Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing & IT Network Convergence Bryce Barnes - Cisco Systems Vertical.

Published byNelson Kelly Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing & IT Network Convergence Bryce Barnes - Cisco Systems Vertical."— Presentation transcript:

1 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing & IT Network Convergence Bryce Barnes - Cisco Systems Vertical Solution Architect-Manufacturing Gregory Wilcox - Rockwell Automation Networks Business Development Manager Reference Architectures for Manufacturing © 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.

2 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Cisco At A Glance Annual Sales: $40 billion World Headquarters: San Jose, California Trading Symbol: csco Employees: About 67,000 Global Presence R&D: $4.5 Billion Annually The world leader in networking for Internet, Enterprise, Home, and Industry… Changing the way people work, live, play, and learn

3 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Rockwell Automation At A Glance Annual Sales: $5.5 billion World Headquarters: Milwaukee, Wisconsin, USA Trading Symbol: ROK Employees: About 20,000 Serving customers in 80+ countries Leading global provider of industrial automation control and information solutions

4 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing and Enterprise Network Convergence Manufacturing Plantwide Systems Business Enterprise Systems Suppliers Customer Demand Supply Chain Integration Flexible Manufacturing Lower Total Cost of Ownership | Faster Time to Market | Better Asset Optimization | Broader Risk Management 4

5 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Converged Ethernet Manufacturing Network Model Corporate Network Traditional – 3 Tier Manufacturing Network Model Corporate Network Convergence of Control and Information 5 Sensors and other Input/Output Devices Motors, Drives Actuators Supervisory Control Robotics Back-Office Mainframes and Servers (ERP, MES, etc.) Office Applications, Internetworking, Data Servers, Storage Human Machine Interface (HMI) Sensors and other Input/Output Devices Controller Motors, Drives Actuators Supervisory Control Robotics Back-Office Mainframes and Servers (ERP, MES,etc.) Office Applications, Internetworking, Data Servers, Storage Control Network Gateway Human Machine Interface (HMI) Controller Manufacturing Network Convergence

6 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing and Enterprise Network Convergence Manufacturing Network Requirements –Industrial Protocols –Topologies, Resiliency & Industrial Environments –Determinism, Latency, Jitter, etc. –Motion Control & Safety –IP Addressing - static Enterprise Network Requirements –High Availability –Determinism, Latency, Jitter, etc. –Voice, Video, Data applications –Security Network Design & Management –Ease of use –Reference models & network designs

7 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Cultural and Organizational Convergence Security PoliciesIT NetworkControls Network Focus Protecting Intellectual Property and Company Assets 24/7 Operations, High OEE Priorities Confidentiality Integrity Availability Integrity Confidentiality Types of Data Traffic Converged Network of Data, Voice and Video Converged Network of Data, Control, Information, Safety and Motion Access Control Strict Network Authentication and Access Policies Strict Physical Access Simple Network Device Access Implications of a Device Failure Continues to OperateCould Stop Operation Threat Protection Shut Down Access to Detected Threat Potentially Keep Operating with a Detected Threat Upgrades ASAP During Uptime Scheduled During Downtime

8 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Cultural Convergence – Common Tools Device Manager Command Line Interface Cisco Network Assistant RSLogix 5000, Add-on Profile FactoryTalk View, Faceplates

9 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Cisco and Rockwell Automation, working together Copyright © 2008 Rockwell Automation, Inc. All rights reserved. 9 To-Date: Board members of ODVA Active in ISA security and wireless committees Board members of ODVA Active in ISA security and wireless committees Common Technology View Support use of open, unmodified standards, with intelligent networking features in automation networks through ODVA, ISA and others Collaborating on Reference Architectures Available now, free for download Tested and Validated design and implementation guidance and best practices for a converged network architecture People and Process Optimization Educational seminars, white papers and events Develop process guidelines for help with convergence, facilitate training and dialogue with IT and Manufacturing Joint Product Collaboration Stratix 8000™ switches Developed Industrial Ethernet switches incorporating the best of Cisco and the best of Rockwell Automation

10 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Reference Architectures for Manufacturing A set of tested and validated design and implementation best practices Common reference and common language for IT and manufacturing Education Series “With this implementation guide, for the first time IT and manufacturing professionals can share a common document for planning a converged IP network including the factory floor and automation equipment.” – Harry Forbes, ARC Advisory Group “With this implementation guide, for the first time IT and manufacturing professionals can share a common document for planning a converged IP network including the factory floor and automation equipment.” – Harry Forbes, ARC Advisory Group

11 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Approach to Industrial Ethernet Network Designs Understand application and functional requirements –Devices to be connected –Communication patterns, resiliency requirements –Types of traffic – Safety, Motion control, etc.? Develop a logical framework – define zones –Place applications and devices in the framework based on requirements Define segmentation Determine security requirements

12 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing Framework No Direct Traffic Flow from Enterprise to Manufacturing Zone Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Terminal Services Patch Management AV Server Historian Mirror Web Services Operations Application Server Router Enterprise Network Site Business Planning and Logistics NetworkE-Mail, Intranet, etc. FactoryTalk Application Server FactoryTalk Directory Engineering Workstation Domain Controller FactoryTalk Client Operator Interface FactoryTalk Client Engineering Workstation Operator Interface Batch Control Discrete Control Drive Control Continuous Process Control Safety Control SensorsDrivesActuatorsRobots Enterprise Zone DMZ Manufacturing Zone Cell/Area Zone Web E-Mail CIP Firewall Site Manufacturing Operations and Control Area Supervisory Control Basic Control Process

13 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Reference Architectures for Manufacturing Gbps Link for Failover Detection Firewall (Active) Firewall (Standby) Layer 3 Router Layer 3 Switch Stack Layer 2 Switch Drive Controller Drive HMI Controller Drive HMI Distributed I/O Level 0–2 HMI Cell/Area #1 (Redundant Star Topology) Cell/Area #2 (Ring Topology) Cell/Area #3 (Bus/Star Topology) Cell/Area Zone Manufacturing Zone Level 3 Demilitarized Zone (DMZ) Enterprise Zone Levels 4 and 5 Windows 2003 Servers Remote desktop connection VPN FactoryTalk Application Servers View Historian AssetCentre Transaction Manager FactoryTalk Services Platform Directory Security Data Servers Network Services DNS, DHCP, syslog server Network and security management Design guidance –Methodology – built on Industry Standards –Best practices and recommendations –Documented configuration settings –Tested with Industrial Applications –Cisco “Validated” network design “Future-ready” network foundation –CIP Safety, CIP Sync, CIP Motion –Voice, Video

14 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing and Enterprise Security Design Physical Security – limit physical access to authorized personnel: areas, control panels, devices, cabling, and control room – escort and track visitors Network Security – infrastructure framework – e.g. firewalls with intrusion detection and intrusion prevention systems (IDS/IPS), and integrated protection of networking equipment such as switches and routers Computer Hardening – patch management, antivirus software as well as removal of unused applications, protocols, and services Application Security – authentication, authorization, and audit software Device Hardening – change management and restrictive access

15 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing and Enterprise Security Design Security Services Must Not Compromise Operations of the Cell/Area Zone Cisco Cat. 3750 StackWise Switch Stack Level 0—Process Level 1—Basic Control Level 2—Area Supervisory Control Level 3—Site Manufacturing Operations and Control DMZ Web, Application, Database Servers Backup Historians ASA 5500 Cisco Cat. 6500/4500 HMI FactoryTalk View PAC DriveDistributed I/O Standard DMZ Design Best Practices VLANs ACLs Firewall IPS Network Infrastructure Protection, ACLs Layer 2 Security, Port Security CS-MARS, CSA, ASDM and CSAMC HMI Controller Hardening, Physical Security FactoryTalk Service & Application Security VLANs Segmenting Domains of Trust Comprehensive Network Security Model for Defense in Depth - Security is not a bolt-on component –Manufacturing Security Policy –Demilitarized Zone –Firewalls to defend the manufacturing edge –Protect the interior –Endpoint Hardening –Segment into Domains of Trust –Physical Security –Security Management, Analysis, & Response –Remote/Guest Access Policy, with robust & secure implementation

16 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Best Practices for Network, Technology and Cultural Convergence IT and Manufacturing collaboration on –System architecture design –Service and support models –Manufacturing Security Policy Standardization of design & technology Consult reference architectures & standards –Network Segmentation –Domains of Trust Communicate to IT what protocols and services are being used –TCP/UDP, Managed/Unmanaged switches, Multicast, IP addressing, VLANs, QoS? Communicate to Manufacturing the needs of IT Emergence of Manufacturing IT An open, two-way dialog is critical!

17 © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Thank you! © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. http://www.ab.com/networks/architectures.html http://www.cisco.com/web/strategy/manufacturing/cisco-rockwell_automation.html

Download ppt "© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Manufacturing & IT Network Convergence Bryce Barnes - Cisco Systems Vertical."

Similar presentations

Introducing Campus Networks

Introducing Campus Networks
Intelligent Networked Manufacturing - Ethernet to the Factory Christian Schwaiger Business Development Manager April 2006.

Intelligent Networked Manufacturing - Ethernet to the Factory Christian Schwaiger Business Development Manager April 2006.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Information Security in Real Business

Information Security in Real Business
Wi-Fi Structures.

Wi-Fi Structures.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC - 5058-CO900G Electrical Controls Engineering Career Paths University of.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC CO900G Electrical Controls Engineering Career Paths University of.
© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. Subsidiaries and affiliates of AT&T.

© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. Subsidiaries and affiliates of AT&T.
Vision/Benefits/Introduction Randy Armstrong (OPC Foundation)

Vision/Benefits/Introduction Randy Armstrong (OPC Foundation)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Routing and Switching in the Enterprise – Chapter 1 Networking.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Routing and Switching in the Enterprise – Chapter 1 Networking.
© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Jeffrey A. Shearer, PMP Principal Security Consultant Network and Security.

© 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Jeffrey A. Shearer, PMP Principal Security Consultant Network and Security.
Network Techlab (India) Pvt. Ltd.

Network Techlab (India) Pvt. Ltd.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Similar presentations

Ads by Google