Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Manufacturing & IT Network Convergence

Manufacturing & IT Network
Convergence
Bryce Barnes - Cisco Systems
Vertical Solution Architect-Manufacturing
Gregory Wilcox - Rockwell Automation
Networks Business Development Manager
Reference Architectures for Manufacturing
© 2008
2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Cisco At A Glance
The world leader in networking
for Internet, Enterprise, Home,
and Industry… Changing the
way people work, live, play,
and learn
• Annual Sales: $40 billion
• World Headquarters:
San Jose, California
• Trading Symbol: csco
• Employees: About 67,000
• Global Presence
• R&D: $4.5 Billion Annually
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Rockwell Automation At A Glance
Leading global provider of
industrial automation control
and information solutions
• Annual Sales: $5.5 billion
• World Headquarters:
Milwaukee, Wisconsin, USA
• Trading Symbol: ROK
• Employees: About 20,000
• Serving customers in
80+ countries
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Manufacturing and Enterprise
Network Convergence
Business Enterprise Systems
Customer
Demand
Suppliers
Supply Chain
Integration
Flexible
Manufacturing
Manufacturing Plantwide Systems
Lower Total Cost of Ownership | Faster Time to Market | Better Asset
Optimization | Broader Risk Management
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
4
Manufacturing Network Convergence
Corporate Network
Corporate Network
Back-Office Mainframes and
Servers (ERP, MES,etc.)
Control Network
Gateway
Human Machine
Interface (HMI)
Office
Applications,
Internetworking,
Data Servers,
Storage
Supervisory
Control
Human Machine
Interface (HMI)
Controller
Robotics
Motors, Drives
Actuators
Supervisory
Control
Robotics
Sensors and other
Input/Output Devices
Traditional – 3 Tier
Manufacturing Network Model
Office
Applications,
Internetworking,
Data Servers,
Storage
Back-Office Mainframes and
Servers (ERP, MES, etc.)
Controller
Motors, Drives
Actuators
Sensors and other
Input/Output Devices
Converged Ethernet
Manufacturing Network Model
Convergence of Control and Information
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
5
Manufacturing and Enterprise Network Convergence
• Manufacturing Network Requirements
–
–
–
–
–
Industrial Protocols
Topologies, Resiliency & Industrial Environments
Determinism, Latency, Jitter, etc.
Motion Control & Safety
IP Addressing - static
• Enterprise Network Requirements
–
–
–
–
High Availability
Determinism, Latency, Jitter, etc.
Voice, Video, Data applications
Security
• Network Design & Management
– Ease of use
– Reference models & network designs
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Cultural and Organizational
Convergence
Security Policies
IT Network
Controls Network
Protecting Intellectual
Property and Company
Assets
24/7 Operations, High OEE
Confidentiality
Integrity
Availability
Availability
Integrity
Confidentiality
Types of Data Traffic
Converged Network of Data,
Voice and Video
Converged Network of Data,
Control, Information, Safety and Motion
Access Control
Strict Network Authentication
and Access Policies
Strict Physical Access
Simple Network Device Access
Implications of a
Device Failure
Continues to Operate
Could Stop Operation
Threat Protection
Shut Down Access to
Detected Threat
Potentially Keep Operating
with a Detected Threat
ASAP
During Uptime
Scheduled
During Downtime
Focus
Priorities
Upgrades
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Cultural Convergence – Common Tools
Device Manager
FactoryTalk View, Faceplates
Command Line Interface
Cisco Network Assistant
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
RSLogix 5000, Add-on Profile
Cisco and Rockwell Automation,
working together
To-Date:
Common Technology View
Support use of open, unmodified standards, with intelligent networking
features in automation networks through ODVA, ISA and others
Board members of ODVA
Active in ISA security
and wireless committees
Collaborating on Reference Architectures
Tested and Validated design and implementation guidance and best
practices for a converged network architecture
Available now, free for
download
People and Process Optimization
Develop process guidelines for help with convergence, facilitate
training and dialogue with IT and Manufacturing
Educational seminars,
white papers and events
Joint Product Collaboration
Developed Industrial Ethernet switches incorporating the best of
Cisco and the best of Rockwell Automation
Stratix 8000™ switches
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Reference Architectures for Manufacturing
Level 5
Level 4
Patch
Management
Historian
Mirror
A set of tested and validated
design and implementation best
practices
Common reference and common
language for IT and
manufacturing
Education Series
Level 2
FactoryTalk
Application
Server
Enterprise
Zone
Site Business Planning and Logistics Network
Terminal
Services
Level 3
Enterprise Network
Router
E-Mail, Intranet, etc.
Web Services
Operations
FactoryTalk
Directory
FactoryTalk
Client
Engineering
Workstation
Firewall
AV
Server
Web
E-Mail
CIP
Application
Server
Firewall
Domain
Controller
Site Manufacturing
Operations and Control
Engineering
Workstation
Operator
Interface
Basic Control
Level 1
Level 0
Batch
Control
Sensors
Discrete
Control
Drive
Control
Drives
Continuous
Process
Control
Actuators
Safety
Control
Robots
Process
“With this implementation guide, for the first time IT and manufacturing professionals can
share a common document for planning a converged IP network including the factory floor
and automation equipment.”
– Harry Forbes, ARC Advisory Group
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Manufacturing
Zone
Area
Supervisory
Control
FactoryTalk
Client
Operator
Interface
DMZ
Cell/Area
Zone
Approach to Industrial Ethernet Network
Designs
• Understand application and functional requirements
– Devices to be connected
– Communication patterns, resiliency requirements
– Types of traffic – Safety, Motion control, etc.?
• Develop a logical framework – define zones
– Place applications and devices in the framework
based on requirements
• Define segmentation
• Determine security requirements
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Manufacturing Framework
Level 5
Level 4
E-Mail, Intranet, etc.
Patch
Management
Historian
Mirror
Level 2
Level 1
Level 0
FactoryTalk
Application
Server
FactoryTalk
Client
Engineering
Workstation
Discrete
Control
Firewall
Domain
Controller
Site Manufacturing
Operations and Control
Drives
Continuous
Process
Control
Actuators
DMZ
Manufacturing
Zone
Area
Supervisory
Control
Operator
Interface
Engineering
Workstation
Drive
Control
Web
E-Mail
CIP
Application
Server
FactoryTalk
Client
Operator
Interface
Sensors
Firewall
AV
Server
Web Services
Operations
FactoryTalk
Directory
Batch
Control
Enterprise
Zone
Site Business Planning and Logistics Network
Terminal
Services
Level 3
Enterprise Network
Router
Safety
Control
Robots
Basic
Control
Cell/Area
Zone
Process
No Direct Traffic Flow from Enterprise to Manufacturing Zone
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Reference Architectures for
Manufacturing
• Design guidance
– Methodology – built on
Industry Standards
– Best practices and
recommendations
– Documented configuration
settings
– Tested with Industrial
Applications
– Cisco “Validated” network
design
• “Future-ready” network
foundation
– CIP Safety, CIP Sync, CIP
Motion
– Voice, Video
Enterprise Zone
Levels 4 and 5
Windows 2003 Servers
Demilitarized Zone (DMZ)
• Remote desktop connection
• VPN
Gbps Link for
Failover
Detection
Firewall
(Standby)
Firewall
(Active)
Demilitarized Zone (DMZ)
Manufacturing Zone
Level 3
FactoryTalk Application Servers
•
•
•
•
View
Historian
AssetCentre
Transaction Manager
Layer 3
Router
Network Services
• DNS, DHCP, syslog server
• Network and security
management
FactoryTalk Services
Platform
• Directory
• Security
Layer 3
Switch Stack
Data Servers
Level 0–2
Cell/Area Zone
Layer 2 Switch
HMI
Controller
HMI
Drive
Controller
Cell/Area #1
(Redundant Star Topology)
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Drive
Drive
HMI Distributed I/O
Distributed I/O
Controller
Cell/Area #2
(Ring Topology)
Cell/Area #3
(Bus/Star Topology)
Manufacturing and Enterprise
Security Design
• Physical Security – limit physical access to
authorized personnel: areas, control panels,
devices, cabling, and control room – escort
and track visitors
• Network Security – infrastructure framework
– e.g. firewalls with intrusion detection and
intrusion prevention systems (IDS/IPS), and
integrated protection of networking
equipment such as switches and routers
• Computer Hardening – patch management,
antivirus software as well as removal of
unused applications, protocols, and services
• Application Security – authentication,
authorization, and audit software
• Device Hardening – change management
and restrictive access
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Physical
Perimeter
Network
Enforcement
Computer
Application
Device
Manufacturing and Enterprise
Security Design
• Comprehensive Network Security
Model for Defense in Depth Security is not a bolt-on component
–
–
–
–
–
–
Standard DMZ Design Best Practices
VLANs
DMZ
Manufacturing Security Policy
Demilitarized Zone
Firewalls to defend the manufacturing edge
Protect the interior
CS-MARS,
CSA, ASDM and
CSAMC
Endpoint Hardening
FactoryTalk Service
Segment into Domains
& Application
Security
of Trust
– Physical Security
– Security Management, Analysis, &
VLANs
Response
Segmenting
Domains
of Trust
– Remote/Guest Access Policy,
with robust & secure implementation
ASA 5500
Web, Application,
Database Servers
ACLs
Firewall
IPS
Backup
Historians
Level 3—Site Manufacturing
Operations and Control
Network Infrastructure
Protection, ACLs
Cisco
Cat. 6500/4500
Cisco Cat. 3750
StackWise
Switch Stack
HMI
FactoryTalk
View
Level 2—Area Supervisory Control
Security Services Must Not
Compromise Operations of
the Cell/Area Zone
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Layer 2 Security,
Port Security
HMI
Level 1—Basic Control
Controller
Hardening,
Physical Security
PAC
Drive
Level 0—Process
Distributed I/O
Best Practices for Network, Technology and
Cultural Convergence
• IT and Manufacturing collaboration on
– System architecture design
– Service and support models
– Manufacturing Security Policy
• Standardization of design &
technology
• Consult reference architectures &
standards
– Network Segmentation
– Domains of Trust
• Communicate to IT what protocols
and services are being used
– TCP/UDP, Managed/Unmanaged
switches, Multicast, IP addressing, VLANs,
QoS?
• Communicate to Manufacturing the
needs of IT
• Emergence of Manufacturing IT
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
An open, two-way
dialog is critical!
Thank you!
http://www.cisco.com/web/strategy/manufacturing/cisco-rockwell_automation.html
http://www.ab.com/networks/architectures.html
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Related documents
Mr. Suwarn Kumar Singh, Technological Evolution
Mr. Suwarn Kumar Singh, Technological Evolution
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Understanding Process Safety Management
Understanding Process Safety Management
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
Solutions in Action Trepko Group
Solutions in Action Trepko Group
application checklist
application checklist
CCV207
CCV207
Agenda pdf - Rockwell Automation
Agenda pdf - Rockwell Automation
Agenda - Rockwell Automation
Agenda - Rockwell Automation
Industrial Computer and Monitor Specifications Technical Data
Industrial Computer and Monitor Specifications Technical Data
1756-PM016 - Rockwell Automation
1756-PM016 - Rockwell Automation
FTViewSEInstallENU
FTViewSEInstallENU
Download