Plant-wide Network Infrastructure. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

Plant-wide Network Infrastructure

Agenda Additional On-site Information EtherNet/IP Considerations Logical Design Considerations Physical Layer Design Consideration Testing Considerations Plant-Floor and Enterprise Requirements 3

What you will learn Design guidance, recommendations, best practices and solutions developed by Rockwell Automation and our ecosystem of partners to help customers successfully design and deploy robust, secure and futureready Plant-wide EtherNet/IP networks utilizing common network infrastructure assets. 4

EtherNet/IP Network Infrastructure Booth Additional On-site Information Booth 1407 5

Network Infrastructure Wall Additional On-site Information High Availability Time Synchronization Integrated Safety Integrated Motion Convergence-Ready OEM Machine Integrated Architecture Booth 915 Cisco Booth 1307 Industrial Intelligence enabling secure network access, cloud computing, mobility and collaboration solutions Panduit Booth 1301 Enterprise and industrial automation Unified Physical Infrastructure (UPI) Fluke Networks Booth 1511 Common tool sets for enterprise and industrial automation applications 6

Workshops, Hands-On Lab Additional On-site Information L19 - Applying EtherNet/IP in Real-Time Applications Rockwell Automation 8:00AM, 10:00AM, 12:30PM, 2:30PM W15 - Designing EtherNet/IP Machine Level Networks Rockwell Automation 12:30PM W16 - Fundamentals of Securing EtherNet/IP Networks Rockwell Automation and Cisco 2:30PM W21 - Scalable Secure Remote Access Solutions Rockwell Automation and Cisco 8:00AM 7

EtherNet/IP: IP - Industrial Protocol EtherNet/IP Considerations Standard IEEE 802.3 - standard Ethernet, Precision Time Protocol (IEEE-1588) IETF - Internet Engineering Task Force, standard Internet Protocol (IP) IEC - International Electrotechnical Commission IEC 61158 ODVA - Common Industrial Protocol (CIP) IT Friendly What s and Future-Ready the difference? (Sustainable) Established - products, Ethernet applications IP and vendors Multidiscipline control EtherNet/IP and information platform ODVA Supported by global industry vendors such as Cisco Systems, Omron, Schneider Electric Bosch Rexroth AG and Rockwell Automation Conformance & Performance Testing http://www.odva.org 8

Converged Industrial Application EtherNet/IP Considerations Machine Control and Operator Interface Integrated Machine Safety Time Synchronization Integrated Motion Video inspection Mobility & Collaboration Single Network Technology Disparate Network Technology Camera Plant I/O Controller Plant Network Controller Servo Drive I/O Network Safety Network Motion Network HMI Safety I/O VFD Drive 9

Plant-Floor Network Convergence EtherNet/IP Considerations EtherNet/IP Enabling & Driving Convergence of Plant-Floor and Enterprise Networks 10

Industrial Network Design Methodology EtherNet/IP Considerations Understand application and functional requirements Devices to be connected industrial and non-industrial Data requirements for availability, integrity and confidentiality Communication patterns, topology and resiliency requirements Types of traffic information, control, safety, time synchronization, motion control, voice, video Develop a logical framework (roadmap) Avoiding Define zones and segmentation Place applications and devices in the logical framework based on requirements Because Network Infrastructure Matters!! Network Sprawl!! Develop a physical framework to align with and support the logical framework Determine security requirements Take into consideration IT requirements Establish early dialogue with IT for plant-wide applications Use technology & industry standards, reference models and reference architectures AUDIT MANAGE / MONITOR IMPLEMENT ASSESS DESIGN/PLAN 11

Enabling Plant-wide Network Convergence EtherNet/IP Considerations Successful Plant-wide Network Convergence Requires Collaboration Simplification Innovation 12

EtherNet/IP Ecosystem Partners EtherNet/IP Considerations Plant-wide EtherNet/IP Ecosystem - Design and Deployment IT Convergence Leader in Industrial Network Infrastructure Because Network Infrastructure Matters The Established #1 Industrial Ethernet Network Testing, Verification, Certification & Troubleshooting Tools http://www.ethernetippartners.net/ Physical Layer Network Infrastructure 13

EtherNet/IP Ecosystem Partners EtherNet/IP Considerations These industry leaders are collaborating to provide recommendations, design guidance, best practices and solutions to help customers successfully design and deploy robust, secure and future-ready Plant-wide EtherNet/IP networks utilizing common network infrastructure assets. Enabling Network Convergence Plant-floor (industrial) network convergence Plant-floor & Enterprise (IT) network convergence Providing Collateral Design Guides Application Guides Whitepapers Webcasts Seminars 14

EtherNet/IP Ecosystem Partners EtherNet/IP Considerations ERP, Email, Wide Area Network (WAN) Enterprise Zone Levels 4 and 5 Micro Data Center Racks Patching Cable Management Copper/Fiber Patch Management Remote Gateway Services Application Mirror AV Server FactoryTalk Application Servers View Historian AssetCentre, Transaction Manager FactoryTalk Services Platform Directory Security/Audit Data Servers Remote Access Server Gbps Link for Failover Detection Firewall (Active) Catalyst 6500/4500 Firewall (Standby) Cisco ASA 5500 Catalyst 3750 StackWise Switch Stack Demilitarized Zone (DMZ) Plant Firewall: Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Terminal Server proxy Industrial Zone Site Operations and Control Level 3 Network Services DNS, DHCP, syslog server Network and security mgmt Network Discovery Protocol Statistics Cell/Area Zones Levels 0 2 Copper, Fiber, Wireless Testers Network Discovery Protocol Statistics Drive Controller HMI I/O Cell/Area Zone #1 Redundant Star Topology Flex Links Resiliency I/O Rockwell Automation Stratix 8000 Layer 2 Access Switch Controller I/O HMI Drive Cell/Area Zone #2 Ring Topology Resilient Ethernet Protocol (REP) Physical Logical Common Framework Toolsets HMI I/O Cell/Area Zone #3 Bus/Star Topology Controller Drive End Device Control Panel Network Zone 15

Reference Architectures Logical Design Considerations Recommendations and guidance to help reduce Latency and Jitter, to help increase data Availability, Integrity and Confidentiality, and to help design and deploy a Robust, Secure and Future-Ready EtherNet/IP network infrastructure Robust Physical Layer Segmentation Resiliency Protocols and Redundant Topologies Time Synchronization Prioritization - Quality of Service (QoS) Multicast Management Convergence-Ready Solutions Security - Defense-in-Depth Scalable Secure Remote Access 16

Segmentation Logical Design Considerations Segmentation techniques for smaller building block approach, to create smaller Layer 2 domains Structure and Hierarchy Logical Model Geographical and Functional Organization of IACS Devices Campus Network Model - Multi-tier Switch Model Layer 2 & Layer 3 Logical Framework Physical Segmentation Multiple Network Interface Cards (NICs) - CIP Bridge NAT Appliance Logical Segmentation VLANs Minimize Network Sprawl Smaller Fault Domains (e.g. Layer 2 loops) Smaller Broadcast Domains Smaller Domains of Trust (security) 18

Segmentation - Physical - Isolation Logical Design Considerations Islands of Automation I/O HMI VFD Drive Sneakernet Controller I/O Servo Drive I/O I/O HMI HMI I/O VFD Drive Controller Servo Drive VFD Drive Controller I/O Servo Drive 22

Segmentation - Physical - Multiple NICs Logical Design Considerations Isolated networks - two NICs for physical network segmentation Plant Network Level 3 Layer 2 Network Converged networks logical segmentation Shared Layer 2 Network Plant Network Level 3 VLAN 102 Converged Network Layer 2 Network Control Network Levels 0-2 Benefits Clear network ownership demarcation line Challenges Limited visibility to control network devices for asset management Limited future-ready capability Control Network Levels 0-2 Benefits Plant-wide information sharing for data collection and asset management Future-ready Challenges Blurred network ownership demarcation line 23

Segmentation - Physical - Multiple NICs Logical Design Considerations Isolated networks - two NICs for physical network segmentation Plant Network Level 3 Layer 2 Network Layer 2 Network Control Network Levels 0-2 Benefits Clear network ownership demarcation line Challenges Limited visibility to control network devices for asset management Limited future-ready capability Converged networks - logical segmentation - two NICs for scalability, performance, capacity and flexibility Segmented (using VLANs), Layer 2 Network Plant Network Level 3 VLAN 102 VLAN 103 Converged Network Control Network Benefits Levels 0-2 Plant-wide information sharing for data collection and asset management Future-ready Challenges Blurred network ownership demarcation line 24

Segmentation - Physical - NAT Appliance Logical Design Considerations Segmented Networks - Layer 2 (e.g. VLAN) and Layer 3 (e.g. subnet) Layer 2 Network Layer 2 Network NAT 9300-ENA Line Subnet 10.17.10.0/24 Layer 2 Network Machine 1 Subnet 10.10.10.0/24 Machine 2 Subnet 10.10.10.0/24 25

Segmentation Logical - VLANs Logical Design Considerations Layer 2 network service, VLANs segment a network logically without being restricted by physical connections VLAN established within or across switches Data is only forwarded to ports within the same VLAN Devices within each VLAN can only communicate with other devices on the same VLAN Segments traffic to restrict unwanted broadcast and multicast traffic Software configurable using managed switches Benefits Ease network changes minimize network cabling Simplifies network security management - domains of trust Increase efficiency Drive Controller = VLAN 102 - EtherNet/IP Device = VLAN 10 - VoIP = VLAN 42 - Scanners/Cameras 26

Segmentation - Logical - VLANs Logical Design Considerations Layer 2 VLAN Trunking Independent of physical switch location Logically group assets by type, role, logical area, physical area or a hybrid of these Devices communicate as if they are on the same physical segment no re-cabling required Software configurable using managed switches A Layer 3 device (Router or Layer 3 switch) is required to forward traffic between different VLANs Inter-VLAN routing VLAN 10 VLAN 102 VLAN 42 27

Segmentation - Logical - VLANs Logical Design Considerations Multi-Layer Switch Layer 2 VLAN Trunking Layer 3 Inter-VLAN routing Layer 3 Switch Layer 2 Network Multiple VLANs Layer 2 Network Multiple VLANs Drive Drive HMI Controller HMI Controller = VLAN 102 EtherNet/IP Device = VLAN 102 EtherNet/IP Device = VLAN 10 - VoIP = VLAN 10 - VoIP = VLAN 42 Scanners/Cameras = VLAN 42 Scanners/Cameras 28

Segmentation - Logical - VLANs Logical Design Considerations Cell/Area Zone #1 VLAN 10 Subnet 10.10.10.0/24 I/O Controller VFD HMI Multiple VLAN Routing on Stratix 8000 (REP) Ring Safety I/O HMI Controller Drive Cell/Area Zone #2 VLAN 20 Subnet 10.20.10.0/24 Stratix 8000 (Layer 2) Switches Management VLAN VLAN 50 Subnet 10.50.10.0/24 VFD Drive I/O I/O Catalyst 3750 StackWise Switch Stack HMI Cell/Area Zone #3 VLAN 30 Subnet 10.30.10.0/24 Cell/Area Zone #4 VLAN 40 Subnet 10.40.10.0/24 Controller Servo Drive I/O Controller I/O I/O Industrial Zone Cell/Area Zones Levels 0 2 HMI Servo Drive VFD Drive 29

Physical Layer Design Considerations Design and implement a robust physical layer Environment Classification - MICE More than cable Connectors Patch panels Cable management Grounding, Bonding and Shielding (noise mitigation) Standard Physical Media Wired vs. Wireless Copper vs. Fiber UTP vs. STP Singlemode vs. Multimode SFP LC vs. SC Standard Topology Choices Switch-Level & Device-Level LAN Troubleshooting Guide Industrial Ethernet Physical Infrastructure Reference Architecture Design Guide ODVA Guide Fiber Guide ENET-TD003 Cable Selection ENET-WP007 30

Unified Physical Infrastructure Physical Layer Design Considerations Solve industrial challenges with the future in mind Align Converge Optimize Plant-Floor: Industrial Automation Solution Building: Enterprise Solution Office: Data Center Solution 31

Network Infrastructure Physical Layer Design Considerations IN-FIELD IN-ROUTE Copper Cabling Systems Fiber Cabling Systems IN-PANEL IN-ROOM IN-FRASTRUCTURE Grounding & Bonding Systems Cable Management Cable Ties and Accessories Fiber Routing Systems Zone Cabling Systems Managed Network Systems Cabinets & Rack Systems Identification Solutions 32

Network Distribution Installation Pitfalls Physical Layer Design Considerations Installation is critical for system performance, security and testability. 33

Environmental Focus - M.I.C.E. Physical Layer Design Considerations ncreased Environmental Severity TIA 1005 Office Industrial M.I.C.E. provides a method of categorizing the environmental classes for each plant Cell/Area zone. This provides for determination of the level of hardening required for the network media, connectors, pathways, devices and enclosures. The MICE environmental classification is a measure of product robustness: Specified in ISO/IEC 24702 Part of TIA-1005 and ANSI/TIA-568-C.0 standards Examples of rating: 1585 Media : M 3 I 3 C 3 E 3 M12: M 3 I 3 C 3 E 3 RJ-45: M 1 I 1 C 2 E 2 34

Validated Building Blocks Physical Layer Design Considerations Simplifying S fpanel network Network Zone Enclosure Micro DataSolutions Center Control Building Block forforrisk, Robust, Secure, Building Block Enterprise to Mitigate EMI noise save space infrastructure from Scalable Network Distribution Plant-Floor Convergence and optimize EtherNet/IP Enterprise to connectivity Plant Leverage Reference Architecture & Validated Building Blocks to Speed Deployment and Reduce Risks 35

Control Panel Networking Physical Layer Design Considerations CONTROL PANEL TOO CROWDED FOR CONVERGENCE-READY NETWORK SWITCH? No room for deploying fiber or copper drops? Concerns about high voltage, arc flash risks? Need to improve manageability? 41

Control Panel Networking Physical Layer Design Considerations USE PANDUIT NETWORK ZONE ENCLOSURE APPROACH 1. Mount Integrated Zone Enclosure- robust, secure, tested 2. Distribute copper or fiber to panel 3. Use DIN Patch box to patch to devices in panel 42

IN-FRASTRUCTURE - Grounding/Bonding Physical Layer Design Considerations For the Data Center For Control Panels Reduce risks of noise coupling at every level with robust, structured grounding/bonding 43

Fiber Optic Infrastructure Planning Physical Layer Design Considerations Joint application guide Increase the integrity and availability of EtherNet/IP networks with fiber solutions from trusted partners! ENET-TD003 44

Polymer Coated Fiber: Physical Layer Design Considerations Electrician Friendly Termination - Crimp and Cleave! 47

Defense-in-Depth - Physical Security Physical Layer Design Considerations Keyed solutions for copper and fiber Lock-in, Blockout products secure connections 48

Design/Spec Tools Physical Layer Design Considerations Design Micro Data Centers in Visio and paste BOM into Proposalworks! 49

Network Distribution Simplification Physical Layer Design Considerations Robust, Secure, Future-Ready Network Distribution BEFORE Challenges: Scalability issues Diagnostics & troubleshooting Evolving cable management AFTER Solutions: Building block approach Media selection & security Cable routing 50

Summary Physical Layer Design Considerations Planning and installing physical infrastructure based on standards, best practices and reference architectures will result in higher availability, integrity and Because performance Network Need help? Leverage Ecosystem partners: Infrastructure Rockwell Automation Network and Security Services Matters!! Panduit Certified Installers Fluke Networks training Vision Strategy Execution 51

Testing Considerations Common Network Infrastructure Assets Enterprise IT Network Engineers Distributed and handheld LAN and WAN test and analysis solutions Datacom Installers Copper and fiber cable certification and troubleshooting Communication networks testing Control & Automation Engineers Networks solutions from deployment, to troubleshooting, testing, verification 52

The Network is Slow Testing Considerations Top hosts, conversations, protocols Voice Virus Hacking Multicast DNS Peer-to-peer Worms What s really happening on my network? 53

Real World Example Testing Considerations 54

Real World Example Testing Considerations 55

Real World Example Testing Considerations 56

What is important? Testing Considerations Troubleshoot copper, fiber and wireless LANs Verify the quality of new and migratory copper and fiber links Provide advanced diagnostics to pinpoint faults of network failure Detect and solve security, coverage, and interference problems on WiFi Solve a wide range of physical and network layer problems fast Guarantee network performance in new and existing networks Measure end-to-end Ethernet performance Monitor plant-wide network performance Provide 100% capture with instant identification of server vs. network problems Proper cabling + error free network communications = Healthy Network 57

Best Practices Processes Testing Considerations Planning & Documenting Standards Documentation & baselines Have a documented plan - what, who, and how Problem Prevention Prevent problems before they happen Do s and Don ts for end-users Testing and certification Early Problem Detection Network monitoring Periodic audits (update baselines) Centralized help desk Follow a troubleshooting methodology 58

Troubleshooting Methodology Testing Considerations Step 1 - Collect Information Step 2 - Localize & Isolate the Problem Step 3 - Correct the Problem Step 4 - Verify Problem Resolution Step 5 - Document What You Did 59

Cable Test Configurations Testing Considerations Perform channel testing with user cords connected Performance specified for an application; transmission medium between transmitter and receiver Channel performance for installed cabling Maintenance testing of end-to-end cabling of a network Perform permanent link testing of installed cabling Specify Permanent Link performance for installed cabling Installation certification and Warranty service Perform patch cord testing The test limits are significantly more stricter for patch cord testing than channel testing. For ring and linear topology today use channel testing Compliant Permanent Link + Compliant Patch Cords = Compliant Channel 60

Cabling Infrastructure Tools Testing Considerations Copper Certification Testing & Troubleshooting Used by cabling contractors and installers Certify each copper link at installation Quickly test to performance standards and document work Qualify cabling performance & easily locate faults, opens & mis-wires Fiber Certification Testing & Troubleshooting Used by fiber installers and network technicians Certify each fiber link at installation and during unified migrations Quickly test to basic/extended performance standards Verify the quality of new fiber links with graphical traces Troubleshoot quickly to distance to failures and reflectance, such as breaks & faults Network Installation Tools Used by cabling installers and technicians Installation tools to cut, strip and terminate copper connections. Ergonomic and rugged for long life 61

Network Troubleshooting Testing Considerations Switch Issues Port Problems Authentication Cable Faults VLAN Validation Device Issues DHCP Problems Availability Cable Faults Multicast Traffic Device Discovery Upstream Fault 62

Network Solutions Testing Considerations Plant-wide tools (wired/wireless) Intuitive, integrated solutions for LANs and WLANs Solve problems from application performance to connectivity Network monitoring Back-in-Time packet capture and analysis Troubleshoot real-time applications including voice/video Application Performance Management 63

Wi-Fi Troubleshooting Testing Considerations The 2.4GHz and 5GHz RF represent the physical layer for 802.11 wireless LANs 2.4GHz 802.11b/g and 5GHz 802.11a Not just 802.11 WiFi devices use these frequencies Bluetooth, analog video cameras, cordless phones, microwave ovens, motion sensors, florescent lights Bluetooth Radar Other Wi-Fi Networks The RF environment for good WiFi performance Relatively free of interfering 802.11 and non- 802.11 devices Adequate signal strength over the target coverage area 2.4/5 GHz Cordless Phones Microwave Ovens 64

Wireless Solution Portfolio Testing Considerations Planning AirMagnet Planner AirMagnet Enterprise 24x7 Performance & Security Deployment & Verification AirMagnet Survey Wired/WiFi Analysis Troubleshooting & Interference Spectrum Analysis WLAN Test & Analysis OptiView XG Portable Analyzer OneTouch AT Network Assistant AirMedic USB AirMagnet Spectrum XT AirCheck Wi-Fi Tester AirMagnet WiFi Analyzer AirMagnet VoFi Analyzer 65

Plant-Floor and Enterprise Requirements Similarities and Differences Enterprise (IT) Requirements So, what are the similarities and differences? Plant-Floor (Industrial) Requirements 66

Plant-Floor and Enterprise Requirements Similarities and Differences Plant-Floor Requirements Network Technology Standard IEEE 802.3 Ethernet and proprietary (non-standard) versions Standard IETF Internet Protocol (IPv4) and proprietary (non-standard) alternatives Industrial application layer protocols - e.g. CIP, Modbus TCP Local Area Network (LAN); smaller frames for control traffic Network availability Switch-Level and Device-Level Topologies Ring Topology is predominant for both, Redundant Star for switch topologies is emerging Standard IEEE, IEC and vendor specific Layer 2 resiliency protocols Enterprise Requirements Network Technology Standard IEEE 802.3 Ethernet Standard IETF Internet Protocol (IPv4 and IPv6) Standard application layer protocols e.g. SNMP, DNS, RTP, SSH Wide Area Network (WAN) and LAN; larger packets and frames Network availability Switch-Level topologies Redundant Star Topology is predominant Standard IEEE, IETF, and vendor specific Layer 2 and Layer 3 resiliency protocols 67

Plant-Floor and Enterprise Requirements Similarities and Differences Plant-Floor Requirements Switches Managed and Unmanaged Layer 2 is predominant Traffic types Information, control, safety, motion, time synchronization, energy management Performance Low Latency, Low Jitter Data Prioritization QoS Layer 2 & 3 IP Addressing Static Security Emerging: open by default, must close by configuration and architecture Inconsistent industrial security policies Enterprise Requirements Switches Managed Layer 2 and Layer 3 Traffic types Voice, Video, Data Performance Low Latency, Low Jitter Data Prioritization QoS Layer 3 IP Addressing Dynamic Security Pervasive Strong policies 68

Plant-Floor and Enterprise Requirements Similarities and Differences Plant-Floor Requirements Wireless Autonomous point solutions Mobile equipment (emerging) and personnel (prevalent) Computing Industrial Hardened Panel Mount Computers and Monitors Desktop Notebook 19 Rack Server Virtualization Emerging, becoming prevalent Environment Plant-floor Control Room Enterprise Requirements Wireless Centrally managed and autonomous Mobile personnel BYOD Guest access Computing Desktop, Notebook Tablets 19 Rack Server and Blade Server Unified Computing Systems (UCS) Virtualization Widespread Environment Data Center Data Communication Closet IDF - Intermediate Distribution Frame 69

Plant-Floor and Enterprise Requirements Switching - Similarities and Differences Industrial Ethernet Switches Industrial hardened Panel or DIN mount Managed or unmanaged IT Switches Campus, Data Center 19 rack mount e.g. 1RU Managed 70

Plant-Floor and Enterprise Requirements Policies - Similarities and Differences Focus Precedence of Priorities Types of Data Traffic Access Control Implications of a Device Failure Threat Protection Upgrades Plant-Floor Network 24/7 Operations, High OEE Availability Integrity Confidentiality Converged Network of Data, Control, Information, Safety and Motion Strict Physical Access Simple Network Device Access Production is Down ($$ s/hour or Worse) Isolate Threat but Keep Operating Scheduled During Downtime Enterprise Network Protecting Intellectual Property and Company Assets Confidentiality Integrity Availability Converged Network of Data, Voice and Video Strict Network Authentication and Access Policies Work-around or Wait Shut Down Access to Detected Threat Automatically Pushed During Uptime 71

Organizational and Cultural Convergence Plant-Floor and Enterprise Requirements IT and Plant-Floor Engineering collaboration and sharing of best practices on: Standardization of design and technology System architecture design Protocols and services Service and support models Industrial Security Policy Consult reference architectures, reference models and industry standards: Network Segmentation Network services Domains of Trust An open, two-way dialogue is critical! 72

Converged Plantwide Ethernet (CPwE) Plant-Floor and Enterprise Requirements Plant-Floor and Enterprise network convergence Plant engineer and IT network engineer collaboration Plant-wide EtherNet/IP Architectures Hierarchical segmentation Scalability Resiliency Traffic management Policy enforcement Security policies Defense-in-depth Secure remote access ERP, Email, Wide Area Network (WAN) Patch Management Remote Gateway Services Application Mirror AV Server FactoryTalk Application Servers View Historian AssetCentre, Transaction Manager FactoryTalk Services Platform Directory Security/Audit Data Servers Drive Controller HMI I/O Cell/Area Zone #1 Redundant Star Topology Flex Links Resiliency Remote Access Server I/O Gbps Link for Failover Detection Firewall (Active) Catalyst 6500/4500 Rockwell Automation Stratix 8000 Layer 2 Access Switch Controller I/O Firewall (Standby) Cisco ASA 5500 Catalyst 3750 StackWise Switch Stack HMI Drive Cell/Area Zone #2 Ring Topology Resilient Ethernet Protocol (REP) Demilitarized Zone (DMZ) Cisco Catalyst Switch I/O Cell/Area Zone #3 Bus/Star Topology Enterprise Zone Levels 4 and 5 Plant Firewall: Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Terminal Server proxy Industrial Zone Site Operations and Control Level 3 Network Services DNS, DHCP, syslog server Network and security mgmt HMI Cell/Area Zones Levels 0 2 Controller Drive 73

Common Network Infrastructure Assets Enterprise (IT) Network Convergence Campus network framework for structure and hierarchy best practices Unified communications for mobility and collaboration Voice, video & data Unified computing systems for server, switch and firewall virtualization Integration with Cisco and IT network management applications Resiliency and availability features REP, Flex Links, HSRP, StackWise Integrated catalyst network security 74

EtherNet/IP Advantage Summary Single Network Technology for: Discrete Control, Process Control, Batch Control, Configuration, Information/Diagnostics, Safety Control, Time Synchronization, Motion Control and Energy Management Established 300+ Vendors, over 5,000,000 nodes ODVA: Cisco Systems and Rockwell Automation are principal members Supported All EtherNet/IP products require conformance testing Standard IEEE 802.3 Ethernet and IETF TCP/IP Protocol Suite IT friendly Future-ready Sustainable; Industry Standards Topology & Media Independent flexibility and choice Portability and Routability Physical layer and data link layer independence; seamless data forwarding Common industrial application layer protocol DeviceNet, ControlNet and EtherNet/IP Seamless bridging throughout CIP networks 75

Additional Material ODVA Website: http://www.odva.org/ Media Planning and Installation Manual http://www.odva.org/portals/0/library/publications_numbered/pub00148r0_etherneti P_Media_Planning_and_Installation_Manual.pdf Network Infrastructure for EtherNet/IP: Introduction and Considerations http://www.odva.org/portals/0/library/publications_numbered/pub00035r0_infrastruct ure_guide.pdf Device Level Ring http://www.odva.org/portals/0/library/cipconf_agm2009/2009_cip_networks_conference_tec hnical_track_intro_to_dlr_ppt.pdf The CIP Advantage http://www.odva.org/default.aspx?tabid=54 76

Additional Material Rockwell Automation Networks Website: http://www.ab.com/networks/ EtherNet/IP Website: http://www.ab.com/networks/ethernet/ Media Website: http://www.ab.com/networks/media/ethernet/ Embedded Switch Technology Website: http://www.ab.com/networks/switches/embedded.html Publications: ENET-AP005-EN-P Embedded Switch Technology Manual ENET-UM001G-EN-P EtherNet/IP Modules in Logix5000 Control Systems. provides connection and packet rate specs for modules 1783-UM003 Stratix 8000 and Stratix 8300 Ethernet Managed Switches User Manual ENET-WP0022 Top 10 Recommendations for plant-wide EtherNet/IP Deployments ENET-RM002A-EN-P Ethernet Design Considerations Reference Manual ENET-AT004A-EN-E Segmentation Methods within the Cell/Area Zone ENET-RM003A-EN-P Embedded Switch Technology Reference Architectures Network and Security Services Website: http://www.rockwellautomation.com/services/networks/ 77

Additional Material Fluke Networks Fluke Networks Websites www.flukenetworks.com www.flukenetworks.com\industrial www.flukenetworks.com\knowledgebase Frontline troubleshooting best practices http://www.flukenetworks.com/fnet/en-us/findit?document=9822807 Frontline LAN Troubleshooting Guide http://networking.flukenetworks.com/?elqpurlpage=258&document=3331616 Industrial Ethernet Resource Portal https://admin.acrobat.com/ieportal 78

Additional Material Panduit Corp Panduit Corp. Website: http://www.panduit.com/ Industrial Automation Solutions: http://www.panduit.com/solutions/industrialautomation/index.htm Industrial Automation Product Systems Brochure Industrial Communication Solutions Interactive Roadmap 79

Additional Material Panduit, Cisco, Rockwell Automation Collaboration Plant-wide EtherNet/IP Ecosystem Partners Website Fiber Optic Infrastructure Application Guide ENET-TD003 80

Additional Material Cisco and Rockwell Automation Alliance Websites http://www.ab.com/networks/architectures.html Design Guides Converged plant-wide Ethernet (CPwE) Application Guides Fiber Optic Infrastructure Application Guide Education Series http://www.ab.com/networks/architectures.html Whitepapers Top 10 Recommendations for plant-wide EtherNet/IP Deployments Securing Manufacturing Computer and Controller Assets Production Software within Manufacturing Reference Architectures Achieving Secure Remote Access to Plant-Floor Applications and Data 81

Additional Material Cisco and Rockwell Automation Alliance Education Series Webcasts What every IT professional should know about Plant-Floor Networking What every Plant-Floor Engineer should know about working with IT Industrial Ethernet: Introduction to Resiliency Fundamentals of Secure Remote Access for Plant-Floor Applications and Data Securing Architectures and Applications for Network Convergence IT-Ready EtherNet/IP Solutions Available Online http://www.ab.com/networks/architectures.html 82

Additional Material Network Sessions Fundamentals of EtherNet/IP Networking Designing the Physical Layer for EtherNet/IP Plant-floor and Enterprise Network Convergence Networking Design Considerations for Real-Time EtherNet/IP Performance Fundamentals of Network Resiliency and Redundancy for EtherNet/IP Fundamentals of Securing EtherNet/IP Networks 83

Additional Material Network Sessions Knowledge Network Virtual Learning Series for Partners April 20 th, 2010: Fundamentals of EtherNet/IP Networking April 27 th, 2010: Designing the Physical Layer for EtherNet/IP May 4 th, 2010: Fundamentals of Securing EtherNet/IP Networks May 11 th, 2010: Networking Best Practices for Real-Time- EtherNet/IP Performance May 18 th, 2010: Fundamentals of Network Resiliency and Redundancy for EtherNet/IP July 13 th, 2010: IT-Ready EtherNet/IP Network Solutions August 10 th, 2010: Physical Layer Reference Architectures for EtherNet/IP 84

Additional Material Network Sessions NIS01 Designing the Physical Layer for EtherNet/IP NIS02 Fundamentals of Securing EtherNet/IP Networks NIS03 Scalable Secure Remote Access Solutions NIS06 Fundamentals of EtherNet/IP NIS08 EtherNet/IP Network Design Fundamentals NIS09 EtherNet/IP Layer 3 Networking Capabilities NIS10 Designing EtherNet/IP Machine-Level Networks NIS11 Understand and Implement High Availability Methods 85

Thank you for participating! Please remember to tidy up your area for the next session. Plant-wide Network Infrastructure Workshop 14 - Automation Fair 2012 Follow ROKAutomation on Facebook & Twitter. Connect with us on LinkedIn. www.rockwellautomation.com