iiot, security and ethernet design - peter brown

Network Design Industry 4.0 and Security

siemens.com Unrestricted© Siemens AG 2016

Unrestricted © Siemens AG 2016

June 2016 Peter Brown

Ethernet Network Design

Product design

Production planning

Engineering

Production

Digital workflow

Service



Global Trends / Industry 4.0

Track & Trace Globalization The world is

connected Big data

Maximum

transparency

throughout the

entire value

added chain

Optimize

Production

Logistic

Reliable

communication

for WAN

Enable industrial

communication

to cope with

increasing

amount of data

Establish

security

mechanisms to

control the open

communication

where needed

Industry

requirements

Manage to find

one concept for

industrial

communication

Solution

orientation

Individuali-

zation

Offer a complete

solution package

including service

to the customer

Enable end

customers to

react flexible with

our solution on

the market

requirements Ch

allen

ge

Tre

nd



All Industry Sectors

For all industries … … and for all regions

Process Discrete Hybrid

Win

d p

ow

er

Tra

nsp

ort

ati

on

E-C

ar

Ele

ctr

on

ics

Au

tom

oti

ve

Gla

ss

& S

ola

r

Ph

arm

ac

eu

tic

als

Fo

od

& B

eve

rag

e

Me

tal &

Min

ing

Cem

en

t

Pu

lp &

Pa

per

Ch

em

ica

ls

Oil

& G

as

Wa

ter

Refi

ne

ry

Ele

ctr

ic P

ow

er

Industrial networks

Discrete automation Process automation



Customer requirements for industrial networks

Robustness High temperatures, rugged environments

- Fan less switches (dusty environment etc.), FastConnect cables

Flexibility Changing production layouts at the shop floor

- Modularity, different interfaces for electrical or optical connections

High Availability Ring redundancy e.g. with MRP, HSR, PRP,…

- Quick and easy replacement with C-Plug (transfer config to new device)

Determinism Synchronization of several drives in one machine

- Wired as well as wireless

Moving Units

Automated guided vehicles, monorails, cranes

- IWLAN RCoax Cable for durable wireless connection during movement

Safety Emergency shutdown over PROFINET

- Wired as well as wireless

Security Remote administration for machine vendors, Firewall, DMZ

- One security module for office and automation requirements

Outdoor

Warehouse

Production



PROFINET provides increased flexibility, efficiency, and performance

PROFINET is the right solution for every application

Industrial Wireless LAN

Safety

Flexible topologies

Expandability

Web tools

Open standard

Tailor-made plant concepts

Flexibility

Easy cabling

One cable for all purposes

Device/network diagnostics

Energy efficiency

Optimal use of resources

Fast device replacement

Ruggedness/stability

Easy cabling Easy cabling

Efficiency

Media redundancy

Large quantity structures

High transmission rate

Speed

High precision

Increased productivity

Fast start-up

Performance



Merging of automation and IT

Totally Integrated

Automation

Portal

RT / IRT data Other TCP-data Quality gathering data Video

Network load

Long-term development of plants‘ network load

High data volume through

- Acquisition of quality data

- High resolution videos

- Web services

- Cloud-connection

parallel to real-time data (RT/IRT).

Can cause

… overloads on single ports

... lower plant availability

By reason of defective network design

and configuration.



How Do We Draw Our Network?

PROFINET



Automation & control

Hazardous area

SCADA

24/7 operation

Motion control

Wireless communication

General IT

File transfers

Voice

Video

Network physical distance

Data quality

Reserved bandwidth

Confidential information

Email / instant messaging

Trending / archiving

Spanning departments

Printing

Remote access

Billing / invoicing

Track & trace

Product individualisation

What does the network need to do?

OT Vs IT



OT Vs IT

Industry:

Location – Rough environment

Installation – Plant maintenance

Topology – Plant specific, varied

Availability – Network downtimes <300mS

Device density – Low, switches with few ports

Network monitoring – Part of plant monitoring

Office:

Location – Air conditioned offices

Installation – Network specialists

Topology – Star

Availability – Minute to hours accepted

Device density – High, switches with many ports

Network monitoring – Specially trained IT staff



Example Control & Automation Network



Design Summary

Zoning and Security are essential

VLANs

Layer 3 switches

ACL

Bandwidth reservation

Network redundancy

Protection of safety-related systems

OT team & IT Team cooperation



Security



PI Security Concept

The PROFINET Security Concept From the PROFINET Security Guideline

Network Architecture – Security Zones

Trust Concept – within Zones

Perimeter Defence – Firewall/VPN

Provision of Confidentiality and Integrity

Transparent Integration of Firewalls



Methods of network security

Firewall - Protect against unauthorized access

VLAN (Virtual Local Area Network) - Logical

network that operates on the basis of a physical network

DMZ (De-Militarized Zone) - Exchange data

with external partners via safe areas

VPN (Virtual Private Network) - Secure tunnel

between authenticated users

Complete plant security

Secure automation cells

Internet



Industrial Security

As a minimum:

Inherent Safety

Physical & environmental security

System hardening

Application security

Device hardening

Network security

Disaster recovery / mitigation planning



Thank you for your attention!

Peter Brown

Product Specialist

Siemens Customer Service

Email: [email protected]

Mobile: 07808 825551

siemens.com/SINETPLAN

mailto:[email protected]