Process Group
100% Canadian owned.
Process Group
100% Canadian owned.
Gary McKenzieGerrie Process Group
& James TaylorRockwell Automation
IoT and The Modern Automation Infrastructure
Networking, Thin Clients, Virtualization, Cloud Technology
Process Group
100% Canadian owned.
Modern Automation Infrastructure:Traditional vs New Approach
Traditional- System Architecture
PROCESS AUTOMATION
SYSTEM
Ethernet/IP
1
PLC/DCS Systems1
1
System Server
• Data Server
• HMI Server
• Security Server
• Alarm Server
3
Application servers
• Batch Server
• Reporting Server
• Historian Server
• Asset Management
4
3 5
Application server
• MES
• Gateway to ERP
5
4
EWS OWS
MES
Clients
Multiple Networks
• I/O
• Discrete Devices
• Process Devices
2
2
Process Group
100% Canadian owned.
Process Group
100% Canadian owned.
Challenges with Traditional Designs
• The traditional design works well, but it is not without its challenges
• Multiple networks require multiple resources to manage them
• System additions can be time consuming
• Must manage multiple PC’s• Each one has an OS
• Requires individual patches and updates
• Different applications require their own dedicated servers
• Server Resources are under utilized
• OS’s change rapidly
• Upgrades get driven by OS support many times
• Upgrades are costly and risky
• Reduced workforce with limited time for resource management
Process Group
100% Canadian owned.
Process Group
100% Canadian owned.
A New Approach
• There are different technologies that address the issues with traditional designs
Clients- Move from FAT to Thin Clients
Servers- Move from physical to virtual servers
Networking- Move from multiple networks to a single standard technology
Copyright © 2014 Rockwell Automation, Inc. All rights reserved.PUBLIC INFORMATION 6
Network SegmentationVirtual Local Area Networks (VLANs)
Layer 2 network service, VLANs segment a network logically without being restricted by physical connections VLAN established within or across switches
Data is only forwarded to ports within the same VLAN Devices within each VLAN can only
communicate with other devices on the same VLAN
Segments traffic to restrict unwanted broadcast and multicast traffic
Software configurable using managedswitches
Benefits Ease network changes – minimize network cabling Simplifies network security management - domains
of trust Increase efficiency
= VLAN 42 - Scanners/Cameras
= VLAN 102 - EtherNet/IP Device
= VLAN 10 - VoIP
Drive
Controller
Copyright © 2014 Rockwell Automation, Inc. All rights reserved.PUBLIC INFORMATION
SegmentationMultiple Network Interface Cards (NICs)
7
Benefits Clear network ownership demarcation line
Challenges Limited visibility to control network devices for
asset management
Limited future-ready capability
Smaller PACs may not support
Benefits Plant-wide information sharing for data
collection and asset management
Future-ready
Challenges Blurred network ownership demarcation line
Isolated networks - two NICs for physical network segmentation
Converged networks – logical segmentation
Converged Network
Shared Layer 2 Network
VLAN 102
Control NetworkLevels 0-2
Plant NetworkLevel 3
Layer 2 Network
Layer 2 Network
Control NetworkLevels 0-2
Plant NetworkLevel 3
Network SegmentationMultiple Network Interface Cards (NICS)
Copyright © 2014 Rockwell Automation, Inc. All rights reserved.PUBLIC INFORMATION
SegmentationMultiple Network Interface Cards (NICs)
8
Benefits Clear network ownership demarcation line
Challenges Limited visibility to control network devices for
asset management
Limited future-ready capability
Smaller PACs may not support
Benefits Plant-wide information sharing for data
collection and asset management
Future-ready
Challenges Blurred network ownership demarcation line
Converged networks - logical segmentation -two NICs for scalability, performance, capacity and flexibility
Layer 2 Network
Segmented (using VLANs), Layer 2 Network
VLAN 103
VLAN 102
Converged Network
Control NetworkLevels 0-2
Plant NetworkLevel 3
Control NetworkLevels 0-2
Layer 2 Network
Plant NetworkLevel 3
Isolated networks - two NICs for physical network segmentation
Network SegmentationMultiple Network Interface Cards (NICS)
Process Group
100% Canadian owned.
Process Group
100% Canadian owned.
Virtualization
• Historically, computer hardware was designed to run a single instance of an operating system.
• Virtualization decouples software from hardware, allowing a single computer to run multiple operating system instances.
What is Virtualization?
Process Group
100% Canadian owned.
Process Group
100% Canadian owned.
Client Side-Remote Desktop Services
• Remote Desktop Services (Formerly known as Terminal Services)
that allowsmultiple independent sessions to be run on the server
to be displayed on a remote client
A Windows server(Server 2008 R2 or Server 2012)
Modern System Architecture
PROCESS AUTOMATION
SYSTEM
Ethernet/IP
APPLICATION
SERVER
CPwE Network Design1
IDC- hosting VMs
• Data Server
• HMI Server
• Security Server
• Alarm Server
3
Application Images
• Batch Server
• Additional HMI Server
• Historian Server
• Asset Management
4
Application Images
• Production reports
• Gateway to ERP
5
2
Virtualized
Industrial Data
Center Multi Function
Thin Clients
PLC/DCS
• Controllers
• I/O
• Smart Devices
2
ZE ZE
ZE ZE
1
3
RD Server
HMI Server
4
Historian
Batch
2
ERP/MES
5
VLAN
VL
AN
Cloud
Modern System Architecture – New Capabilities
ZE ZE
ZE ZE
RD Server
HMI Server
Batch
ERP/MES
VLAN
VL
AN
WLC
Reporting
HistorianInternet
Monitoring
Services
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
PUBLIC
PUBLIC - 5058-CO900H
Modern System Architecture in the CloudSmart, Connected Equipment
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Opportunities for a Connected EnterpriseThe Transformation of Manufacturing
“… The Internet of Things is the third great wave of innovation after Ethernet and the Internet.”
Dr. Elgar Fleisch, Director of the Institute of Technology Management at the University of St. Gallen
Cloud Computing is a disruptive force in Manufacturing
Offers new capabilities, creativity and innovation for this industry
Step change in simplicity and cost of ownership for Manufacturing IT assets
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
What is Cloud Computing?
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Cloud ComputingCloud Deployments Make Sense When…
There is a desire for long-term storage of manufacturing data
Local deployments are difficult
Assets are distributed across broad geographies
Access to data to be shared across corporations
Desire to add higher-level analytics or predictive algorithms
Common requirements are shared by many
Information Technology support costs are too high
There is a lack of local technical resources
“Shadow IT” projects need to be professionally managed
Enterprise data can be “mashed-up” with public or
syndicated data
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
The Transformative Value of IoT in OperationsSaaS Reduces the TCO of and Simplifies Manufacturing IT
17
Fewer SME’sSupporting
More Assets
Business ModelFlexibility
Scale UpScale Down
Security“Zero”
Infrastructureto Support
Service Remote Service and Support
Enhanced customer service
Predictive maintenance
Operations Consumables
Asset and operations performance
Information exchange with your supply chain
Finance OpEX vs. CapEx
Predictable costs
Flexibility
Engineering Minimize manufacturing IT
Product/process design
Scalability
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Managing & Improving your Manufacturing AssetsMoving from traditional software deployment to Software as a Service
Site 2 Site n
Asset PerformanceManagement
Equipment & ProcessBehavior & Optimization
Digital Oil Field
RA Cloud Platform
Security
Object Model
Data Storage
Event Detection & Notification
Workflow
Dashboards, Reports & Analytics
Site 1
Predictive AnalyticsEquipment & Process
CharacterizationModel Development
Predictive Maintenance
Traceability/SerializationRegulatory compliance
Product adulteration controlSupply Chain Traceability
IoTGatewaySecure,
efficient data transfer
❸
❶
❷
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
M2C* Gateway: Secure Data TransferScalable Software Service Tested on Multiple Hardware Platforms
Variety of Hardware Form Factors
Support Multiple Networks & Protocols
LAN, Wireless, Cell, Satellite
GPS Support
Intelligent Data Management
Gateways securely managed via Cloud Platform
Store & Forward, Aggregation, etc.
Data thinning/compression
* Machine-to-Cloud
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Cloud Application PlatformData Model, Objects, Types, Tags, Events, Workflows, Security, Roles, Users
Model for the application
Security associated with unified model
Common set of (web) services
Application services operating against the model
Time Series Services and history storage
Calculation
Scripting
Business Logic – Event Mgmt & Notification
Common UI (property grids, namespace explorer…)
Common clients (Admin, Trend, Excel Integration…)
Cross-platform Thin UI
Workflow execution
System AdminPower User/OwnerUser/Client
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Cross-Platform Visualization
select report propertiesbrowse model hierarchy view current valuesview history trends
Device-Sensitive Client / UI - Mobile Ad-hoc Reporting Application
Quincy
Cheyenne
Chicago
Des Moines
San Antonio
Boynton
Brazil
Dublin
Amsterdam
Shanghai
Hong Kong
Japan
Singapore
Australia
Global scale
Worldwide reach and hyperscale required to bring cloud economic benefits to every business
100+ datacenters
in more than 40 countries
1M+ servers
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Remote Asset Performance ManagementSoftware as a Service Order Components
Application Configuration
Model Development Dashboard Development Business Rule Configuration Workflows
Non-Recurring-Eng Costs Per Site/Asset*
‘Link’ to the Cloud
Cloud Gateway Hardware Cloud Gateway Software APM platform
commissioning
Optional Wireless Hardware GPS Hardware
SaaS Subscription Fee**
Compute & data storage infrastructure
Provisioning additional infrastructure
APM Platform (per Asset) Support SLA
Optional Cellular data contract Rockwell Automation
application support
** Invoiced annually (typically a 3-year or 5-year contract)* Can be built into the subscription service
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900E
PUBLIC INFORMATION
IoT Infrastructure ServicesOverview
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
26
The Connected Enterprise
EXECUTION MODEL
Analytics
Secure, Upgrade
Working Data Capital
Optimize & Collaborate
Assessment
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION 27
Life Cycle Approach to Services and Solutions
ASSESS DESIGN IMPLEMENT VALIDATE MANAGE
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Assessment Service
Assessment Process:
– On site customer collaboration
– Assess all layers of OSI model
• Physical layer
• Logical layer
• Application layer
– Defense in Depth security evaluation
– Assess against industry and company standards
– Deliverables
• Detailed report of findings
• Prioritized critical issues
• Remediation's/suggestions
Standard: on site observational and interview based
Comprehensive: on site technically determined via tools
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Design Service (Wired/Wireless)
Network Design Deliverable Package
Functional Requirements
Bill of Material
Cable Selection
Physical Hardware Connectivity
Access and Distribution Layer Topology
Physical Layer Drawings
VLANs
Addressing schema
Switch and Network Configuration
Redundancy
Remote Access
Security
Standard: logical and physical conceptual design
Comprehensive: detailed logical, physical with ports and protocols design
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Implementation Services
Implementation Package
Procurement
Configuration
Installation
Testing
Start Up
Transition to Support
Turn Key Projects: Based on RA Design Service
Pre-Engineered Solutions: Industrial Data Center, Zone Enclosures, Secure Remote Access
Custom: based on the role you need RA NSS to play (materials, labor, project mgmt)
Leverage the Power of Rockwell Automation Partnerships
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Validation Service
Validation Deliverable Package
• Audit current architecture compared to
governing body (ODVA, IEEE, ANSI,
TIA, ISA-95)
• Audit security program compared to
governing body (NERC CIP, ISA-99,
NIST 800-53, NIST 800-82)
Standard: known industry standard
Custom: customer specific standard
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Scalable Infrastructure SupportManaged Services
Infrastructure Support
Secure Remote Access
System Monitoring
System Management
32
Val
ue
Remote Support Services
Support has Certified personal on staff
• CCNP (Cisco Network Professional)
• CCNA (Cisco Network Associate)
• CCNA Security (Cisco Security)
• CCENT (Entry Network Technician)
• VMware Certified Associate
• VMware Certified Professional
One number to call for support…
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
Security ServicesApplying Defense in Depth to Industrial Control Systems
No single product, technology or methodology can fully
secure Industrial Control System (ICS) applications
Protecting assets requires a defense-in-depth security
approach to address internal and external security
threats
Rockwell partners & collaborates with market leading
experts to deliver comprehensive solutions for our
customers
Process Group
100% Canadian owned.
Process Group
100% Canadian owned.
• Questions?
• Your Feedback is important to us!
• E-mail survey will be sent out
• Looking for feedback on this event
• Looking for feedback on future IoT topics
• Network Design/Switching Technology
• Security
• Wireless/Mobility
• Managed Service Offerings/ Cloud Infrastructure
Thank You!