What Every It Professional Should Know

What Every IT Professional Should
Know About Manufacturing and
Production System Plant Floor
Networks
A Cisco and Rockwell Automation
Education Webcast

February 16th, 2012

Scott Friberg - Cisco Systems
Industry Solutions Architect for Manufacturing
Gregory Wilcox - Rockwell Automation
Business Development Manager - Reference Architectures

© 2012 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

Speakers

Scott Friberg- Cisco
Scott is a Solutions Architect focused on Industrial Intelligence for Cisco. He
has worked in many areas of technology during 13 years with Cisco including
Routing and Switching, Voice, and Wireless. Scott is currently working on
networking solutions for the manufacturing and process verticals.

Gregory Wilcox - Rockwell Automation
Business Development Manager for Networks at Rockwell Automation. Gregory
leads a multi-company effort to establish tested and validated design guidelines
that help manufacturers design and deploy large-scale automation network
infrastructures. As a major contributor to the Cisco and Rockwell Automation
Alliance, Gregory has advanced the adoption of convergence between industrial
and IT networks. Gregory has been designing and implementing industrial
network solutions for the past 27 years, with 22 of those years at Rockwell
Automation, holding roles of increasing responsibility such as Application
Engineer and Solution Architect.
2

Education Series Webcasts

• The Trend - Network Technology and Cultural Convergence
• What every IT professional should know about Plant Floor Networking
• What every Plant Floor Controls Engineer should know about working
with IT
• Industrial Ethernet: Introduction to Resiliency
• Fundamentals of Secure Remote Access
for Plant Floor Applications and Data
• Securing Architectures and Applications
for Network Convergence
• Convergence-Ready EtherNet/IP Solutions
• Available Online
– http://www.ab.com/networks/architectures.html
– http://www.cisco.com/web/strategy/manufacturing/cisco-rockwell_automation.html

3

Agenda

• Introductions
• Plant Floor and Enterprise Network Convergence
• Industrial Plant Operations
• Technology Convergence
• Cultural and Organizational Convergence
• Cisco and Rockwell Automation Alliance & Collaboration
• Convergence-Ready Solutions
• What we’re asking of you

4

Network Convergence
The Perpetual Trend
Business Enterprise Systems

Customer
Suppliers Demand

Supply Chain Flexible
Integration Operations

Industrial Plantwide Systems

Lower Total Cost of Ownership | Faster Time to Market | Better Asset
Optimization | Broader Risk Management

5

Industrial Plant Operations

Household and
Automotive Food and Beverage Life Sciences
Personal Care

Semiconductor/
Water/Wastewater Mining/Metals/Cement Oil and Gas
Electronics

Common Enterprise and IT Functions,
Unique Industrial Automation Functions
6

Industrial Plant Logical Model

Logical Model
Converged Plantwide Ethernet

7

Industrial Plant Logical Model
• MES - Manufacturing Execution System measures and controls
production facilities; it tracks and measures key operational criteria such
as product, equipment, labor, inventory, defects, etc.; a key interface to
the Enterprise-level applications; Level 3 & 4
• Historian - Collects historical data from the plant floor applications and
reports or displays them in various report formats; Level 3
• SCADA - Supervisory Control and Data Acquisition; large scale
distributed measurement and control systems, usually covers a
geographical area; Level 3
• HMI - Human Machine Interfaces display operational status to operation
personnel and may allow them to perform basic functions (e.g.
start/stop a process); Level 2
• PAC (a.k.a. PLC) - Programmable Automation Controller or
Programmable Logic Controller; controls a subset (Cell/Area), e.g. a line
or function, as well as the relevant devices in that Cell/Area; Level 1
• Sensor/Actuator device - a device that measures or controls key
functions or aspects of the industrial automation process; Level 0
8

Industrial Plantwide System Convergence

OEM
Business
Enterprise
Corporate Other
Systems Supplier
Headquarters Plant
Customer

Control Utilities
Room
Industrial
Plantwide
Material
Systems Receiving Processing
Handling

Batching/ Shipping
Blending Packaging

9

Packaging - Pick and Place
Industrial Plant Application Example

Level 1 Level 0
Processor Input

Level 0
Actuator

10

Converged Industrial Application
Technology Convergence - Perpetual Trend

• Machine Control and Operator Interface
• Integrated Machine Safety
• Time Synchronization
• Integrated Motion
• Video – inspection
• Mobility & Collaboration
Single Network Technology
Camera I/O
Disparate Network Technology

Controller
HMI Net Controller Servo Drive
I/O Net VFD
Safety Net Drive
HMI
Motion Net Safety I/O
11

Industrial Network Convergence

Corporate Network
Corporate Network

Office
Back-Office Mainframes and Office Back-Office Mainframes and Applications,
Servers (ERP, MES, etc.) Applications, Servers (ERP, MES, etc.) Internetworking,
Control Network
Internetworking, Data Servers,
Gateway
Data Servers, Storage
Human Machine Storage
Interface (HMI)
Supervisory Controller
Control Phone

Controller Camera Supervisory Safety
Control Controller

Motors, Drives Robotics Safety
Robotics Motors, Drives I/O
Actuators I/O Actuators
Sensors and other Human Machine Sensors and other
Input/Output Devices Interface (HMI) Input/Output Devices

Industrial Network Industrial Network

Traditional – 3 Tier Converged Plantwide Ethernet
Industrial Network Model Industrial Network Model

12

What makes industrial Ethernet “industrial”

Layer Name Layer No. Function Examples
Application Layer 7 Network Services to User App CIP

Presentation Layer 6 Encryption/Other processing

Session Layer 5 Manage Multiple Applications

Transport Layer 4 Reliable delivery/Error correction TCP - UDP
Routers
Network Layer 3 Logical addressing - Routing IP
Switches
Data Link Layer 2 Media Access Control IEEE 802.3

Physical Cabling Layer 1 Specifies voltage, pin-outs, cable TIA - 1005

Physical Layer Infrastructure Device Common Application
Hardening Hardening Layer Protocol

13

IT vs. Industrial Network Characteristics
• Enterprise (IT) Network Requirements So, what are the
– Internet Protocols similarities and
– Wide Area Network (WAN)
– High availability – redundant star topologies
differences?
– Latency, jitter, etc.
– Voice, video, data applications
– IP Addressing - dynamic
– Security - pervasive
• Industrial Network Requirements
– Industrial and internet protocols
– Local Area Network (LAN) - packets are small: 100–200 bytes,
but communicated very frequently (every 0.5 to 10s of ms)
– Resiliency – ring topologies are prominent,
redundant star topologies are emerging
– Latency, jitter, etc.
– Information, control, safety, time synchronization and motion
– IP Addressing – static
– Security – emerging: Open by Default, must be Closed by Configuration
14

IT vs. Industrial Media
600V rated
cable

Small Form-factor Pluggable

M12 Connectivity

RJ45 Connectivity

15

IT vs. Industrial Switching

• IT Switches
– Enterprise class
– 19” rack mount – e.g. 1RU
– Managed

• Industrial Ethernet Switches
– Industrial hardened
– Panel or DIN mount
– Managed or unmanaged

16

What is Common Industrial Protocol?

Layer No.
• Standard set of
services for
accessing data and
Layer 7
controlling industrial
device operation
• Standard to integrate
Layer 4 I/O control, device
configuration and
Layer 3 data collection in
industrial automation
Layer 2 and control systems

Layer 1

odva.org
17

CIP Industrial Network Traffic

• Standard 802.3 Ethernet
• Standard IETF TCP/IP Suite BOOTP
FTP HTTP OPC CIP SNMP DHCP
• Application Layer Protocol -
Common Industrial Protocol (CIP)
TCP UDP
• EtherNet/IP =
Ethernet + IP + CIP OSPF IGMP
ICMP
• TCP and UDP at Transport Information
Traffic
Control
Traffic

• IP Unicast and Multicast ARP IP RARP

at Network
IEEE 802.3 Ethernet
• Static IP Addressing
for devices

EtherNet/IP Specifies How CIP Communication Packets Can Be
Transported over Standard Ethernet and TCP/IP Technology
18

Real-Time Application Classes
Process Discrete Motion
Automation Automation Control

Information
Integration, Time-critical
Function Slower Process Discrete Automation
Motion Control
Automation
Communication .Net, DCOM, TCP/IP Industrial Protocols - CIP
Hardware and Software
Technology solutions, e.g. CIP Motion, PTP
Period .5 second or longer 10 ms to 100 ms <1 ms
Auto, food & beverage,
Oil & gas, chemicals,
Industries energy, water
semiconductor, Subset of discrete automation
metals, pharmaceutical
Pumps, compressors, Material handling, filling, Printing presses, wire drawing,
Applications mixers, instrumentation labeling, palletizing, packaging web making, pick & place
Source: ARC Advisory Group 19

Industrial Data Prioritization

Control Data
Video Voice
(e.g., CIP) (Best Effort)
Low to Moderate to Moderate to Low to
Bandwidth
Moderate High High Moderate
Random
Drop High Low High Low
Sensitivity
Latency
High High Low High
Sensitivity
Jitter
High High Low High
Sensitivity

Not all traffic is created equal!
Industrial automation and control system (IACS) networks must
prioritize control traffic over other traffic types to ensure
deterministic data flows with low latency and low jitter

20

Industrial Data Prioritization
Priority
Cell/Area Zone QoS Queue,
Typical Enterprise QoS PTP-Event Queue 1

Priority CIP Motion
Queue, Voice
Queue 1 PTP Management,
Video Safety I/O
Call Signaling & I/O
Output Network Control
Network Control Output
Queue 2
Voice Queue 3

Critical Data CIP Explicit
Messaging Output
Output Call Signaling
Queue 3 Best Effort Queue 4

Video Output
Output Bulk Data Critical Data
Queue 2
Queue 4
Scavenger Bulk Data
Note: Due to queue characteristics of the Stratix Best Effort
5700/8000/8300, the queue order of priority is different than Scavenger
general enterprise.
21

Topology Options
Redundant Ring Star/Bus
Star
Cisco Catalyst
3750 StackWise
Switch Stack
Resilient Ethernet
Protocol (REP)
Cisco Catalyst
3750 StackWise
Switch Stack
Linear Cisco Catalyst
3750 StackWise
Switch Stack
Flex Links

Cisco
Catalyst 2955

HMI HMI
Controller
Controllers
HMI Controllers
HMI

Controllers,
Drives, and Distributed I/O
Cell/Area Zone Controllers, Drives, and Distributed I/O Controllers, Drives, and Distributed I/O
Cell/Area Zone Cell/Area Zone Cell/Area Zone

Redundant Star Ring Linear

Cabling Requirements
Ease of Configuration
Implementation Costs
Bandwidth
Redundancy and Convergence
Disruption During Network Upgrade
Readiness for Network Convergence
Overall in Network TCO and Performance Best OK Worst

22

Wireless Topology Options

Application of wireless
technologies and devices has
become widespread on the
plant floor

To help avoid rogue APs, the Mobility
and Collaboration needs of the plant
floor must be taken into consideration
when designing and deploying a
plantwide wireless strategy

Plant Floor and Enterprise
Network Convergence

Business Agility
Competitive Advantage

Business Model
Innovation
Technology
Convergence
Network
Convergence
Organizational
Convergence
Cultural
Convergence

Ethernet and IP
Wide Deployment

Increasing Business
Pressures

24

Cultural and Organizational Convergence
Security Policies IT Network Industrial Network
Protecting Intellectual
Focus Property and Company 24/7 Operations, High OEE
Assets
Confidentiality Availability
Precedence of
Integrity Integrity
Priorities
Availability Confidentiality
Converged Network of Data, Converged Network of Data,
Types of Data Traffic
Voice and Video Control, Information, Safety and Motion
Strict Network Authentication Strict Physical Access
Access Control
and Access Policies Simple Network Device Access
Implications of a
Continues to Operate Could Stop Operation
Device Failure
Shut Down Access to Potentially Keep Operating
Threat Protection
Detected Threat with a Detected Threat
ASAP Scheduled
Upgrades
During Uptime During Downtime
25

Best Practices for Network, Technology,
Organizational and Cultural Convergence
• Emergence of Manufacturing IT
– IT Hybrid
• IT and Manufacturing collaboration
and sharing of best practices on:
– Standardization of design and technology
– System architecture design
– Protocols and services
– Service and support models
– Industrial Security Policy
• Consult reference architectures,
reference models and industry
standards:
– Network Segmentation Open, two-way
– Network services dialog is critical!
– Domains of Trust
26

Rockwell Automation and Cisco Alliance
Technology, Network, Cultural and Organizational Convergence

Common Technology View
Supporting use of open standards, with intelligent
networking features in industrial networks through
ODVA, ISA and others
Collaborating on Reference Architectures
Tested and validated recommendations, design and
implementation guidance and for a converged
Industrial and IT network architecture
People and Process Optimization
Developed process guidelines to help with
convergence, facilitate training and dialogue with IT
Network Engineers and Industrial Control System
Engineers
Product Collaboration
Developed industrial Ethernet switch incorporating the
best of Cisco and the best of Rockwell Automation
27

Common Toolsets – Stratix IE Switches

Cisco Network Assistant

FactoryTalk View, Faceplates

Command Line Interface

Device Manager
RSLogix, Add-on Profile

28

Converged Plantwide Ethernet (CPwE)
Recommendations and guidance to help reduce Latency and Jitter, to help
increase data Availability, Integrity and Confidentiality, and to help
design and deploy a Robust, Secure and Future-Ready EtherNet/IP
network infrastructure
• Robust Physical Layer
• Segmentation
• Resiliency Protocols and Redundant Topologies
• Time Synchronization
• Prioritization - Quality of Service (QoS)
• Multicast Management
• Convergence-Ready Solutions
• Security - Defense-in-Depth

29

CPwE - Logical Framework
Layer 3 Catalyst 3750
Distribution Layer 3 StackWise
Switch Building BlockSwitch Stack Cell/Area Zones
Levels 0–2
Layer 2
Access Switch Level 2 HMI

Rockwell Automation HMI Controller
Stratix 8000
Drive Layer 2 Access Switch HMI Drive

Layer
Controller 2 Layer 2 Layer 2
Building Block I/O Building Block Drive Building Block
HMI I/O
Level 1 I/O
Media & Controller Controller Level 0
Connectors Drive
Cell/Area Zone #1 Cell/Area Zone #2
Redundant Star Topology Ring Topology Cell/Area Zone #3
Flex Links Resiliency Resilient Ethernet Protocol (REP) Bus/Star Topology

• The Cell/Area zone is a Layer 2 network for a functional area of the plant floor.
Key network considerations include:
– Structure and hierarchy using smaller Layer 2 building blocks
– Logical segmentation for traffic management and policy enforcement (e.g. QoS, Security) to
accommodate time-sensitive applications
30

CPwE - Logical Framework

• Industrial and IT network
convergence ERP, Email,
Wide Area Network
(WAN) Enterprise Zone
Levels 4 and 5
• Plantwide EtherNet/IP Patch Management
Terminal Services
Demilitarized Zone (DMZ)

Architectures Application Mirror
AV Server
Gbps Link
for Failover
Detection Firewall

• Hierarchical segmentation Firewall
(Standby)

Cisco
ASA 5500 Demilitarized Zone (DMZ)
(Active)
– Scalability FactoryTalk Application Servers Industrial Zone
• View Site Operations and Control
– Resiliency •
•
Historian
AssetCentre, Catalyst
Level 3
• Transaction Manager 6500/4500 Cisco
– Traffic management FactoryTalk Services
Platform
Catalyst Switch

• Directory Remote Network Services
– Policy enforcement • Security/Audit Access
Server
Catalyst 3750
StackWise
• DNS, DHCP, syslog server
• Network and security mgmt
Data Servers Switch Stack

• Security policies Cell/Area Zones
Levels 0–2
– Defense-in-depth
• Secure remote access Rockwell Automation
Stratix 8000
HMI Controller

Layer 2 Access Switch HMI
Drive
Controller
I/O Drive Drive
HMI I/O
I/O I/O
Controller
Cell/Area Zone #1 Cell/Area Zone #2
Redundant Star Topology Ring Topology Cell/Area Zone #3
Flex Links Resiliency Resilient Ethernet Protocol (REP) Bus/Star Topology

31

Industrial and Enterprise Security Design
CPwE – Defense-in-Depth

• Security is not a bolt-on
component
• Comprehensive Network
Security Model for Defense-in-
Depth
• Industrial Security Policy
• DMZ Implementation
• Design Remote Partner Access
Policy, with robust & secure
implementation
• Security Services Must Not
Compromise Operations of the
Cell/Area Zone Network Traffic
32

Convergence-Ready Network Solutions
Industrial & IT Networks
Hello.
How are tag?
Guten you?

Hi.
Bonjour?
I’m great.

PLANT

MACHINE

33

Industrial
Partner Plantwide Systems
Solution(s)
e.g. OEM

• Use of an industrial Ethernet protocol, such as EtherNet/IP, that fully
utilizes standard Ethernet and IP as the industrial network infrastructure.
– Common network infrastructure devices – asset utilization
– Future-ready - sustainability
• IP addressing schema:
– Class - address range, subnet, default gateway (routability)
– Implementation conventions – static/dynamic, hardware/software configurable,
NAT/DNS (who manages?)
• Use of industrial managed switches
– Network services such as loop prevention
– Integration between the network infrastructure and the control system – configuration,
management, diagnostics/troubleshooting
34

• Use of Network Services
– Segmentation
• Virtual LANs (VLANs)
• Structured hierarchy using Layer 2 and Layer 3 switching
• Topology
– Data prioritization - quality of service (QoS)
– Availability – loop prevention, resilient topologies and protocols
– Multicast management
– Security stance
• Physical access, port security, access control lists, FactoryTalk Security
• Alignment with emerging industrial automation and control system (IACS) security standards such
as ISA-99 and NIST 800-82
• Time Synchronization Services
– IEEE 1588 Precision Time Protocol (PTP)
• Grand Master, Boundary Clock, Transparent Clock
– CIP Sync applications
– CIP Motion applications
35

Secure Remote Access
• Tighter supply chain and trusted partner integration Trusted Partners
• Implementation of lean initiatives through better
asset optimization Machine System
Builder Integrator
• Global availability of equipment, machines
and services
• Scalable service differentiation
– Machine Builders, Skid Builders, System Integrators
automation vendors, contractors
• Machine Builder cost pressures
– Machine build cost
– On-site commissioning; reduction in resources
and duration
– Warranty support; dispatching of resources
– Optimization services; partnership vs. supplier
• IT-ready solutions
– Elimination of security back doors
– Holistic industrial network infrastructure security solutions Industrial Plantwide Systems
36

CPwE Secure Remote Access
Secure remote access for employees
Remote Engineer
and trusted partners or Partner
Cisco VPN Client

IPSEC VPN
– Meeting the security requirements of IT
while enabling plant personnel to Internet

leverage trusted partners and shared, Enterprise Edge
Firewall
Enterprise Zone
Levels 4 and 5
Enterprise

SSL VPN
distributed company resources Data Center

– Common IT Infrastructure Enterprise
Connected
Engineer
– Following emerging Industrial Automation Enterprise
and Control System (IACS) security WAN

standards HTTPS
Enterprise Zone
• Defense-in-depth Levels 4 and 5
• DMZ Patch Management Gbps Link Demilitarized Zone (DMZ)

– Enables remote asset management: Application Mirror
AV Server
Failover
Detection Remote Desktop
monitoring, configuration and audit Protocol (RDP)
Cisco Firewall Firewall
– Helps simplify change management, ASA 5500 (Standby) (Active) Demilitarized Zone (DMZ)

version control, regulatory compliance FactoryTalk Application Servers
• View

and software license management •
•
Historian
AssetCentre
Catalyst
6500/4500
Remote Access Server
• Remote Desktop Services
• RSLogix 5000
– Helps simplify remote client • Transaction Manager
FactoryTalk Services
• FactoryTalk View Studio

Platform
health management • Directory
Catalyst 3750
StackWise
Industrial Zone
Site Operations and Control
• Security/Audit
Switch Stack
– One size does not fit all – need a Data Servers Level 3

scalable secure solutions EtherNet/IP
Cell/Area Zones
Levels 0–2
37

What we’re asking of you
• Facilitate early dialogue with your Control System Engineering (CSE)
counterparts to ensure success of your Plant and Enterprise Network
Convergence
• Review this recorded Webcast later with your CSE colleagues
• Understand and take into consideration Operations/Manufacturing
requirements – 24/7 Operations, High OEE, Low MTTR
• Account for differences in Industrial and Enterprise networks when
developing plantwide networks
– Traffic types, data prioritization, IP addressing schema, security, wireless
• Consult reference architectures, reference models and industry standards
• Collaborate to share best practices between IT and CSE
– Industrial security and QoS policy
– Partner Convergence-Ready Solutions (e.g. Machines, Skids)
– Secure Remote Access for Partners
38

Where to Find More Information

• Websites
– http://www.ab.com/networks/architectures.html
– http://www.cisco.com/web/strategy/manufacturing/cisco-
rockwell_automation.html
• Design Guides
– Converged Plantwide Ethernet (CPwE)
• Application Guides
– Fiber Optic Infrastructure Application Guide
• Education Series
• Whitepapers
– Top 10 Recommendations for Plantwide EtherNet/IP
Deployments
– Securing Manufacturing Computer and Controller Assets
– Production Software within Manufacturing Reference
Architectures
– Achieving Secure Remote Access to Plant Floor Applications
and Data
39

Thank you for participating!

Questions

Please complete the
evaluation!


What Every It Professional Should Know

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à What Every It Professional Should Know

Similaire à What Every It Professional Should Know (20)

What Every It Professional Should Know