industry 4 network design and security - peter brown

Network DesignIndustry 4.0 and Security

siemens.comUnrestricted© Siemens AG 2016

Unrestricted © Siemens AG 2016June 2016 Peter Brown

Ethernet Network Design

Product

design

Production

planning

Engineering

Production

Digital workflow

Service


Global Trends / Industry 4.0

Track & TraceGlobalizationThe world isconnectedBig data

Maximumtransparency

throughout theentire valueadded chain

OptimizeProduction

Logistic

Reliablecommunication

for WAN

Enable industrialcommunication

to cope withincreasing

amount of data

Establishsecurity

mechanisms tocontrol the opencommunicationwhere needed

Industryrequirements

Manage to findone concept for

industrialcommunication

Solutionorientation

Individuali-zation

Offer a completesolution packageincluding serviceto the customer

Enable endcustomers to

react flexible withour solution on

the marketrequirementsC

halle

nge

Tren

d


All Industry Sectors

For all industries … … and for all regions

Process DiscreteHybrid

Win

dpo

wer

Tran

spor

tatio

n

E-C

ar

Elec

tron

ics

Aut

omot

ive

Gla

ss&

Sola

r

Phar

mac

eutic

als

Food

&B

ever

age

Met

al&

Min

ing

Cem

ent

Pulp

&Pa

per

Che

mic

als

Oil

&G

as

Wat

er

Ref

iner

y

Elec

tric

Pow

er

Industrial networksIndustrial networks

Discrete automationDiscrete automationProcess automationProcess automation


Customer requirements for industrial networks

RobustnessHigh temperatures, rugged environments- Fan less switches (dusty environment etc.), FastConnect cables

FlexibilityChanging production layouts at the shop floor- Modularity, different interfaces for electrical or optical connections

High AvailabilityRing redundancy e.g. with MRP, HSR, PRP,…- Quick and easy replacement with C-Plug (transfer config to new device)

DeterminismSynchronization of several drives in one machine- Wired as well as wireless

Moving UnitsAutomated guided vehicles, monorails, cranes- IWLAN RCoax Cable for durable wireless connection during movement

SafetyEmergency shutdown over PROFINET- Wired as well as wireless

SecurityRemote administration for machine vendors, Firewall, DMZ- One security module for office and automation requirements

Outdoor

Warehouse

Production


PROFINET provides increased flexibility, efficiency, and performance

PROFINET is the right solution for every application

Industrial Wireless LAN

Safety

Flexible topologies

Expandability

Web tools

Open standard

Tailor-made plant concepts

Flexibility

Easy cabling

One cable for all purposes

Device/network diagnostics

Energy efficiency

Optimal use of resources

Fast device replacement

Ruggedness/stability

Easy cablingEasy cabling

Efficiency

Media redundancy

Large quantity structures

High transmission rate

Speed

High precision

Increased productivity

Fast start-up

Performance


Merging of automation and IT

Totally IntegratedAutomationPortal

RT / IRT data Other TCP-data Quality gathering data Video

Network load

Long-term development of plants‘ network load

High data volume through- Acquisition of quality data- High resolution videos- Web services- Cloud-connectionparallel to real-time data (RT/IRT).

Can cause… overloads on single ports... lower plant availabilityBy reason of defective network designand configuration.


How Do We Draw Our Network?

PROFINET


§ Automation & control§ Hazardous area§ SCADA§ 24/7 operation§ Motion control§ Wireless communication§ General IT§ File transfers§ Voice§ Video§ Network physical distance

§ Data quality§ Reserved bandwidth§ Confidential information§ Email / instant messaging§ Trending / archiving§ Spanning departments§ Printing§ Remote access§ Billing / invoicing§ Track & trace§ Product individualisation

What does the network need to do?

OT Vs IT


OT Vs IT

Industry:Location – Rough environmentInstallation – Plant maintenanceTopology – Plant specific, variedAvailability – Network downtimes <300mSDevice density – Low, switches with few portsNetwork monitoring – Part of plant monitoring

Office:Location – Air conditioned officesInstallation – Network specialistsTopology – StarAvailability – Minute to hours acceptedDevice density – High, switches with many portsNetwork monitoring – Specially trained IT staff


Example Control & Automation Network


Design Summary

§ Zoning and Security are essential§ VLANs§ Layer 3 switches§ ACL§ Bandwidth reservation§ Network redundancy§ Protection of safety-related systems§ OT team & IT Team cooperation


Security


PI Security Concept

The PROFINET Security ConceptFrom the PROFINET Security Guideline

§ Network Architecture – Security Zones§ Trust Concept – within Zones§ Perimeter Defence – Firewall/VPN§ Provision of Confidentiality and Integrity§ Transparent Integration of Firewalls


Methods of network security

§ Firewall - Protect against unauthorized access

§ VLAN (Virtual Local Area Network) - Logicalnetwork that operates on the basis of a physical network

§ DMZ (De-Militarized Zone) - Exchange datawith external partners via safe areas

§ VPN (Virtual Private Network) - Secure tunnelbetween authenticated users

Complete plant security

Secure automation cells

Internet


Industrial Security

As a minimum:

§ Inherent Safety§ Physical & environmental security§ System hardening§ Application security§ Device hardening§ Network security§ Disaster recovery / mitigation planning


Thank you for your attention!

Peter Brown

Product Specialist

Siemens Customer Service

Email: [email protected]

Mobile: 07808 825551

siemens.com/SINETPLAN