As Industrial Ethernet networks become the backbone of communications on the plant floor, getting these networks up and running and keeping them running has a direct impact on overall plant uptime and productivity. Industrial Ethernet technologies have matured over the years and now offer many tools and technologies that aid in the commissioning, maintenance and troubleshooting of these networks. Join us as we share some of the most useful tools and technologies that help get your network up and running quickly and maximize availability to keep production at its peak.
After attending this webinar, you will:
• Understand ways to speed up configuring & commissioning your industrial network
• Understand best practices for maintaining your network once itis up & running
• Understand tools for troubleshooting and minimizing downtime
Long journey of Ruby standard library at RubyConf AU 2024
Commissioning, Managing & Troubleshooting Industrial Networks
1. Tips for Commissioning,
Managing, and Troubleshooting
your Industrial Network
Moxa Technology Webinar Series
Richard Wood
Networking Infrastructure Manager
2. Agenda
Industrial Network Challenges
Network Configuration & Commissioning
Managing Industrial Networks
Troubleshooting to Minimize Downtime
Tips for Commissioning, Managing & Troubleshooting Your Industrial Network
3. Industrial Network Challenges
• Harsh operating
environments
• Network availability
requirements are much
higher than enterprise IT
• Cost of downtime is
extremely high
• Interoperability of industrial
devices/networks
• Limited networking
expertise
Typical challenges
Source:
http://www.strategiccompanies.com/pdfs/Assessing%20t
he%20Financial%20Impact%20of%20Downtime.pdf
10. Industrial Protocols
• SCADA control / monitor PLC and field
devices via industrial protocols
Integration of SCADA & PLC Networks
Drive
I/O PLC
Ethernet
Switch
HMI
11. Network Configuration & Commissioning
• Two different methodologies for configuration of
network devices
• Many users from the industrial side prefer web
GUI
• Most users for commercial/enterprise side will
favor CLI
– Used by Cisco
Web Interface vs CLI
13. Device Configuration
Graphical User Interface
• Visual confirmation of current settings
• Menu based configuration
• Standard web browser interface
15. Mass Configuration Tools
Up to 10X Productivity Boost
One by One Setting by Web Batch Configuration by MXconfig
Multiple Devices Wiring
in Series
Broadcast Search
Group IP
Configuration
Group Redundancy
Configuration
Finish
400
sec
20
sec
200
sec
100
sec
Total
12 min
Single Power Supply
Single Device Wiring
IP Configuration
Redundancy Configuration
Repeat
100 times
Finish
10
sec
30
sec
35
sec
Total
125 min
17. Fast Group Configuration
802.1Q VLAN Setting
Confidential
Quick Add Panel
for cloning setting
*Mass 802.1Q VLAN Setting only for devices with the same model name
18. Fast Configuration Deployment
Copy Configuration
Confidential
Quick configuration copy
from one specific setting
to mass devices
Support mass IP
address setting
*Copy Configuration only for devices with the same model name
25. CONFIGURATION CENTER
1-click for mass configuration backup and
firmware upgrade
Job scheduling for nightly configuration backup
Configuration change history
Network Management & Maintenance
Schedule Automatic Backups
26. • One-click Backup
– Only trigger ‘Reset’ button on switch to copy configuration and log
files to ABC-02-USB
• Files Import & Backup
– Configuration import & backup
– Firmware upgrade
– System log backup
Confidential
Rotate blinking under backup
Network Management & Maintenance
Easy Field Backup & Recovery
27. Potential Cyber Security Threats in Automation
• Operations disrupted by huge number of nuisance messages on
network, slowing or blocking legitimate network traffic
Denial of service
• Causes computer to run attacker’s programStorage modification
• Replaces pieces of running program with attacker’s program
Memory modification /Memory
Injection / SQL injection
• Attacker impersonates trusted computer, inserting itself as a
middleman between trusted partner computers, modifying the
messages between them to accomplish the attacker’s goals
Man-in-the-Middle
• Watches messages between computers to gain information about
systemNetwork monitoring
• Gives attacker administrative privileges on systemEscalation of privilege
• Convincing users to unknowingly install malware by clicking on links,
bypassing outward-directed firewallsPhishing attacks
• Attackers exploit trusting, helpful impulses of plant personnel to
gain information used to bypass defenses and physical modification
or sabotage of control equipment
Social engineering
28. Past Control
network security
• Physical perimeter
security
• Air-gapping
• Security through
obscurity
Maximize system
availability
• Remote access portals
were added by plant
engineering and
vendor personnel
• Often without the
acknowledge or
approval by IT people
The security threat
environment has
substantially changed
• Nearly all systems are directly or
indirectly connected to public
networks
• Attackers are now aware of the
possibilities of attacking control
systems
Cyber Security Trend of Automation Network
Ref: Best practices in automation security by Murray McKay, Principal Application Engineer, Siemens Industry, Inc.
29. Create a Defense-in-Depth
Network Security Environment
Defense in Multiple Places
• Defend the Networks and Infrastructure
(encryption and traffic flow security
measures to resist passive monitoring)
• Defend the Enclave Boundaries (deploy
Firewalls and Intrusion Detection to resist
active network attacks)
• Defend the Computing Environment
Layered Defenses
• Each of these mechanisms must present
unique obstacles to the adversary.
• Further, each should include both
“protection” and “detection” measures
Confidential
The Best Countermeasure against Cyber Threats
30. Layered Cyber Security Solution for Automation
Security Site
• High-performance
• 500 Mbps
Security Zone
• Best Cost/Performance
• 300Mbps
Security Cell
• Best Integration
• 110 Mbps
31. Firmware updates
• FW updates are critical to ensuring your devices
are always up to date with the latest technology
– Includes both technology and security updates
• Many manufacturers offer free FW upgrades to
ensure their customers have longevity with the
products they have purhcased
33. Alerts on Unmanaged Switches
• While unmanaged switches
generally cannot communicate
status over the network, they
can be simply configured to
provide relay outputs for
alarms such as:
– Power Supply Failure
– Port Break Alarms
Monitoring System Changes
35. Predictive Monitoring & Alerts
Comprehensive Fiber Status Monitoring and Warnings
Fiber Status Monitoring – Fiber
Temperature, Working Voltage,
Tx /Rx Powers
Auto Event Warning – SNMP
trap, Relay, Email, Event log
(DDM: Digital Diagnostics Monitoring)
SC ST SFP
All Fiber should be monitored
for fault prevention