- Количество слайдов: 17
Manufacturing & IT Network Convergence Bryce Barnes - Cisco Systems Vertical Solution Architect-Manufacturing Gregory Wilcox - Rockwell Automation Networks Business Development Manager Reference Architectures for Manufacturing © 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. 2009
Cisco At A Glance The world leader in networking for Internet, Enterprise, Home, and Industry… Changing the way people work, live, play, and learn • Annual Sales: $40 billion • World Headquarters: San Jose, California • Trading Symbol: csco • Employees: About 67, 000 • Global Presence • R&D: $4. 5 Billion Annually © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Rockwell Automation At A Glance Leading global provider of industrial automation control and information solutions • Annual Sales: $5. 5 billion • World Headquarters: Milwaukee, Wisconsin, USA • Trading Symbol: ROK • Employees: About 20, 000 • Serving customers in 80+ countries © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Manufacturing and Enterprise Network Convergence Business Enterprise Systems Customer Demand Suppliers Supply Chain Integration Flexible Manufacturing Plantwide Systems Lower Total Cost of Ownership | Faster Time to Market | Better Asset Optimization | Broader Risk Management © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. 4
Manufacturing Network Convergence Corporate Network Back-Office Mainframes and Servers (ERP, MES, etc. ) Human Machine Interface (HMI) Control Network Gateway Office Applications, Internetworking, Data Servers, Storage Supervisory Control Human Machine Interface (HMI) Controller Robotics Motors, Drives Actuators Supervisory Control Robotics Sensors and other Input/Output Devices Traditional – 3 Tier Manufacturing Network Model Office Applications, Internetworking, Data Servers, Storage Back-Office Mainframes and Servers (ERP, MES, etc. ) Controller Motors, Drives Actuators Sensors and other Input/Output Devices Converged Ethernet Manufacturing Network Model Convergence of Control and Information © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. 5
Manufacturing and Enterprise Network Convergence • Manufacturing Network Requirements – – – Industrial Protocols Topologies, Resiliency & Industrial Environments Determinism, Latency, Jitter, etc. Motion Control & Safety IP Addressing - static • Enterprise Network Requirements – – High Availability Determinism, Latency, Jitter, etc. Voice, Video, Data applications Security • Network Design & Management – Ease of use – Reference models & network designs © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Cultural and Organizational Convergence IT Network Controls Network Protecting Intellectual Property and Company Assets 24/7 Operations, High OEE Confidentiality Integrity Availability Integrity Confidentiality Types of Data Traffic Converged Network of Data, Voice and Video Converged Network of Data, Control, Information, Safety and Motion Access Control Strict Network Authentication and Access Policies Strict Physical Access Simple Network Device Access Implications of a Device Failure Continues to Operate Could Stop Operation Threat Protection Shut Down Access to Detected Threat Potentially Keep Operating with a Detected Threat ASAP During Uptime Scheduled During Downtime Security Policies Focus Priorities Upgrades © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Cultural Convergence – Common Tools Device Manager Factory. Talk View, Faceplates Command Line Interface Cisco Network Assistant © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. RSLogix 5000, Add-on Profile
Cisco and Rockwell Automation, working together To-Date: Common Technology View Support use of open, unmodified standards, with intelligent networking features in automation networks through ODVA, ISA and others Collaborating on Reference Architectures Tested and Validated design and implementation guidance and best practices for a converged network architecture People and Process Optimization Develop process guidelines for help with convergence, facilitate training and dialogue with IT and Manufacturing Joint Product Collaboration Developed Industrial Ethernet switches incorporating the best of Cisco and the best of Rockwell Automation © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Board members of ODVA Active in ISA security and wireless committees Available now, free for download Educational seminars, white papers and events Stratix 8000™ switches
Reference Architectures for Manufacturing A set of tested and validated design and implementation best practices Common reference and common language for IT and manufacturing Education Series “With this implementation guide, for the first time IT and manufacturing professionals can share a common document for planning a converged IP network including the factory floor and automation equipment. ” – Harry Forbes, ARC Advisory Group © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Approach to Industrial Ethernet Network Designs • Understand application and functional requirements – Devices to be connected – Communication patterns, resiliency requirements – Types of traffic – Safety, Motion control, etc. ? • Develop a logical framework – define zones – Place applications and devices in the framework based on requirements • Define segmentation • Determine security requirements © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Manufacturing Framework Level 5 Level 4 E-Mail, Intranet, etc. Patch Management Historian Mirror Level 2 Level 1 Level 0 Factory. Talk Application Server Factory. Talk Client Engineering Workstation Discrete Control Firewall Domain Controller Site Manufacturing Operations and Control Drives Continuous Process Control Actuators DMZ Manufacturing Zone Area Supervisory Control Operator Interface Engineering Workstation Drive Control Web E-Mail CIP Application Server Factory. Talk Client Operator Interface Sensors Firewall AV Server Web Services Operations Factory. Talk Directory Batch Control Enterprise Zone Site Business Planning and Logistics Network Terminal Services Level 3 Enterprise Network Router Safety Control Robots Basic Control Cell/Area Zone Process No Direct Traffic Flow from Enterprise to Manufacturing Zone © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Reference Architectures for Manufacturing • Design guidance – Methodology – built on Industry Standards – Best practices and recommendations – Documented configuration settings – Tested with Industrial Applications – Cisco “Validated” network design • “Future-ready” network foundation – CIP Safety, CIP Sync, CIP Motion – Voice, Video Enterprise Zone Levels 4 and 5 Windows 2003 Servers Demilitarized Zone (DMZ) • Remote desktop connection • VPN Gbps Link for Failover Detection Firewall (Standby) Firewall (Active) Demilitarized Zone (DMZ) Manufacturing Zone Level 3 Factory. Talk Application Servers • • View Historian Asset. Centre Transaction Manager Layer 3 Router Network Services • DNS, DHCP, syslog server • Network and security Factory. Talk Services Platform • Directory • Security management Layer 3 Switch Stack Data Servers Level 0– 2 Cell/Area Zone Layer 2 Switch HMI Controller HMI Drive Controller Cell/Area #1 (Redundant Star Topology) © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Drive HMI Distributed I/O Controller Cell/Area #2 (Ring Topology) Distributed I/O Cell/Area #3 (Bus/Star Topology)
Manufacturing and Enterprise Security Design • Physical Security – limit physical access to authorized personnel: areas, control panels, devices, cabling, and control room – escort and track visitors • Network Security – infrastructure framework – e. g. firewalls with intrusion detection and intrusion prevention systems (IDS/IPS), and integrated protection of networking equipment such as switches and routers • Computer Hardening – patch management, antivirus software as well as removal of unused applications, protocols, and services • Application Security – authentication, authorization, and audit software • Device Hardening – change management and restrictive access © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.
Manufacturing and Enterprise Security Design • Comprehensive Network Security Model for Defense in Depth Security is not a bolt-on component – – – Standard DMZ Design Best Practices VLANs DMZ Manufacturing Security Policy Demilitarized Zone Firewalls to defend the manufacturing edge Protect the interior CS-MARS, CSA, ASDM and CSAMC Endpoint Hardening Factory. Talk Service Segment into Domains & Application Security of Trust – Physical Security – Security Management, Analysis, & VLANs Response Segmenting Domains of Trust – Remote/Guest Access Policy, with robust & secure implementation ASA 5500 Web, Application, Database Servers ACLs Firewall IPS Backup Historians Level 3—Site Manufacturing Operations and Control Network Infrastructure Protection, ACLs Cisco Cat. 6500/4500 Cisco Cat. 3750 Stack. Wise Switch Stack HMI Factory. Talk View Level 2—Area Supervisory Control Security Services Must Not Compromise Operations of the Cell/Area Zone © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. Layer 2 Security, Port Security HMI Level 1—Basic Controller Hardening, Physical Security PAC Drive Level 0—Process Distributed I/O
Best Practices for Network, Technology and Cultural Convergence • IT and Manufacturing collaboration on – System architecture design – Service and support models – Manufacturing Security Policy • Standardization of design & technology • Consult reference architectures & standards – Network Segmentation – Domains of Trust • Communicate to IT what protocols and services are being used – TCP/UDP, Managed/Unmanaged switches, Multicast, IP addressing, VLANs, Qo. S? • Communicate to Manufacturing the needs of IT • Emergence of Manufacturing IT © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. An open, two-way dialog is critical!
Thank you! http: //www. cisco. com/web/strategy/manufacturing/cisco-rockwell_automation. html http: //www. ab. com/networks/architectures. html © 2009 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.