REFERENCE ARCHITECTURES FOR MANUFACTURING
|
|
- Anis Booker
- 8 years ago
- Views:
Transcription
1
2 Synopsis Industry adoption of EtherNet/IP TM for control and information resulted in the wide deployment of standard Ethernet in manufacturing. This deployment acts as the technology enabler for the convergence of manufacturing and enterprise networks. By gaining timely access to production key performance indicators (KPIs) at the right levels, manufacturers benefit from network convergence. Information convergence between manufacturing and business systems also enables greater business agility and opportunities for innovation. This technology and network convergence creates an unclear demarcation line for network ownership. Groups that traditionally had limited interaction within manufacturers now collaborate. To support this network convergence, controls engineers and Information Technology (IT) professionals experience both organizational and cultural convergence as well as share best practices. The emergence of manufacturing IT, distinct from enterprise IT, takes this collaboration to a new level. To support and accelerate this network convergence, Rockwell Automation and Cisco collaborated to develop Reference Architectures for Manufacturing. These resources provide users with the foundation for success to deploy the latest technology by addressing topics relevant to both engineering and IT professionals. Reference Architectures for Manufacturing provides education, design guidance, recommendations and best practices to help establish a robust and secure network infrastructure that facilitates manufacturing and enterprise network convergence. This whitepaper outlines the recommendations and best practices described with the Reference Architectures for Manufacturing. At the end of this whitepaper is a listing of additional reference material. This listing includes resources not specifically described within this whitepaper. For additional information on Reference Architectures for Manufacturing, see notes 1 and 2 within the listing on the last page of this whitepaper. Control and Information Convergence Convergence is not a new concept. For example, companies often undergo convergence through expansion, mergers and acquisitions. Enterprise-wide systems unite disparate business systems into a common enterprise resource planning (ERP) system. Finally, users converge voice, video, and data into a common information network. In the manufacturing industry, islands of automation for production and control systems have increasingly converged into an integrated plant-wide control and information platform. Users also unite disparate batch, continuous process, discrete, safety, motion, and drive control industrial network technologies into a multidisciplined industrial network by utilizing EtherNet/IP, a standard Ethernet technology. 2 Wide deployment of EtherNet/IP in manufacturing triggered migration from the traditional 3-tier network model to a converged Ethernet model, as shown in Figure 1. Convergence has not flattened the network model. Segmentation of functions, geographic areas, and security for domains of trust requires a multi-tier model.
3 The traditional 3-tier network model evolved during the early days of Ethernet. Characteristics such as collision domains, half-duplex and 10Mbps limited Ethernet usage in production control applications. Proprietary, vendor-specific industrial networks proliferated early on, until organizations like ODVA began promoting a Common Industrial Protocol (CIP TM ). By dividing a network by function and geographic area into smaller local area networks (LAN), the 3-tier network model provides natural segmentation. This lessens the impact of traffic management and security. By connecting devices such as drives and robots with a controller, a device-level network controls, configures, and collects data from these intelligent devices. A device-level network in one area does not typically interact with other device-level networks. By acting as a backbone for device-level networks, control networks interlock controllers and provide connectivity to supervisory computers. A gateway maps information from the manufacturing systems to the enterprise systems. The manual, store-and-forward mapping mechanism required significant implementation and support efforts. Traditional 3-Tier Manufacturing Network Model Figure 1 Converged Ethernet Manufacturing Network Model The naturally information-enabled, converged Ethernet model eliminates the need for dedicated gateways. Although the technology has converged, the model has not flattened. Data access from anywhere at anytime presents a new challenge. Manufacturers must protect their assets from both internal and external threats (people with good intentions that make mistakes and those wishing to inflict harm) because users typically know how to plug into Ethernet. No longer isolated in the manufacturing realm, industrial networks make manufacturing computing and controller assets susceptible to the same security vulnerabilities as their enterprise counterparts. Plant-wide networking with Ethernet technology requires planning and structure. Establishing smaller LANs, to shape and manage network traffic as well as creating domains of trust that limit access to authorized personnel requires a multi-tier, segmented methodology. 3
4 Built on Industry Standards and Methodology Designing and deploying a robust and secure network infrastructure requires a wellplanned roadmap. The manufacturing process dictates usage of equipment such as sensors and actuators as well as their geographic deployment. By consulting operations, users can determine information flow requirements. Users should also identify what production information the business system needs. For example, a business system may require KPIs or regulatory compliance data. Finally, the roadmap should address standards implementation for common terminology, methodology, and best practices. Reference Architectures for Manufacturing are built on technology and manufacturing standards common between IT and manufacturing. These include technology standards such as IEEE s standard, unmodified Ethernet, Internet Engineer Task Force (IETF) Internet Protocol (IP), and ODVA s CIP. Additionally, Reference Architectures for Manufacturing uses manufacturing standards to establish a Manufacturing Framework as shown in Figure 2. This framework establishes a foundation for network segmentation for traffic management and policy enforcement, such as security, remote access, and Quality of Service (QoS). The framework uses standards such as the ISA-95 Enterprise-Control System Integration, ISA-99 s Manufacturing and Control Systems Security, and the Purdue Reference Model for Control Hierarchy. Figure 2 Manufacturing Framework Rockwell Automation and Cisco share a common technology view by supporting the facilitation and acceleration of network convergence as well as the promotion of standard, unmodified Ethernet. In addition to jointly serving as principle members of ODVA, the companies individually participate in standard organizations like ISA. For additional information about ODVA, see note 4. 4 Throughout the Reference Architectures for Manufacturing, terminology refers to layers, levels, and zones. The Open Systems Interconnection (OSI) seven-layer
5 reference model defines layers e.g. layer 1 for Physical, layer 2 for Data Link, layer 3 for Network. Layer 2 devices forward data and provide network services based on Data Link layer characteristics such as Media Access Control (MAC). Layer 3 devices forward data and provide network services based on IP. For additional information on the OSI network model, see note 5. Figure 2 depicts levels and zones of the Manufacturing Framework. Both ISA-95 and the Purdue Reference Model for Control Hierarchy segment industrial control devices into hierarchical levels of operations within a manufacturing facility. Using levels as common terminology breaks down and determines plant-wide information flow. For enhanced security and traffic management, ISA-99 segments levels into zones. Zones establish domains of trust for security access and smaller LANs to shape and manage network traffic. For additional information about ISA, see note 7. The Manufacturing Framework groups levels into the following zones for specific functions: Enterprise Zone: Levels 4 and 5 handle IT networks, business applications/servers (e.g. , enterprise resource planning ERP) as well as intranet. Demilitarized Zone (DMZ) This buffer zone provides a barrier between the Manufacturing and Enterprise Zones, but allows for data and services to be shared securely. All network traffic from either side of the DMZ terminates in the DMZ. No traffic traverses the DMZ. That is, no traffic directly travels between the Enterprise and Manufacturing Zones. Manufacturing Zone: Level 3 addresses plant-wide applications (e.g. historian, asset management, manufacturing execution systems - MES), consisting of multiple Cell/Area Zones. Cell/Area Zone: Levels 0, 1 and 2 manage industrial control devices (e.g. controllers, drives, I/O and HMI) and multidisciplined control applications (e.g. drive, batch, continuous process and discrete). Shaping and Managing Network Traffic Developing a robust and secure network infrastructure requires protecting the integrity, availability and confidentiality of control and information data. Users should address the following when developing a network: Is the network infrastructure resilient enough to ensure data availability? How consistent is the data? Is it reliable? How is data used? Is it secure from manipulation? Reference Architectures for Manufacturing provides recommendations, design guidance, best practices, methodology (Figure 3) and documented configuration settings. This helps establish a robust and secure network infrastructure for control and information data availability, integrity, and confidentiality. Built on industry standards and a future-ready network foundation, Reference Architectures for Manufacturing addresses today s applications like safety through CIP Safety TM, and tomorrow s applications like motion through CIP Motion TM, time synchronization 5
6 through IEEE 1588 precision time protocol (PTP) with CIP Sync TM, and incorporation of voice over IP (VoIP) and video on demand (VOD). IT professionals frequently use reference architectures as a common concept and tool within the enterprise. From retail companies to data centers, Cisco develops reference architectures for a variety of industries and applications. Reference Architectures for Manufacturing, as shown in Figure 3, incorporates the Rockwell Automation Integrated Architecture TM and Cisco Ethernet-to-the-Factory, a Cisco Validated Design. For additional information on the Integrated Architecture, see notes 1 and 8. Figure 3 Reference Architectures for Manufacturing 6 To align with the Manufacturing Framework shown in Figure 2, Reference Architectures for Manufacturing utilizes the Campus Network Reference Model. Common with enterprise networks, this multi-tier model naturally segments traffic into three main tiers: core, distribution and access. Layer 2 access switches aggregate control devices within the Cell/Area Zones. Additionally, layer 2 provides network services such as switching, resiliency via spanning tree protocol (STP), Quality of Service (QoS), virtual local area network (VLAN) and security. Multilayer (layers 2 and 3) distribution switches reside in the Manufacturing Zone (level 3), brings together access switches from the Cell/Area Zones and provide network services. Services include layer 2 and 3 switching, routing, load balancing, resiliency via Hot Standby Routing Protocol (HSRP), QoS and security. Finally, the core switch aggregates distribution switches and provides high speed switching. Like Reference Architectures for Manufacturing, IT professionals frequently use core/distribution/access as a common concept and tool within the enterprise.
7 Designing a resilient network infrastructure with low latency and jitter increases the availability and integrity of control and information data. Latency, or delay, represents the time elapsed from when one device transmits data until another device receives it. Jitter represents the variation of delay. Converging multidiscipline control and information traffic into a common industrial network requires reducing latency and jitter. To reduce network latency and jitter, Reference Architectures for Manufacturing recommends segmenting and prioritizing network traffic. Segmentation reduces the impact of broadcast and multicast traffic. Reducing network latency and jitter starts with the Cell/Area Zone. When designing the Cell/Area Zone, users should create smaller layer 2 Cell/Area Zone network segments organized by function or geographic area. Restrict data flow out of the Cell/Area Zone unless plant-wide operations explicitly require it. Each Cell/Area Zone should be implemented with a dedicated VLAN and IP subnet. VLANs segment network traffic and help restrict broadcast and multicast traffic as well as simplify security policy management. As a best practice, use the layer 3 distribution switches to route information between Cell/Area Zone VLANs and plant-wide operations in the Manufacturing Zone. Avoiding large layer 2 networks helps simplify network management. For additional information on VLANs, see notes 1, 2, and 5. Network topology choice impacts the availability and integrity of control and information data. Figure 3 depicts the bus/star, ring and redundant star topologies described in Reference Architectures for Manufacturing. Since applications drive topology choice, users should address key considerations. These include application performance requirements, network latency and jitter tolerance, downtime and meantime-to-repair (MTTR) tolerance as well as future upgrade and expansion requirements. From right to left, Figure 3 depicts increases to network resiliency, modularity, flexibility and implementation complexity. As a best practice, implement a resilient topology such as the recommended redundant star topology. Redundant star provides natural segmentation, shapes traffic to help reduce latency and jitter by improving data integrity as well as offers the resiliency required for greater data availability, which helps reduce downtime. Modularity of the redundant star also increases scalability and flexibility for network expansion and upgrades. Not all network traffic is created equal, nor should users treat it equally. To minimize application latency and jitter, control data should have priority within the Cell/Area Zone. Quality of Service (QoS) gives preferential treatment to some network traffic at the expense of others. Control data is more sensitive to latency and jitter than information data. To minimize latency and jitter, users should apply QoS to control data within the Cell/Area Zone. Before implementing QoS within the Manufacturing Zone, use a multidiscipline team of operations, engineering, IT and safety professionals to establish a QoS policy for the Manufacturing Zone. This policy should support the needs of operations, including what to apply QoS to and when. Additionally, the multidiscipline team should understand that this policy may differ from the enterprise QoS policy. Enterprise QoS policies commonly give priority to VoIP. Although not specifically addressed within Reference Architectures for Manufacturing, developing a robust network infrastructure requires proper design and implementation of an industrial Physical layer. Physical media, layer 1, within the Cell/Area Zone is subjected to environmental and noise conditions not found in the enterprise. These conditions can impact availability and reliability of data, introducing latency and jitter. For additional information on physical media planning and installation, see note 6. 7
8 Recommendations and best practices for the Cell/Area Zone include: Shape and manage traffic by implementing smaller Cell/Area Zones with a separate VLAN and IP subnet per Cell/Area Zone. Use managed layer 2 access switches to segment traffic with VLANs, prioritize traffic with QoS, implement security policies with port security and access control lists (ACL), and provide diagnostics. Utilize a redundant star topology for greater network resiliency and modularity, along with rapid spanning tree protocol (RSTP) to manage loops. Implement multiple spanning tree (MST 802.1s) version of RSTP (802.1w) to support usage of multiple VLANs. For additional details on MST and RSTP, see note 2. Lower network latency and jitter by using Gigabit Ethernet ports for trunks and uplinks, VLANs to reduce broadcast traffic, Internet Group Management Protocol (IGMP) to reduce multicast traffic, QoS to prioritize traffic and redundant star topology for natural segmentation. For additional information on these best practices, see note 2. The Manufacturing Zone contains all systems, devices and controllers critical to controlling and monitoring plant-wide operations. This zone includes Site Manufacturing Operations and Control functions (level 3) as well as multiple Cell/Area Zones. To preserve smooth plant-wide operations and functioning of the systems and network, this zone requires clear isolation and protection from the Enterprise Zone via the Demilitarized Zone (DMZ). All manufacturing assets required for the operation of the Manufacturing Zone should remain there. Assets include Rockwell Automation FactoryTalk Integrated Performance and Production Suite as well as other applications and services, such as Active Directory, DNS, and DHCP. Level 3, Site Manufacturing Operation and Control, has a dedicated network segment within the Manufacturing Zone and contains the FactoryTalk servers. Users should assign this network segment with its own IP subnet and VLAN. The FactoryTalk servers connect to a dedicated multilayer access switch, which aggregates into the layer 3 distribution switches. The distribution switches act as the network segment s default gateway. To provide redundant default gateways to the Cell/Area Zones, distribution switches should use Hot Standby Routing Protocol (HSRP) or Gateway Load Balancing Protocol (GLBP). Distribution switches will route all traffic to and from the level 3 network segment. Recommendations and best practices for the Manufacturing Zone include: Keep FactoryTalk within the Manufacturing Zone. For additional information, see note 10. Keep replicated services such as DNS, Active Directory and DHCP within the Manufacturing Zone. Implement a level 3 (Site Manufacturing Operations and Control) network segment with its own IP subnet and VLAN. 8 Use layer 3 distribution switches to route between Cell/Area Zone VLANs and the level 3 network segment VLAN.
9 Use HSRP or GLBP on the distribution switches to provide redundant default gateways to the Cell/Area Zones. For additional information on these best practices, see note 2. Securing Manufacturing Assets The recommended defense-in-depth approach, depicted in Figure 4, helps to address internal and external security threats as well as helps provide confidentiality for control and information data. By utilizing multiple layers of defense (physical and electronic) at different levels within manufacturing, this approach addresses disparate types of threats. No single technology or methodology fully secures industrial networks. A comprehensive security model should be designed and implemented as a natural extension to the manufacturing process. Security should not be implemented as an afterthought or bolt-on component. For the purpose of this whitepaper, defense-in-depth layers for securing manufacturing assets include: Physical Security: This limits physical access to authorized personnel for areas, control panels, devices, cabling, the control rooms and other locations as well as escorts and tracks visitors. Network Security: This contains the infrastructure framework, such as firewalls with intrusion detection and intrusion prevention systems (IDS/IPS). Computer Hardening: This includes patch management and antivirus software as well as removal of unused applications, protocols and services. Application Security: This contains authentication, authorization and audit software. Device Hardening: This handles change management and restrictive access. For additional information on defense-in depth, see notes 11 and 13. Figure 4 Defense-in-Depth - Multiple Layers 9
10 The recommended Manufacturing Network Security Framework, utilizing defensein-depth is depicted in Figure 5 and includes: Manufacturing Security Policy: This security policy roadmap identifies vulnerability mitigation. A multidiscipline team of operations, engineering, IT and safety should develop this manufacturing security policy. Demilitarized Zone (DMZ): This buffer zone provides a barrier between the Manufacturing and Enterprise Zones, while allowing users to securely share data and services. All network traffic from either side of the DMZ terminates in the DMZ. No traffic traverses the DMZ, which means that traffic does not directly travel between the enterprise and manufacturing zones. Defending the manufacturing edge: Users should deploy stateful packet inspection (SPI) firewalls (barriers) with intrusion detection/prevention systems (IDS/IPS) around and within the industrial network. Protecting the Interior: Users should implement access control lists (ACLs) and port security on network infrastructure devices such as switches and routers. Endpoint Hardening: This restricts access, prevents walk up, plug in access and uses change management to track access and changes. Domains of Trust: Users should segment the network into smaller areas based on function or access requirements. Physical Security: This restricts physical access to manufacturing assets and network infrastructure devices. Security, Management, Analysis and Response System: This monitors, identifies, isolates and counters network security threats. Remote Access Policy For employee and partner remote access, implement policies, procedures and infrastructure. For additional information on remote access, see note 12. Recommendations and best practices for securing manufacturing assets include: Deploy holistic security based on defense-in-depth. Conduct a security risk assessment, see note 15 for additional information. Develop a manufacturing security policy that support manufacturing operation requirements based on enterprise security policy best practices. Implement a manufacturing network security framework to establish domains of trust and appropriately apply security policies. Establish a DMZ between the Enterprise and Manufacturing Zones. Prevent traffic from traversing the DMZ. 10 Use application mirroring within the DMZ to converge Manufacturing and Enterprise Zone information, noted in next section.
11 Harden computers and controllers, see note 13. Utilize industry standards such as ISA-99. Leverage Rockwell Automation Network and Security Services, see note 15. For additional information, see note 13. Figure 5 Manufacturing Network Security Framework Information Convergence via the DMZ Information convergence has helped provide manufacturers with greater business agility and opportunities for innovation. With these opportunities, come challenges. Manufacturing computing and controller assets have become susceptible to the same security vulnerabilities as their enterprise counterparts. Protecting manufacturing assets requires a defense-in-depth security approach. For additional details, see notes 11 and 13. The best practices described within Reference Architectures for Manufacturing, utilizing defense-in-depth, help to provide a robust and secure network infrastructure facilitating information convergence between manufacturing and business systems. The first best practice calls for establishing a DMZ between the Enterprise Zone and the Manufacturing Zone. As noted earlier, the DMZ is a buffer zone providing a barrier between the Manufacturing and Enterprise Zones, but allows for data and services to be shared securely. All network traffic from either side of the DMZ terminates in the DMZ. No traffic traverses the DMZ. That is, no traffic directly 11
12 travels between the Enterprise and Manufacturing Zones. Finally, users should contain all manufacturing assets, such as FactoryTalk, required for manufacturing operations within the Manufacturing Zone. To maintain these best practices while allowing information convergence between the Enterprise and Manufacturing Zones, Manufacturing Zone applications should replicate data to an application mirror within the DMZ. Users should then replicate the data from this application mirror to an application within the Enterprise Zone. This can be either unidirectional or bidirectional. Figure 6 FactoryTalk Transaction Manager and MSSQL Server An example of data mirroring is shown in Figure 6. FactoryTalk applications that utilize Microsoft SQL (MSSQL) server, for example can maintain the best practices and methodology noted above. For additional information on FactoryTalk, see notes 9, 10, and 11. Figure 6 also demonstrates that FactoryTalk Transaction Manager provides two-way data exchange between tags, such as Logix Controller or FactoryTalk View, and applications like an MSSQL server. These tags may contain KPIs or other important data that needs to integrated into an enterprise application. Since traffic cannot traverse the DMZ, an MSSQL server in the Manufacturing Zone cannot directly transfer data to and from an MSSQL server in the Enterprise Zone. This means that all traffic between the two zones must be initiated or terminated in the DMZ. 12
13 Users should implement the methodology shown in Figure 6 to enable information convergence while maintaining DMZ best practices. The FactoryTalk Transaction Manger with MSSQL server solution involves: The FactoryTalk Transaction Manager server (level 3) is configured to read/write its SQL data to and from an MSSQL server (data mirror) located in the DMZ. The MSSQL server data mirror in the DMZ then replicates the data to and from the Enterprise Zone MSSQL server. Business systems within the Enterprise Zone only access the enterprise MSSQL server. Summary The convergence of manufacturing and enterprise networks increases access to manufacturing data, which assists manufacturers in making better business decisions. This business agility provides a competitive edge for manufacturers that embrace convergence. With these opportunities, come challenges. Network convergence exposes manufacturing assets to security threats traditionally found in the enterprise. Users also face an unclear demarcation of network ownership and cultural difference between deploying enterprise and manufacturing assets. Implementing best practices from both engineering and IT along with the recommendations described in Reference Architectures for Manufacturing will help users establish the secure and robust network infrastructure needed to facilitate manufacturing and enterprise network convergence 13
14 Additional Reference Material Notes: 1) Reference Architectures for Manufacturing Website 2) Design and Implementation Guide (DIG) ) Ethernet Design Considerations for Control System Networks ENET-SO ) ODVA 5) Network Infrastructure for EtherNet/IP: Introduction and Considerations 6) EtherNet/IP Media Planning and Installation Manual _Planning_and_Installation_Manual.pdf 7) ISA-99, Industrial Automation and Control System Security 8) Rockwell Automation Integrated Architecture 9) FactoryTalk Website 10) FactoryTalk Positioning within Reference Architectures for Manufacturing Whitepaper 11) FactoryTalk Security Quick Start Guide 12) Remote Access Whitepaper 13) Securing Manufacturing Computing and Controller Assets Whitepaper 14) Rockwell Automation Knowledgebase ) Rockwell Automation Network and Security Services EtherNet/IP, CIP, CIP Safety, CIP Motion and CIP Sync are trademarks of ODVA. FactoryTalk is a registered trademark of Rockwell Automation, Inc. Integrated Architecture is a trademark of Rockwell Automation, Inc. Publication ENET-WP004A-EN-E-November 2008 Copyright 2008 Rockwell Automation, Inc. Printed in USA
Production Software Within Manufacturing Reference Architectures
Production Software Within Manufacturing Reference Architectures Synopsis Industry adoption of EtherNet/IP for control and information has driven the wide deployment of standard Ethernet for manufacturing
More informationSecuring The Connected Enterprise
Securing The Connected Enterprise Pack Expo 2015 Las Vegas Chelsea An Business Development Lead, Network & Security PUBLIC Copyright 2015 Rockwell Automation, Inc. All Rights Reserved. 8 Connected Enterprise
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationSecuring Manufacturing Computing and Controller Assets
Securing Manufacturing Computing and Controller Assets Rockwell Automation and Cisco Four Key Initiatives: Common Technology View: A single system architecture, using open, industry standard networking
More informationControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions
Network Segmentation Methodology Application Guide ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions By Josh Matson and Gregory
More informationNetwork Security Trends & Fundamentals of Securing EtherNet/IP Networks
Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Presented by Rockwell Automation Industrial Network Security Trends Security Quips "Good enough" security now, is better than "perfect"
More informationComputer System Security Updates
Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),
More informationThe Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015
The Internet of Things (IoT) and Industrial Networks Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects
More informationT46 - Integrated Architecture Tools for Securing Your Control System
T46 - Integrated Architecture Tools for Securing Your Control System PUBLIC PUBLIC - 5058-CO900G Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. The Connected Enterprise PUBLIC Copyright
More informationCONTROL LEVEL NETWORK RESILIENCY USING RING TOPOLOGIES. Joseph C. Lee, Product Manager Jessica Forguites, Product Specialist
CONTROL LEVEL NETWORK RESILIENCY Written by: Joseph C. Lee, Product Manager Jessica Forguites, Product Specialist DANGER 65 65 65 65 65 65 65 65 EtherNet/IP 1 3 4 5 6 LINK 1 LINK MOD NET 15 14 13 1 11
More informationStratix Switches Within Integrated Architecture. Dave VanGompel, Principal Application Engineer
Written By: Mark Devonshire, Product Manager Dave VanGompel, Principal Application Engineer Synopsis Industry adoption of EtherNet/IP for control and information has driven the wide deployment of standard
More informationPR03. High Availability
PR03 High Availability Related Topics NI10 Ethernet/IP Best Practices NI15 Enterprise Data Collection Options NI16 Thin Client Overview Solution Area 4 (Process) Agenda Overview Controllers & I/O Software
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationAUP28 - Implementing Security and IP Protection
AUP28 - Implementing Security and IP Protection Features in the Integrated Architecture Mads Laier DK Commercial Engineer Logix & Networks Rev 5058-CO900E Agenda Why IACS Security Now! Defense in depth
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationAUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS)
AUP28 Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS) Clive Barwise, Rockwell Automation European Product Manager Networks and Security
More informationChoosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application
Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application By: Josh Matson Various Time Synchronization Protocols From the earliest days of networked
More informationNETE-4635 Computer Network Analysis and Design. Designing a Network Topology. NETE4635 - Computer Network Analysis and Design Slide 1
NETE-4635 Computer Network Analysis and Design Designing a Network Topology NETE4635 - Computer Network Analysis and Design Slide 1 Network Topology Design Themes Hierarchy Redundancy Modularity Well-defined
More informationIACS Network Security and the Demilitarized Zone
CHAPTER 6 IACS Network Security and the Demilitarized Zone Overview This chapter focuses on network security for the IACS network protecting the systems, applications, infrastructure, and end-devices.
More informationChapter 3. Enterprise Campus Network Design
Chapter 3 Enterprise Campus Network Design 1 Overview The network foundation hosting these technologies for an emerging enterprise should be efficient, highly available, scalable, and manageable. This
More informationEthernet Design Considerations for Control System Networks AN INTRODUCTION
Ethernet Design Considerations for Control System Networks AN INTRODUCTION PUBLICATION ENET-SO001A-EN-E November 2007 Contact Rockwell Customer Support Telephone 1.440.646.3434 Online Support http://www.rockwellautomation.com/support/
More informationSecuring Process Control Systems
Securing Process Control Systems Bradford H. Hegrat, CISSP, CISM Sr. Principal Security Consultant Network & Security Services Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011
More informationGUIDELINES FOR INDUSTRIAL ETHERNET INFRASTRUCTURE IMPLEMENTATION: A CONTROL ENGINEER S GUIDE
GUIDELINES FOR INDUSTRIAL ETHERNET INFRASTRUCTURE IMPLEMENTATION: A CONTROL ENGINEER S GUIDE By Carlos Rojas Director Enterprise Sales Emerging Markets Cisco Systems Peter Morell Global Manager, Network
More informationNetwork Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013
Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall Semester 2013 1 Walmart s Data Center 2 Amadeus Data Center 3 Google s Data Center 4 Data Center
More informationIndustrial Ethernet: A Control Engineer s Guide
Industrial Ethernet: A Control Engineer s Guide Abstract As part of a continuing effort to make their organizations more efficient and flexible, manufacturers are rapidly migrating to Industrial Ethernet
More informationVirtual PortChannels: Building Networks without Spanning Tree Protocol
. White Paper Virtual PortChannels: Building Networks without Spanning Tree Protocol What You Will Learn This document provides an in-depth look at Cisco's virtual PortChannel (vpc) technology, as developed
More informationScalable Secure Remote Access Solutions
Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant jdely@ra.rockwell.com Scott Friberg Solutions Architect Cisco Systems, Inc. sfriberg@cisco.com Jeffrey A. Shearer,
More informationChapter 1 Reading Organizer
Chapter 1 Reading Organizer After completion of this chapter, you should be able to: Describe convergence of data, voice and video in the context of switched networks Describe a switched network in a small
More informationRESILIENT NETWORK DESIGN
Matěj Grégr RESILIENT NETWORK DESIGN 1/36 2011 Brno University of Technology, Faculty of Information Technology, Matěj Grégr, igregr@fit.vutbr.cz Campus Best Practices - Resilient network design Campus
More informationDesign Considerations for Securing Industrial Automation and Control System Networks
Design Considerations for Securing Industrial Automation and Control System Networks Synopsis Rockwell Automation and Cisco Four Key Initiatives: Common Technology View: A single system architecture, using
More informationPlant-wide Network Infrastructure. Copyright 2012 Rockwell Automation, Inc. All rights reserved.
Plant-wide Network Infrastructure Agenda Additional On-site Information EtherNet/IP Considerations Logical Design Considerations Physical Layer Design Consideration Testing Considerations Plant-Floor and
More informationDas sollte jeder ITSpezialist über. Automations- und Produktionsnetzwerke wissen
Das sollte jeder ITSpezialist über Automations- und Produktionsnetzwerke wissen Frank Schirra, Rockwell Automation Solution Architect Edi Truttmann, Cisco Systems Network Solution Sales Specialist 2012
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationKey Considerations for Operationalizing the Connected Industrial Enterprise
Key Considerations for Operationalizing the Connected Industrial Enterprise Improving Competitiveness with Information: Insights from the Rockwell Automation Connected Enterprise Journey 2 Key Considerations
More informationJive Core: Platform, Infrastructure, and Installation
Jive Core: Platform, Infrastructure, and Installation Jive Communications, Inc. 888-850-3009 www.getjive.com 1 Overview Jive hosted services are run on Jive Core, a proprietary, cloud-based platform. Jive
More informationData Center Networking Designing Today s Data Center
Data Center Networking Designing Today s Data Center There is nothing more important than our customers. Data Center Networking Designing Today s Data Center Executive Summary Demand for application availability
More informationCCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network
CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network Olga Torstensson SWITCHv6 1 Components of High Availability Redundancy Technology (including hardware and software features)
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationAllen-Bradley Stratix 5700 Network Address Translation (NAT)
00:00:BC:66:0F:C7 DANGER SINK\ SOURCE SOURCE 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 00 08 01 09 02 10 03 11 04 12 05 13 06 14 07 15 COM COM 0 1 NC NC +V +V 00 08 01
More informationWhite Paper A Manufacturing Network Fabric Maturity Model
White Paper October 2015 WP-24 A Manufacturing Network Fabric Maturity Model Simplify planning for an IoT information enabled manufacturing environment Introduction The Internet of Things (IoT) is expected
More informationCisco Medical-Grade Network: Build a Secure Network for HIPAA Compliance
White Paper Cisco Medical-Grade Network: Build a Secure Network for HIPAA Compliance What You Will Learn The Cisco Medical-Grade Network (MGN) 1 provides a network foundation that enables reliable, transparent,
More informationSSVP SIP School VoIP Professional Certification
SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover
More informationAchieving Secure, Remote Access to Plant-Floor Applications and Data
Achieving Secure, Remote Access to Plant-Floor Applications and Data Abstract To increase the flexibility and efficiency of production operations, manufacturers are adopting open networking standards for
More informationA Network Design Primer
Network Design Recommendations Recommendations for s to take into account when doing network design to help create a more easily defendable and manageable network K-20 Network Engineering 6/30/15 Network
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationOvercoming Security Challenges to Virtualize Internet-facing Applications
Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing
More informationUsing ODVA Common Industrial Protocol to Enhance Performance White Paper
Monitor & Control Multiple Groups Using ODVA Common Industrial Protocol to Enhance Performance White Paper Monitor & Control Multiple Groups Using ODVA Common Industrial Protocol to Enhance Performance
More informationICANWK613A Develop plans to manage structured troubleshooting process of enterprise networks
ICANWK613A Develop plans to manage structured troubleshooting process of enterprise networks Release: 1 ICANWK613A Develop plans to manage structured troubleshooting process of enterprise networks Modification
More informationIT-AD08: ADD ON DIPLOMA IN COMPUTER NETWORK DESIGN AND INSTALLATION
IT-AD08: ADD ON DIPLOMA IN COMPUTER NETWORK DESIGN AND INSTALLATION Objective of the course: This course is designed to impart professional training to the students of computer Science, computer applications,
More informationHARTING Ha-VIS Management Software
HARTING Ha-VIS Management Software People Power Partnership HARTING Management Software Network Management Automation IT - with mcon Switches from HARTING With the Ha-VIS mcon families, HARTING has expanded
More informationnetwork infrastructure: getting started with VoIP
hp procurve networking business may 2003 network infrastructure: getting started with VoIP technical brief table of contents introduction 2 network optimization for VoIP 2 bandwidth provisioning 3 end-to-end
More informationVMDC 3.0 Design Overview
CHAPTER 2 The Virtual Multiservice Data Center architecture is based on foundation principles of design in modularity, high availability, differentiated service support, secure multi-tenancy, and automated
More informationADVANCED NETWORK CONFIGURATION GUIDE
White Paper ADVANCED NETWORK CONFIGURATION GUIDE CONTENTS Introduction 1 Terminology 1 VLAN configuration 2 NIC Bonding configuration 3 Jumbo frame configuration 4 Other I/O high availability options 4
More informationDisaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs
Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more
More informationCLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
More informationCOURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking
COURSE AGENDA CCNA & CCNP - Online Course Agenda Lessons - CCNA Lesson 1: Internetworking Internetworking models OSI Model Discuss the OSI Reference Model and its layers Purpose and function of different
More informationPlantPAx Process Automation System. A Modern Distributed Control System
PlantPAx Process Automation System A Modern Distributed Control System Utilize Your Process Automation System to Address Key Market Challenges As technology continues to drive innovations, the production
More informationUnified Communications and Collaboration as a Service
Unified Communications and Collaboration as a Service Maintaining Security, Availability, and Reliability in the Private Cloud Overview Enterprise organizations around the world are increasingly turning
More informationMigrate from Cisco Catalyst 6500 Series Switches to Cisco Nexus 9000 Series Switches
Migration Guide Migrate from Cisco Catalyst 6500 Series Switches to Cisco Nexus 9000 Series Switches Migration Guide November 2013 2013 Cisco and/or its affiliates. All rights reserved. This document is
More informationStratix Industrial Networks Infrastructure At-A-Glance
Stratix ing and Routing Services Router Wireless Distribution Services Router Hardware Features Ports Per Module 2 5 to 16 4 and 9 port 6, 10, 18 and 20 port 8, 10, 16, 18, 24 port 6 and 10 port base switches
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationVoice Over IP. MultiFlow 5048. IP Phone # 3071 Subnet # 10.100.24.0 Subnet Mask 255.255.255.0 IP address 10.100.24.171. Telephone.
Anritsu Network Solutions Voice Over IP Application Note MultiFlow 5048 CALL Manager Serv # 10.100.27 255.255.2 IP address 10.100.27.4 OC-48 Link 255 255 25 IP add Introduction Voice communications over
More informationChapter 1 Personal Computer Hardware------------------------------------------------ 7 hours
Essential Curriculum Networking Essentials Total Hours: 244 Cisco Discovery 1: Networking for Home and Small Businesses 81.5 hours teaching time Chapter 1 Personal Computer Hardware------------------------------------------------
More information1- and 2-Port Fast Ethernet High-Speed WAN Interface Cards for Cisco 1841, 2800, and 3800 Series Integrated Services Routers
1- and 2-Port Fast Ethernet High-Speed WAN Interface Cards for Cisco 1841, 2800, and 3800 Series Integrated Services Routers Overview The Layer 3 Cisco 1- and 2-Port Fast Ethernet High-Speed WAN interface
More informationData Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.
Data Networking and Architecture The course focuses on theoretical principles and practical implementation of selected Data Networking protocols and standards. Physical network architecture is described
More informationSimplifying the Transition to Virtualization TS17
Simplifying the Transition to Virtualization TS17 Name Sandeep Redkar Title Manager Process Solutions Date 11 th February 2015 Agenda Overview & Drivers Virtualization for Production Rockwell Automation
More informationWhy Use Cisco Network Systems?
Why Use Cisco Network Systems? Cisco provides a network that can securely and reliably handle all types of traffic, throughout the entire network, over virtually any media, while providing consistent service
More informationAnalysis of Network Segmentation Techniques in Cloud Data Centers
64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology
More informationJuniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009
Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results May 1, 2009 Executive Summary Juniper Networks commissioned Network Test to assess interoperability between its EX4200 and EX8208
More informationManufacturing and the Internet of Everything
Manufacturing and the Internet of Everything Johan Arens, CISCO (joarens@cisco.com) Business relevance of the Internet of everything Manufacturing trends Business imperatives and outcomes A vision of the
More informationS-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009
S-Series SBC Interconnect Solutions A GENBAND Application Note May 2009 Business Requirements A ubiquitous global voice service offering is the challenge among today s large service providers. The need
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationPREPARED FOR ABC CORPORATION
NETWORK DESIGN PROPOSAL PREPARED FOR ABC CORPORATION Prepared by Crystal Technologies PROPRIETARY AND CO NF IDE NTIAL Network Design Proposal PREPARED FOR ABC CORPORATION INC. ARTICLE I. OVERVIEW/HISTORY
More informationOverview of Routing between Virtual LANs
Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information
More informationManagement Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.
Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of
More informationNetwork Infrastructure Considerations for Smart Grid Strategies By Jim Krachenfels, Marketing Manager, GarrettCom, Inc.
Network Infrastructure Considerations for Smart Grid Strategies By Jim Krachenfels, Marketing Manager, GarrettCom, Inc. The Smart Grid is having a decided impact on network infrastructure design and the
More informationSygate Secure Enterprise and Alcatel
Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and
More informationIMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)
IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH) COURSE OVERVIEW: Implementing Cisco Switched Networks (SWITCH) v2.0 is a five-day instructor-led training course developed to help students prepare for
More informationMS Series: VolP Deployment Guide
Solution Guide MS Series: VolP Deployment Guide JULY 2013 How to deploy a distributed VoIP infrastructure with Meraki MS switches. Table of Contents Introduction 3 Getting Started 4 Setting up VoIP using
More informationLayer 3 Network + Dedicated Internet Connectivity
Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for
More informationLocal Session Controller: Cisco s Solution for the U.S. Department of Defense Network of the Future
White Paper Local Session Controller: Cisco s Solution for the U.S. Department of Defense Network of the Future What You Will Learn The future of the Department of Defense s (DoD) networks focuses on the
More informationPhysical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture
Physical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture Industrial Ethernet networking is advancing technology applications throughout the plant. These applications are rapidly
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationWalmart s Data Center. Amadeus Data Center. Google s Data Center. Data Center Evolution 1.0. Data Center Evolution 2.0
Walmart s Data Center Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall emester 2013 1 2 Amadeus Data Center Google s Data Center 3 4 Data Center
More informationJuniper / Cisco Interoperability Tests. August 2014
Juniper / Cisco Interoperability Tests August 2014 Executive Summary Juniper Networks commissioned Network Test to assess interoperability, with an emphasis on data center connectivity, between Juniper
More informationUsing & Offering Wholesale Ethernet Network and Operational Considerations
White Paper Using and Offering Wholesale Ethernet Using & Offering Wholesale Ethernet Network and Operational Considerations Introduction Business services customers are continuing to migrate to Carrier
More informationNetwork Considerations to Optimize Virtual Desktop Deployment
. White Paper Network Considerations to Optimize Virtual Desktop Deployment What You Will Learn Enterprises today strive to improve productivity, increase operating efficiency, and offer competitive advantages
More informationSolutions Guide. Resilient Networking with EPSR
Solutions Guide Resilient Networking with EPSR Introduction IP over Ethernet is now a well-proven technology in the delivery of converged services. Ethernet-based Triple-Play services have become an established
More informationTop-Down Network Design
Top-Down Network Design Third Edition Priscilla Oppenheimer Cisco Press 800 East 96th Street Indianapolis, IN 46240 vi Тор-Down Network Design Contents at a Glance Introduction xxii Part I Identifying
More informationNetwork Virtualization
. White Paper Network Services Virtualization What Is Network Virtualization? Business and IT leaders require a more responsive IT infrastructure that can help accelerate business initiatives and remove
More informationSecure Network Foundation 1.1 Design Guide for Single Site Deployments
Secure Network Foundation 1.1 Design Guide for Single Site Deployments This document provides a simple vision for a smart and secure business where everyday communications are made easier, faster, and
More informationExpert Reference Series of White Papers. Planning for the Redeployment of Technical Personnel in the Modern Data Center
Expert Reference Series of White Papers Planning for the Redeployment of Technical Personnel in the Modern Data Center info@globalknowledge.net www.globalknowledge.net Planning for the Redeployment of
More informationHuawei One Net Campus Network Solution
Huawei One Net Campus Network Solution 2 引 言 3 园 区 网 面 临 的 挑 战 4 华 为 园 区 网 解 决 方 案 介 绍 6 华 为 园 区 网 解 决 方 案 对 应 产 品 组 合 6 结 束 语 Introduction campus network is an internal network of an enterprise or organization,
More informationBrocade One Data Center Cloud-Optimized Networks
POSITION PAPER Brocade One Data Center Cloud-Optimized Networks Brocade s vision, captured in the Brocade One strategy, is a smooth transition to a world where information and applications reside anywhere
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationMOC 6435A Designing a Windows Server 2008 Network Infrastructure
MOC 6435A Designing a Windows Server 2008 Network Infrastructure Course Number: 6435A Course Length: 5 Days Certification Exam This course will help you prepare for the following Microsoft exam: Exam 70647:
More informationAluminium Smelter Benefits from New Approach to Networking
Aluminium Smelter Benefits from New Approach to Networking Customer Case Study One of world s largest aluminium smelters uses Ethernet-to-the-Factory to improve manufacturing efficiency. EXECUTIVE SUMMARY
More informationCourse Contents CCNP (CISco certified network professional)
Course Contents CCNP (CISco certified network professional) CCNP Route (642-902) EIGRP Chapter: EIGRP Overview and Neighbor Relationships EIGRP Neighborships Neighborship over WANs EIGRP Topology, Routes,
More information