust, Secure, Future-Ready Network Distribution

Challenges:

 Scalability issues

 Diagnostics & troubleshooting

 Evolving cable management

Solutions:

 Building block approach

 Media selection & security

 Cable routing

BEFORE AFTER

Network Distribution Simplification

(39)

Summary

Physical Layer Design Considerations

 Planning and installing physical

infrastructure based on standards, best practices and reference architectures will result in higher availability, integrity and performance

 Need help? Leverage Ecosystem partners:

 Rockwell Automation Network and

Security Services

 Panduit Certified Installers

 Fluke Networks’ training

Vision Strategy Execution

Because Network

(40)

Testing Considerations

Common Network Infrastructure Assets

Copper and fiber cable certification and troubleshooting Communication networks testing

Datacom Installers Enterprise IT Network

Engineers

Distributed and handheld LAN and WAN test and analysis

solutions

Control & Automation Engineers

Networks solutions from deployment,

to troubleshooting, testing, verification

(41)

The Network is Slow

Testing Considerations Voice Virus Hacking Multicast DNS Peer-to-peer Worms Top hosts, conversations, protocols What’s really happening on my network?
(42)

Real World Example

(43)

Real World Example

(44)

Real World Example

(45)

What is important?

Testing Considerations

Troubleshoot copper, fiber and wireless LANs

 Verify the quality of new and migratory

copper and fiber links

 Provide advanced diagnostics to

pinpoint faults of network failure

 Detect and solve security, coverage,

and interference problems on WiFi

Proper cabling + error free network communications = Healthy Network

Solve a wide range of physical and network layer problems fast

 Guarantee network performance in new and existing networks

 Measure end-to-end Ethernet performance

 Monitor plant-wide network performance

(46)

Best Practices – Processes

Testing Considerations

Planning & Documenting

 Standards

 Documentation & baselines

 Have a documented plan - what, who, and how

Problem Prevention

 Prevent problems before they happen

 Do’s and Don’ts for end-users

 Testing and certification

Early Problem Detection

 Network monitoring

 Periodic audits (update baselines)

 Centralized help desk

(47)

Troubleshooting Methodology

Testing Considerations

Step 1 - Collect Information

Step 2 - Localize & Isolate the Problem Step 3 - Correct the Problem

Step 4 - Verify Problem Resolution Step 5 - Document What You Did

(48)

Cable Test Configurations

Testing Considerations

Perform channel testing with user cords connected

 Performance specified for an application; transmission medium between transmitter

and receiver

 Channel performance for installed cabling

 Maintenance testing of “end-to-end” cabling of a network

Perform permanent link testing of “installed cabling”

 Specify Permanent Link performance for installed cabling

 Installation certification and Warranty service

Perform patch cord testing

 The test limits are significantly more stricter for patch cord testing than channel testing.

For ring and linear topology today use channel testing

Compliant Permanent Link + Compliant Patch Cords =

Compliant Channel

(49)

Cabling Infrastructure Tools

Testing Considerations

Fiber Certification Testing & Troubleshooting Used by fiber installers and network technicians

 Certify each fiber link at installation and during unified migrations

 Quickly test to basic/extended performance standards

 Verify the quality of new fiber links with graphical traces

 Troubleshoot quickly to distance to failures and reflectance, such as breaks & faults

Copper Certification Testing & Troubleshooting Used by cabling contractors and installers

 Certify each copper link at installation

 Quickly test to performance standards and document work

 Qualify cabling performance & easily locate faults, opens & mis-wires

Network Installation Tools

Used by cabling installers and technicians

 Installation tools to cut, strip and terminate copper connections.

(50)

Network Troubleshooting

Testing Considerations Switch Issues  Port Problems  Authentication  Cable Faults  VLAN Validation Device Issues  DHCP Problems  Availability  Cable Faults  Multicast Traffic  Device Discovery  Upstream Fault
(51)

Network Solutions

Testing Considerations

Plant-wide tools (wired/wireless)

 Intuitive, integrated solutions for LANs and

WLANs

 Solve problems from application performance

to connectivity Network monitoring

 Back-in-Time packet capture and

analysis

 Troubleshoot real-time applications

including voice/video

(52)

The 2.4GHz and 5GHz RF represent the physical layer for 802.11 wireless LANs

 2.4GHz 802.11b/g and 5GHz 802.11a

Not just 802.11 WiFi devices use these frequencies

 Bluetooth, analog video cameras, cordless

phones, microwave ovens, motion sensors, florescent lights

The RF environment for good WiFi performance

 Relatively free of interfering 802.11 and

non-802.11 devices

 Adequate signal strength over the target

coverage area

Bluetooth Other Wi-Fi Networks

Microwave Ovens 2.4/5 GHz Cordless Phones Radar

Wi-Fi Troubleshooting

Testing Considerations
(53)

Wireless Solution Portfolio

Testing Considerations Planning Deployment & Verification Troubleshooting & Interference 24x7 Performance & Security

Wired/WiFi Analysis WLAN Test & Analysis

OptiView® XG Portable Analyzer

Spectrum Analysis

AirMedic ®

USB Spectrum XTAirMagnet

AirCheck ™

Wi-Fi Tester AirMagnetWiFi VoFi AnalyzerAirMagnet Analyzer AirMagnet Enterprise AirMagnet Planner AirMagnet Survey OneTouch™ AT Network Assistant

(54)

Plant-Floor and Enterprise Requirements

Similarities and Differences

So, what are the similarities and

differences?

Plant-Floor (Industrial) Requirements Enterprise (IT) Requirements

(55)

Plant-Floor and Enterprise Requirements

Similarities and Differences

 Network Technology

 Standard IEEE 802.3 Ethernet

 Standard IETF Internet Protocol (IPv4

and IPv6)

 Standard application layer protocols –

e.g. SNMP, DNS, RTP, SSH

 Wide Area Network (WAN) and

LAN; larger packets and frames

 Network availability

 Switch-Level topologies

 Redundant Star Topology is

predominant

 Standard IEEE, IETF, and vendor

specific Layer 2 and Layer 3 resiliency protocols

 Network Technology

 Standard IEEE 802.3 Ethernet and

proprietary (non-standard) versions

 Standard IETF Internet Protocol (IPv4) and

proprietary (non-standard) alternatives

 Industrial application layer protocols

-e.g. CIP, Modbus TCP

 Local Area Network (LAN);

smaller frames for control traffic

 Network availability

 Switch-Level and Device-Level Topologies

 Ring Topology is predominant for both,

Redundant Star for switch topologies is emerging

 Standard IEEE, IEC and vendor specific

Layer 2 resiliency protocols

Enterprise Requirements Plant-Floor Requirements

(56)

Plant-Floor and Enterprise Requirements

Similarities and Differences

 Switches

 Managed

 Layer 2 and Layer 3

 Traffic types

 Voice, Video, Data

 Performance

 Low Latency, Low Jitter

 Data Prioritization – QoS – Layer 3

 IP Addressing  Dynamic  Security  Pervasive  Strong policies  Switches

 Managed and Unmanaged

 Layer 2 is predominant

 Traffic types

 Information, control, safety, motion,

time synchronization, energy management

 Performance

 Low Latency, Low Jitter

 Data Prioritization – QoS – Layer 2 & 3

 IP Addressing

 Static

 Security

 Emerging: open by default, must close

by configuration and architecture

 Inconsistent industrial security policies

Enterprise Requirements Plant-Floor Requirements

(57)

Plant-Floor and Enterprise Requirements

Similarities and Differences

 Wireless

 Centrally managed and autonomous

 Mobile personnel – BYOD

 Guest access

 Computing

 Desktop, Notebook

 Tablets

 19” Rack Server and Blade Server

 Unified Computing Systems (UCS)

 Virtualization

 Widespread

 Environment

 Data Center

 Data Communication Closet

 IDF - Intermediate Distribution Frame

 Wireless

 Autonomous – point solutions

 Mobile equipment (emerging) and

personnel (prevalent)

 Computing

 Industrial Hardened Panel Mount

Computers and Monitors

 Desktop

 Notebook

 19” Rack Server

 Virtualization

 Emerging, becoming prevalent

 Environment

 Plant-floor

 Control Room

Enterprise Requirements Plant-Floor Requirements

(58)

Plant-Floor and Enterprise Requirements

Switching - Similarities and Differences

 Industrial Ethernet Switches

 Industrial hardened

 Panel or DIN mount

 Managed or unmanaged

 IT Switches

 Campus, Data Center

 19” rack mount – e.g. 1RU

(59)

Plant-Floor and Enterprise Requirements

Policies - Similarities and Differences

Plant-Floor Network Enterprise Network

Focus 24/7 Operations, High OEE Protecting Intellectual Property and Company Assets

Precedence of Priorities Availability Integrity Confidentiality Confidentiality Integrity Availability

Types of Data Traffic Control, Information, Safety and Motion Converged Network of Data, Converged Network of Data, Voice and Video Access Control Simple Network Device AccessStrict Physical Access Strict Network Authentication and Access Policies Implications of a

Device Failure

Production is Down

($$’s/hour … or Worse) Work-around or Wait

Threat Protection Isolate Threat but Keep Operating Shut Down Access to Detected Threat

(60)

Organizational and Cultural Convergence

Plant-Floor and Enterprise Requirements

 IT and Plant-Floor Engineering

collaboration and sharing of best practices on:

 Standardization of design and technology

 System architecture design

 Protocols and services

 Service and support models

 Industrial Security Policy

 Consult reference architectures,

reference models and industry standards:  Network Segmentation  Network services  Domains of Trust An open, two-way dialogue is critical!

(61)

Converged Plantwide Ethernet (CPwE)

Plant-Floor and Enterprise Requirements

 Plant-Floor and Enterprise

network convergence

 Plant engineer and IT network

engineer collaboration  Plant-wide EtherNet/IP Architectures  Hierarchical segmentation  Scalability  Resiliency  Traffic management  Policy enforcement  Security policies  Defense-in-depth

 Secure remote access

Catalyst 3750 StackWise Switch Stack

FactoryTalk Application Servers

 View  Historian  AssetCentre,  Transaction Manager FactoryTalk Services Platform  Directory  Security/Audit Data Servers Gbps Link for Failover Detection Firewall (Active) Firewall (Standby) I/O Levels 0–2 HMI Cell/Area Zone #1

Redundant Star Topology Cell/Area Zone #3

Cell/Area Zones Demilitarized Zone (DMZ) Enterprise Zone Levels 4 and 5 Rockwell Automation Stratix 8000 Layer 2 Access Switch

Cisco ASA 5500

Cisco Catalyst Switch

Industrial Zone Site Operations and Control

Level 3 Remote Access Server Catalyst 6500/4500 Patch Management

Remote Gateway Services Application Mirror AV Server

ERP, Email, Wide Area Network (WAN)

Network Services

 DNS, DHCP, syslog server

 Network and security mgmt

Drive Controller HMI I/O Controller Drive Controller Drive HMI Cell/Area Zone #2 Ring Topology I/O I/O Plant Firewall:

 Inter-zone traffic segmentation

 ACLs, IPS and IDS

 VPN Services

 Portal and Terminal Server proxy

(62)

Common Network Infrastructure Assets

Enterprise (IT) Network Convergence

 Campus network framework for structure and hierarchy

best practices

 Unified communications for mobility and collaboration

 Voice, video & data

 Unified computing systems for server, switch and firewall

virtualization

 Integration with Cisco and IT network management

applications

 Resiliency and availability features

 REP, Flex Links, HSRP, StackWise

(63)

EtherNet/IP Advantage Summary

 Single Network Technology for:

 Discrete Control, Process Control, Batch Control, Configuration,

Information/Diagnostics, Safety Control, Time Synchronization, Motion Control and Energy Management

Established – 300+ Vendors, over 5,000,000 nodes

 ODVA: Cisco Systems and Rockwell Automation are principal members

 Supported – All EtherNet/IP products require conformance testing

Standard – IEEE 802.3 Ethernet and IETF TCP/IP Protocol Suite

 IT friendly

Future-ready – Sustainable; Industry Standards

 Topology & Media Independent – flexibility and choice

 Portability and Routability

 Physical layer and data link layer independence; seamless data forwarding

 Common industrial application layer protocol

 DeviceNet, ControlNet and EtherNet/IP

(64)

Additional Material

ODVA

 Website:

 http://www.odva.org/

 Media Planning and Installation Manual

 http://www.odva.org/Portals/0/Library/Publications_Numbered/PUB00148R0_EtherNetI

P_Media_Planning_and_Installation_Manual.pdf

 Network Infrastructure for EtherNet/IP: Introduction and Considerations

 http://www.odva.org/Portals/0/Library/Publications_Numbered/PUB00035R0_Infrastruct

ure_Guide.pdf

 Device Level Ring

 http://www.odva.org/Portals/0/Library/CIPConf_AGM2009/2009_CIP_Networks_Conference_Tec

hnical_Track_Intro_to_DLR_PPT.pdf

 The CIP Advantage

(65)

Additional Material

Rockwell Automation

 Networks Website: http://www.ab.com/networks/

 EtherNet/IP Website: http://www.ab.com/networks/ethernet/

 Media Website: http://www.ab.com/networks/media/ethernet/

 Embedded Switch Technology Website:

 http://www.ab.com/networks/switches/embedded.html

 Publications:

 ENET-AP005-EN-P Embedded Switch Technology Manual

 ENET-UM001G-EN-P EtherNet/IP Modules in Logix5000 Control Systems …. provides

connection and packet rate specs for modules

 1783-UM003 Stratix 8000 and Stratix 8300 Ethernet Managed Switches User Manual  ENET-WP0022 Top 10 Recommendations for plant-wide EtherNet/IP Deployments  ENET-RM002A-EN-P Ethernet Design Considerations Reference Manual

 ENET-AT004A-EN-E Segmentation Methods within the Cell/Area Zone

 ENET-RM003A-EN-P Embedded Switch Technology Reference Architectures

 Network and Security Services Website:

(66)

Additional Material

Fluke Networks

 Fluke Networks Websites

 www.flukenetworks.com

 www.flukenetworks.com\industrial

 www.flukenetworks.com\knowledgebase

 Frontline troubleshooting best practices

 http://www.flukenetworks.com/FNet/en-us/findit?Document=9822807

 Frontline LAN Troubleshooting Guide

 http://networking.flukenetworks.com/?elqpurlpage=258&document=3331616

 Industrial Ethernet Resource Portal

(67)

Additional Material

Panduit Corp

 Panduit Corp. Website:

 http://www.panduit.com/

 Industrial Automation Solutions:

 http://www.panduit.com/Solutions/IndustrialAutomation/index.htm  Industrial Automation Product Systems Brochure

(68)

Additional Material

Panduit, Cisco, Rockwell Automation Collaboration  Plant-wide EtherNet/IP Ecosystem Partners Website

 Fiber Optic Infrastructure Application Guide

(69)

Additional Material

Cisco and Rockwell Automation Alliance

 Websites

 http://www.ab.com/networks/architectures.html

 Design Guides

 Converged plant-wide Ethernet (CPwE)

 Application Guides

 Fiber Optic Infrastructure Application Guide

 Education Series

 http://www.ab.com/networks/architectures.html

 Whitepapers

 Top 10 Recommendations for plant-wide EtherNet/IP

Deployments

 Securing Manufacturing Computer and Controller Assets  Production Software within Manufacturing Reference

Architectures

 Achieving Secure Remote Access to Plant-Floor Applications

(70)

Additional Material

Cisco and Rockwell Automation Alliance

 Education Series Webcasts

 What every IT professional should know about Plant-Floor Networking

 What every Plant-Floor Engineer should know about working with IT

 Industrial Ethernet: Introduction to Resiliency

 Fundamentals of Secure Remote Access

for Plant-Floor Applications and Data

 Securing Architectures and Applications

for Network Convergence

 IT-Ready EtherNet/IP Solutions

 Available Online

(71)

Additional Material

Network Sessions

 Fundamentals of EtherNet/IP

Networking

 Designing the Physical Layer for

EtherNet/IP

 Plant-floor and Enterprise Network

Convergence

 Networking Design Considerations for

Real-Time EtherNet/IP Performance

 Fundamentals of Network Resiliency

and Redundancy for EtherNet/IP

 Fundamentals of Securing EtherNet/IP

(72)

Additional Material

Network Sessions

Knowledge

Network – Virtual Learning Series for

Partners

 April 20th, 2010: Fundamentals of EtherNet/IP Networking

 April 27th, 2010: Designing the Physical Layer for EtherNet/IP

 May 4th, 2010: Fundamentals of Securing EtherNet/IP Networks

 May 11th, 2010: Networking Best Practices for Real-Time- EtherNet/IP

Performance

 May 18th, 2010: Fundamentals of Network Resiliency and Redundancy

for EtherNet/IP

 July 13th, 2010: IT-Ready EtherNet/IP Network Solutions

 August 10th, 2010: Physical Layer Reference Architectures for

(73)

Additional Material

Network Sessions

 NIS01 Designing the Physical Layer for EtherNet/IP

 NIS02 Fundamentals of Securing EtherNet/IP Networks

 NIS03 Scalable Secure Remote Access Solutions

 NIS06 Fundamentals of EtherNet/IP

 NIS08 EtherNet/IP Network Design Fundamentals

 NIS09 EtherNet/IP Layer 3 Networking Capabilities

 NIS10 Designing EtherNet/IP Machine-Level Networks

(74)

Follow ROKAutomation on Facebook & Twitter. Connect with us on LinkedIn.

Plant-wide Network Infrastructure

Workshop 14 - Automation Fair 2012

Thank you for participating!

Please remember to tidy up

your area for the next

References

Related documents

a) On 1 January 2012 the entity acquired 25 per cent of the equity of each of entities B, C and D for P10 million, P15 million and P28 million respectively. Transaction costs of 1

settings. New York: Oxford University Press. Evaluation of behavioral skills training to prevent gun play in children.. Training paraprofessionals to implement interventions for

Unified policy and access control in Cisco ISE and converged wired and wireless management in Cisco Prime Network Control System (NCS), together with Cisco wireless LAN

With rich traffi c shaping, network isolation, and security features, the GS2210 Series is the perfect L2 access switch solution for converged data, video and voice

Uplink cables from the distribution layer to the core layer typically use fiber-optic cables, as the distance and speed requirements typically exceed the capabilities of UTP

That was when the board of directors at Eicher Motors decided to either shut down or sell off Royal Enfield - the company's Chennai-based motorcycle division, which manufactured

The most effective solutions are those that unify all the environments of voice, video and data onto a single network infrastructure, enabling converged and unified

24 ip route addrom display Displays all static routes 25 ip route addrom freememory Clears working buffer 26 ip route addrom index <index> Adds a static route.. 27