what every it professional should know

40
© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Scott Friberg - Cisco Systems Industry Solutions Architect for Manufacturing Gregory Wilcox - Rockwell Automation Business Development Manager - Reference Architectures What Every IT Professional Should Know About Manufacturing and Production System Plant Floor Networks A Cisco and Rockwell Automation Education Webcast February 16 th , 2012

Upload: dinobusalachi

Post on 15-May-2015

1.179 views

Category:

Documents


1 download

DESCRIPTION

Plant Floor and Enterprise Network ConvergenceIndustrial Plant OperationsTechnology ConvergenceCultural and Organizational Convergence

TRANSCRIPT

Page 1: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Scott Friberg - Cisco SystemsIndustry Solutions Architect for Manufacturing

Gregory Wilcox - Rockwell AutomationBusiness Development Manager - Reference Architectures

What Every IT Professional Should Know About Manufacturing and Production System Plant Floor Networks

A Cisco and Rockwell Automation

Education Webcast

February 16th, 2012

Page 2: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Speakers

Scott Friberg- CiscoScott is a Solutions Architect focused on Industrial Intelligence for Cisco. He

has worked in many areas of technology during 13 years with Cisco including

Routing and Switching, Voice, and Wireless. Scott is currently working on

networking solutions for the manufacturing and process verticals.

Gregory Wilcox - Rockwell AutomationBusiness Development Manager for Networks at Rockwell Automation. Gregory

leads a multi-company effort to establish tested and validated design guidelines

that help manufacturers design and deploy large-scale automation network

infrastructures. As a major contributor to the Cisco and Rockwell Automation

Alliance, Gregory has advanced the adoption of convergence between industrial

and IT networks. Gregory has been designing and implementing industrial

network solutions for the past 27 years, with 22 of those years at Rockwell

Automation, holding roles of increasing responsibility such as Application

Engineer and Solution Architect.

2

Page 3: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Education Series Webcasts

• The Trend - Network Technology and Cultural Convergence

• What every IT professional should know about Plant Floor Networking

• What every Plant Floor Controls Engineer should know about working with IT

• Industrial Ethernet: Introduction to Resiliency

• Fundamentals of Secure Remote Accessfor Plant Floor Applications and Data

• Securing Architectures and Applicationsfor Network Convergence

• Convergence-Ready EtherNet/IP Solutions

• Available Online

– http://www.ab.com/networks/architectures.html

– http://www.cisco.com/web/strategy/manufacturing/cisco-rockwell_automation.html

3

Page 4: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Agenda

• Introductions

• Plant Floor and Enterprise Network Convergence

• Industrial Plant Operations

• Technology Convergence

• Cultural and Organizational Convergence

• Cisco and Rockwell Automation Alliance & Collaboration

• Convergence-Ready Solutions

• What we’re asking of you

4

Page 5: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Network ConvergenceThe Perpetual Trend

Industrial Plantwide Systems

Business Enterprise Systems

SuppliersCustomer Demand

Supply ChainIntegration

Flexible Operations

Lower Total Cost of Ownership | Faster Time to Market | Better Asset Optimization | Broader Risk Management

5

Page 6: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Industrial Plant Operations

Common Enterprise and IT Functions, Unique Industrial Automation Functions

Water/Wastewater Mining/Metals/CementSemiconductor/

ElectronicsOil and Gas

Automotive Food and Beverage Life SciencesHousehold andPersonal Care

6

Page 7: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Industrial Plant Logical Model

Logical ModelConverged Plantwide Ethernet

7

Page 8: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Industrial Plant Logical Model

• MES - Manufacturing Execution System measures and controls production facilities; it tracks and measures key operational criteria such as product, equipment, labor, inventory, defects, etc.; a key interface to the Enterprise-level applications; Level 3 & 4

• Historian - Collects historical data from the plant floor applications and reports or displays them in various report formats; Level 3

• SCADA - Supervisory Control and Data Acquisition; large scale distributed measurement and control systems, usually covers a geographical area; Level 3

• HMI - Human Machine Interfaces display operational status to operation personnel and may allow them to perform basic functions (e.g. start/stop a process); Level 2

• PAC (a.k.a. PLC) - Programmable Automation Controller or Programmable Logic Controller; controls a subset (Cell/Area), e.g. a line or function, as well as the relevant devices in that Cell/Area; Level 1

• Sensor/Actuator device - a device that measures or controls key functions or aspects of the industrial automation process; Level 0

8

Page 9: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Industrial Plantwide System Convergence

MaterialHandling

Processing

Batching/Blending

Receiving

Packaging

Shipping

ControlRoom

Utilities

CorporateHeadquarters

OEM

SupplierOther Plant

Customer

Business

Enterprise

Systems

Industrial

Plantwide

Systems

9

Page 10: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Packaging - Pick and PlaceIndustrial Plant Application Example

Level 1

Processor

Level 0

Input

Level 0

Actuator

10

Page 11: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Converged Industrial ApplicationTechnology Convergence - Perpetual Trend

• Machine Control and Operator Interface

• Integrated Machine Safety

• Time Synchronization

• Integrated Motion

• Video – inspection

• Mobility & Collaboration

Controller

Motion Net

Safety Net

I/O Net

HMI Net

Disparate Network Technology

Single Network TechnologyCamera

Safety I/O

Controller

VFDDrive

HMI

I/O

Servo Drive

11

Page 12: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Industrial Network ConvergenceTechnology Convergence - Perpetual Trend

Converged Plantwide EthernetIndustrial Network Model

Corporate Network

Sensors and otherInput/Output Devices

Motors, DrivesActuators

SupervisoryControl

Robotics

Back-Office Mainframes andServers (ERP, MES, etc.)

OfficeApplications,Internetworking,Data Servers,Storage

Human MachineInterface (HMI)

SafetyController

Traditional – 3 TierIndustrial Network Model

Corporate Network

Sensors and otherInput/Output Devices

Controller

Motors, DrivesActuators

Robotics

Back-Office Mainframes andServers (ERP, MES, etc.)

OfficeApplications,Internetworking,Data Servers,Storage

Control NetworkGateway

Human MachineInterface (HMI)

SupervisoryControl

Camera

Phone

Industrial NetworkIndustrial Network

SafetyI/O

I/O

Controller

12

Page 13: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

What makes industrial Ethernet “industrial”Technology Convergence - Perpetual Trend

Application

Presentation

Session

Transport

Network

Data Link

Physical

Layer 7

Layer 6

Layer 5

Layer 4

Layer 3

Layer 2

Layer 1

Network Services to User App

Encryption/Other processing

Manage Multiple Applications

Reliable delivery/Error correction

Logical addressing - Routing

Media Access Control

Specifies voltage, pin-outs, cable

CIP

TCP - UDP

IP

IEEE 802.3

TIA - 1005

Routers

Switches

Cabling

Layer Name Layer No. Function Examples

Physical Layer

Hardening

Infrastructure Device

HardeningCommon Application

Layer Protocol

13

Page 14: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

IT vs. Industrial Network CharacteristicsTechnology Convergence - Perpetual Trend

• Enterprise (IT) Network Requirements– Internet Protocols

– Wide Area Network (WAN)

– High availability – redundant star topologies

– Latency, jitter, etc.

– Voice, video, data applications

– IP Addressing - dynamic

– Security - pervasive

• Industrial Network Requirements– Industrial and internet protocols

– Local Area Network (LAN) - packets are small: 100–200 bytes,but communicated very frequently (every 0.5 to 10s of ms)

– Resiliency – ring topologies are prominent, redundant star topologies are emerging

– Latency, jitter, etc.

– Information, control, safety, time synchronization and motion

– IP Addressing – static

– Security – emerging: Open by Default, must be Closed by Configuration

So, what are the

similarities and

differences?

14

Page 15: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

IT vs. Industrial MediaTechnology Convergence - Perpetual Trend

M12 Connectivity

RJ45 Connectivity

600V rated cable

Small Form-factor Pluggable

15

Page 16: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

IT vs. Industrial SwitchingTechnology Convergence - Perpetual Trend

• Industrial Ethernet Switches

– Industrial hardened

– Panel or DIN mount

– Managed or unmanaged

• IT Switches

– Enterprise class

– 19” rack mount – e.g. 1RU

– Managed

16

Page 17: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

What is Common Industrial Protocol?Technology Convergence - Perpetual Trend

Layer 7

Layer 4

Layer 3

Layer 2

Layer 1

Layer No.

• Standard set of services for accessing data and controlling industrial device operation

• Standard to integrate I/O control, device configuration and data collection in industrial automation and control systems

odva.org

17

Page 18: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

CIP Industrial Network TrafficTechnology Convergence - Perpetual Trend

• Standard 802.3 Ethernet

• Standard IETF TCP/IP Suite

• Application Layer Protocol -Common Industrial Protocol (CIP)

• EtherNet/IP = Ethernet + IP + CIP

• TCP and UDP at Transport

• IP Unicast and Multicast at Network

• Static IP Addressing for devices

FTP HTTP OPC SNMPBOOTP

DHCP

IP

IEEE 802.3 Ethernet

OSPFICMP

IGMP

RARPARP

Information

Traffic

Control

Traffic

UDP

CIP

TCP

EtherNet/IP Specifies How CIP Communication Packets Can Be Transported over Standard Ethernet and TCP/IP Technology

18

Page 19: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Real-Time Application ClassesTechnology Convergence - Perpetual Trend

Discrete

Automation

Motion

Control

Process

Automation

Function

Information Integration,

Slower Process Automation

Time-criticalDiscrete Automation

Motion Control

CommunicationTechnology

.Net, DCOM, TCP/IP Industrial Protocols - CIPHardware and Software

solutions, e.g. CIP Motion, PTP

Period .5 second or longer 10 ms to 100 ms <1 ms

IndustriesOil & gas, chemicals,

energy, water

Auto, food & beverage, semiconductor,

metals, pharmaceuticalSubset of discrete automation

ApplicationsPumps, compressors, mixers, instrumentation

Material handling, filling, labeling, palletizing, packaging

Printing presses, wire drawing, web making, pick & place

Source: ARC Advisory Group19

Page 20: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Industrial Data PrioritizationTechnology Convergence - Perpetual Trend

Control

(e.g., CIP)Video

Data

(Best Effort)Voice

BandwidthLow to

Moderate

Moderate to

High

Moderate to

High

Low to

Moderate

Random

Drop

Sensitivity

High Low High Low

Latency

SensitivityHigh High Low High

Jitter

SensitivityHigh High Low High

Not all traffic is created equal!Industrial automation and control system (IACS) networks must prioritize control traffic over other traffic types to ensure deterministic data flows with low latency and low jitter

20

Page 21: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Industrial Data PrioritizationTechnology Convergence - Perpetual Trend

PTP-Event

Critical Data

Video

Call Signaling

Best Effort

Voice

Bulk Data

Network Control

ScavengerCritical Data

Video

Call Signaling

Best Effort

Voice

Bulk Data

Network Control

Scavenger

CIP ExplicitMessaging

CIP Motion

PTP Management, Safety I/O

& I/O

Typical Enterprise QoSCell/Area Zone QoS Priority

Queue, Queue 1

Output Queue 3

Output Queue 4

Output Queue 2

Output Queue 2

Priority Queue,

Queue 1

Output Queue 3

Output Queue 4

Note: Due to queue characteristics of the Stratix

5700/8000/8300, the queue order of priority is different than

general enterprise.21

Page 22: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Topology OptionsTechnology Convergence - Perpetual Trend

RedundantStarFlex Links

RingResilient Ethernet Protocol (REP)

Star/BusLinear

HMI

CiscoCatalyst 2955

Cell/Area Zone

Cisco Catalyst3750 StackWiseSwitch Stack

Controllers,Drives, and Distributed I/O

HMI

Cell/Area Zone

Controllers

Controllers, Drives, and Distributed I/O

Cell/Area ZoneControllers, Drives, and Distributed I/O

HMI

Controllers

Cell/Area Zone

HMI

Controller

Cisco Catalyst3750 StackWiseSwitch Stack

Cisco Catalyst3750 StackWiseSwitch Stack

Redundant Star Ring Linear

Cabling Requirements

Ease of Configuration

Implementation Costs

Bandwidth

Redundancy and Convergence

Disruption During Network Upgrade

Readiness for Network Convergence

Overall in Network TCO and Performance Best OK Worst

22

Page 23: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Wireless Topology OptionsTechnology Convergence - Perpetual Trend

To help avoid rogue APs, the Mobilityand Collaboration needs of the plant

floor must be taken into consideration when designing and deploying a

plantwide wireless strategy

Application of wireless technologies and devices has

become widespread on the plant floor

Page 24: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Plant Floor and Enterprise Network Convergence

Business Agility

Competitive Advantage

Business ModelInnovation

Ethernet and IPWide Deployment

Increasing BusinessPressures

TechnologyConvergence

NetworkConvergence

OrganizationalConvergence

CulturalConvergence

24

Page 25: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Cultural and Organizational Convergence

Security Policies IT Network Industrial Network

Focus

Protecting Intellectual

Property and Company

Assets

24/7 Operations, High OEE

Precedence of

Priorities

Confidentiality

Integrity

Availability

Availability

Integrity

Confidentiality

Types of Data TrafficConverged Network of Data,

Voice and Video

Converged Network of Data,

Control, Information, Safety and Motion

Access ControlStrict Network Authentication

and Access Policies

Strict Physical Access

Simple Network Device Access

Implications of a

Device FailureContinues to Operate Could Stop Operation

Threat ProtectionShut Down Access to

Detected Threat

Potentially Keep Operating

with a Detected Threat

UpgradesASAP

During Uptime

Scheduled

During Downtime25

Page 26: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Best Practices for Network, Technology,Organizational and Cultural Convergence• Emergence of Manufacturing IT

– IT Hybrid

• IT and Manufacturing collaboration and sharing of best practices on:

– Standardization of design and technology

– System architecture design

– Protocols and services

– Service and support models

– Industrial Security Policy

• Consult reference architectures, reference models and industry standards:

– Network Segmentation

– Network services

– Domains of Trust

Open, two-way

dialog is critical!

26

Page 27: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Rockwell Automation and Cisco AllianceTechnology, Network, Cultural and Organizational Convergence

Developed process guidelines to help with convergence, facilitate training and dialogue with IT Network Engineers and Industrial Control System Engineers

Tested and validated recommendations, design and implementation guidance and for a converged Industrial and IT network architecture

Supporting use of open standards, with intelligent networking features in industrial networks through ODVA, ISA and others

Developed industrial Ethernet switch incorporating the best of Cisco and the best of Rockwell Automation

Product Collaboration

Common Technology View

Collaborating on Reference Architectures

People and Process Optimization

27

Page 28: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Common Toolsets – Stratix IE SwitchesRockwell Automation and Cisco Alliance

FactoryTalk View, Faceplates

Device Manager

Command Line Interface

Cisco Network Assistant

RSLogix, Add-on Profile

28

Page 29: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Converged Plantwide Ethernet (CPwE)Rockwell Automation and Cisco Alliance

Recommendations and guidance to help reduce Latency and Jitter, to help increase data Availability, Integrity and Confidentiality, and to help design and deploy a Robust, Secure and Future-Ready EtherNet/IPnetwork infrastructure

• Robust Physical Layer

• Segmentation

• Resiliency Protocols and Redundant Topologies

• Time Synchronization

• Prioritization - Quality of Service (QoS)

• Multicast Management

• Convergence-Ready Solutions

• Security - Defense-in-Depth

29

Page 30: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

CPwE - Logical Framework

• The Cell/Area zone is a Layer 2 network for a functional area of the plant floor. Key network considerations include:– Structure and hierarchy using smaller Layer 2 building blocks

– Logical segmentation for traffic management and policy enforcement (e.g. QoS, Security) to accommodate time-sensitive applications

Levels 0–2

Level 1 Controller

Layer 3 Distribution

Switch

Drive

Controller

Controller

Drive

HMI

Controller

Drive

HMI

I/O

HMI

Cell/Area Zones

Rockwell AutomationStratix 8000

Layer 2 Access Switch

Catalyst 3750 StackWiseSwitch Stack

Level 0 Drive

Level 2 HMILayer 2

Access Switch

Media & Connectors

Cell/Area Zone #1Redundant Star TopologyFlex Links Resiliency

Cell/Area Zone #2Ring TopologyResilient Ethernet Protocol (REP)

Cell/Area Zone #3Bus/Star Topology

I/O

I/O

Layer 2Building Block

Layer 2Building Block

Layer 3

Building Block

Layer 2Building Block

30

Page 31: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

CPwE - Logical Framework

• Industrial and IT network convergence

• Plantwide EtherNet/IP Architectures

• Hierarchical segmentation– Scalability

– Resiliency

– Traffic management

– Policy enforcement

• Security policies– Defense-in-depth

• Secure remote access

Catalyst 3750StackWise

Switch Stack

FactoryTalk Application Servers• View• Historian• AssetCentre, • Transaction Manager

FactoryTalk Services Platform• Directory• Security/Audit

Data Servers

Gbps Linkfor Failover Detection

Firewall(Active)

Firewall(Standby)

I/O

Levels 0–2

HMI

Cell/Area Zone #1Redundant Star TopologyFlex Links Resiliency

Cell/Area Zone #3Bus/Star Topology

Cell/Area Zones

Demilitarized Zone (DMZ)

Demilitarized Zone (DMZ)

Enterprise ZoneLevels 4 and 5

Rockwell AutomationStratix 8000

Layer 2 Access Switch

CiscoASA 5500

CiscoCatalyst Switch

Industrial Zone Site Operations and Control

Level 3

Remote AccessServer

Catalyst6500/4500

Patch ManagementTerminal ServicesApplication MirrorAV Server

ERP, Email,

Wide Area Network

(WAN)

Network Services• DNS, DHCP, syslog server• Network and security mgmt

Drive

Controller

HMI

I/O

Controller

Drive

Controller

Drive

HMI

Cell/Area Zone #2Ring TopologyResilient Ethernet Protocol (REP)

I/OI/O

31

Page 32: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Industrial and Enterprise Security DesignCPwE – Defense-in-Depth

• Security is not a bolt-on component

• Comprehensive Network Security Model for Defense-in-Depth

• Industrial Security Policy

• DMZ Implementation

• Design Remote Partner Access Policy, with robust & secure implementation

• Security Services Must Not Compromise Operations of the Cell/Area Zone Network Traffic

32

Page 33: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Bonjour?Hi.

I’m great.

Convergence-Ready Network SolutionsIndustrial & IT Networks

PLANT

MACHINE

Guten tag?Hello.

How are you?

33

Page 34: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Convergence-Ready Network SolutionsIndustrial & IT Networks

• Use of an industrial Ethernet protocol, such as EtherNet/IP, that fully utilizes standard Ethernet and IP as the industrial network infrastructure.– Common network infrastructure devices – asset utilization

– Future-ready - sustainability

• IP addressing schema:– Class - address range, subnet, default gateway (routability)

– Implementation conventions – static/dynamic, hardware/software configurable, NAT/DNS (who manages?)

• Use of industrial managed switches– Network services such as loop prevention

– Integration between the network infrastructure and the control system – configuration, management, diagnostics/troubleshooting

Partner

Solution(s)e.g. OEM

IndustrialPlantwide Systems

34

Page 35: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Convergence-Ready Network SolutionsIndustrial & IT Networks

• Use of Network Services– Segmentation

• Virtual LANs (VLANs)

• Structured hierarchy using Layer 2 and Layer 3 switching

• Topology

– Data prioritization - quality of service (QoS)

– Availability – loop prevention, resilient topologies and protocols

– Multicast management

– Security stance• Physical access, port security, access control lists, FactoryTalk Security

• Alignment with emerging industrial automation and control system (IACS) security standards such as ISA-99 and NIST 800-82

• Time Synchronization Services– IEEE 1588 Precision Time Protocol (PTP)

• Grand Master, Boundary Clock, Transparent Clock

– CIP Sync applications

– CIP Motion applications

35

Page 36: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Secure Remote AccessConvergence-Ready Network Solutions

System

Integrator

System

Integrator

Trusted Partners

Machine

Builder

Machine

Builder

Industrial Plantwide Systems

• Tighter supply chain and trusted partner integration

• Implementation of lean initiatives through betterasset optimization

• Global availability of equipment, machinesand services

• Scalable service differentiation

– Machine Builders, Skid Builders, System Integratorsautomation vendors, contractors

• Machine Builder cost pressures

– Machine build cost

– On-site commissioning; reduction in resources and duration

– Warranty support; dispatching of resources

– Optimization services; partnership vs. supplier

• IT-ready solutions

– Elimination of security back doors

– Holistic industrial network infrastructure security solutions36

Page 37: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

CPwE Secure Remote AccessConvergence-Ready Network Solutions

FactoryTalk Application Servers• View

• Historian

• AssetCentre

• Transaction Manager

FactoryTalk Services Platform• Directory

• Security/Audit

Data Servers

Levels 0–2Cell/Area Zones

Demilitarized Zone (DMZ)

Demilitarized Zone (DMZ)

Enterprise ZoneLevels 4 and 5

Industrial Zone Site Operations and Control

Level 3

Internet

Enterprise ZoneLevels 4 and 5

EnterpriseWAN

EnterpriseData Center

Gbps Link Failover

Detection

Firewall(Active)

Firewall(Standby)

Patch ManagementApplication MirrorAV Server

CiscoASA 5500

Remote Access Server• Remote Desktop Services• RSLogix 5000• FactoryTalk View Studio

Catalyst6500/4500

Remote Engineeror Partner

EnterpriseConnectedEngineer

Enterprise EdgeFirewall

HTTPS

Cisco VPN Client

Remote Desktop Protocol (RDP)

Catalyst 3750StackWise

Switch Stack

EtherNet/IP

IPS

EC

VP

N

SS

LV

PN

Secure remote access for employees and trusted partners– Meeting the security requirements of IT while enabling plant personnel to leverage trusted partners and shared, distributed company resources

– Common IT Infrastructure– Following emerging Industrial Automation and Control System (IACS) security standards• Defense-in-depth• DMZ

– Enables remote asset management: monitoring, configuration and audit

– Helps simplify change management, version control, regulatory compliance and software license management

– Helps simplify remote clienthealth management

– One size does not fit all – need a scalable secure solutions

37

Page 38: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

What we’re asking of you

• Facilitate early dialogue with your Control System Engineering (CSE) counterparts to ensure success of your Plant and Enterprise Network Convergence

• Review this recorded Webcast later with your CSE colleagues

• Understand and take into consideration Operations/Manufacturing requirements – 24/7 Operations, High OEE, Low MTTR

• Account for differences in Industrial and Enterprise networks when developing plantwide networks

– Traffic types, data prioritization, IP addressing schema, security, wireless

• Consult reference architectures, reference models and industry standards

• Collaborate to share best practices between IT and CSE

– Industrial security and QoS policy

– Partner Convergence-Ready Solutions (e.g. Machines, Skids)

– Secure Remote Access for Partners38

Page 39: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Where to Find More Information

• Websites– http://www.ab.com/networks/architectures.html

– http://www.cisco.com/web/strategy/manufacturing/cisco-rockwell_automation.html

• Design Guides– Converged Plantwide Ethernet (CPwE)

• Application Guides– Fiber Optic Infrastructure Application Guide

• Education Series

• Whitepapers– Top 10 Recommendations for Plantwide EtherNet/IP

Deployments

– Securing Manufacturing Computer and Controller Assets

– Production Software within Manufacturing Reference Architectures

– Achieving Secure Remote Access to Plant Floor Applications and Data

39

Page 40: What Every It Professional Should Know

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Thank you for participating!

Questions

Please complete the evaluation!