Cisco Solutions for Industrial IT

Rockwell Automation TechED 2016 @ROKTechED #ROKTechED


Abstract Cisco® products and solutions enable technical and cultural convergence

between information technology (IT) and industrial automation technology (operational technology - OT). This discussion reviews the Cisco solutions within the Cisco and Rockwell Automation® CPwE architectures, including the Catalyst family of switches and Adaptive Security Appliance (ASA) firewalls. Prior attendance of the Building Converged Plantwide Ethernet Architectures session is recommended.

2

Rockwell Automation TechED 2016 @ROKTechED #ROKTechED 3

Cisco and Rockwell Automation AllianceTechnology, Network, Cultural and Organizational Convergence

Stratix 5900™ Services Router, Stratix 5950™ Industrial Firewall, Stratix 5100™ Wireless Access Point/ Workgroup Bridge, and Stratix 5000/Stratix 8000™ families of managed industrial Ethernet switches, combine the best of both Rockwell Automation® and Cisco

Plant-wide / site-wide focused tested, validated and documented reference architectures, comprised of Rockwell Automation and Cisco expertise, provide a foundation to successfully deploy the latest technologies optimized for both industrial automation and IT professionals

Achieve flexibility, visibility and efficiency through a converged plant-wide / site-wide network architecture, using open, industry standard networking technologies, such as EtherNet/IP

Services, education and certification to facilitate industrial automation and information technology convergence and successful architecture deployment, so that critical resources can focus on increasing innovation and productivity

People and Process Optimization:

Common Technology View:

Converged Plantwide Ethernet (CPwE) Architectures:

Joint Product and Solution Collaboration:


Tested, validated and documented reference architectures Developed from use cases - customer and application Tested for performance, availability, repeatability, scalability and security Comprised of nine (9) Cisco and

Rockwell Automation Validated Designs Built on technology and industry standards “Future-ready” network design

Content relevant to both OT and IT Engineers Deliverables Recommendations, best practices, design and

implementation guidance, documented test results and configuration settings Simplified design, quicker deployment, reduced risk in deploying new technology

Reference ArchitecturesConverged Plantwide Ethernet (CPwE)

4


Reference ArchitecturesConverged Plantwide Ethernet (CPwE)

Cisco® Validated Design (CVD) Consist of systems and solutions that are designed, tested,

validated and documented to facilitate and improve customer deployments. These designs incorporate a wide range of technologies and products into a portfolio of solutions that have been developed to address the business needs of our customers

CVDs are organized by solution areas and will list one, two or all three primary types of documents: Design and Implementation Guides (DIGs) White Papers Application Guides

5

Rockwell Automation Lab Mayfield Heights, OH

Cisco Lab Research Triangle Park, NC


Key TenetsConverged Plantwide Ethernet (CPwE)Education, design considerations and guidance to help reduce network Latency and Jitter, to help increase the Availability, Integrity and Confidentiality of data, and to help design and deploy a Scalable, Robust, Secure and Future-Ready EtherNet/IP network infrastructure: Single Industrial Network Technology Robust Physical Layer Segmentation / Structure (modular & scalable building blocks) Prioritization - Quality of Service (QoS) Redundant Path Topologies with Resiliency Protocols Time Synchronization – PTP, CIP Sync, Integrated

Motion on the EtherNet/IP network Multicast Management Convergence-ready Solutions Wireless LAN – 802.11 - Autonomous, Unified - Equipment, Personnel Security – Holistic Defense-in-Depth, Identity Services,

Industrial Demilitarized Zone, Scalable Secure Remote Access6


Cisco® Catalyst® Switching and Routing Catalyst 3850, Layer 3 Distribution Switch StackWise™ allows up to 9 switches to be

linked together, managed as a single switch, 480GB throughput

Stackpower allows power supplies of members in a stack to pool resources

24 and 48 port with Gigabit or 10 GB uplinks Optional uplink modules for greater flexibility Copper and Fiber downlinks for connections

from switches7

Deploying A Resilient Converged Plantwide Ethernet Architecture

Converged Plantwide Ethernet (CPwE) Architectures

http://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td010_-en-p.pdf


Cisco® Catalyst® Switching and Routing Catalyst 4500-X, Layer 3 Distribution/Core

Switch Mid to high level plant distribution and

aggregation Fixed chassis with either 16 or 32 Ten GB

ports. Plus optional 8 port 10GB uplink module.

Virtual Switching System (VSS) – two switches act as a single virtual switch

800 Gbps throughput

8


Deploying A Resilient Converged Plantwide Ethernet Architecture



Cisco® Catalyst® Switching and Routing Catalyst 6800, Layer 3 Core Switch Flagship network core switch, different

chassis sizes. 880 GB per slot bandwidth. 11Terabit system capacity

Network services modules for securityand wireless, take place of separate appliances

Optimized for 10, 40, and 100 GB Virtual Switching System (VSS) – two

switches act as a single virtual switch

9



Adaptive Security ApplianceFirewalls with FirePOWER IPS

ASA – Provides firewall capabilities to logically segment the plant floor from the enterprise. Tracks traffic flows

VPN concentration – Allows clients to connect a VPN session to the firewall over IPSEC, or SSL

Provides up to 8 integrated and up to 14 Gigabit ports with service modules for flexibility in network design

Provides up to 700 Mbps of VPN throughput, and up to 5000 concurrent VPN sessions

Newly added FirePOWER™ module from Sourcefire adds next generation IPS for threat detection, as well as Advanced Malware Protection (AMP)

10

Securely Traversing IACS Data Across the Industrial Demilitarized Zone



Rockwell Automation TechED 2016 @ROKTechED #ROKTechED 11

Converged Plantwide Ethernet (CPwE)Secure and Robust Network Architectures for The Connected Enterprise

Operational Technology

Industrial IT

Information Technology

Physical or Virtualized Servers• FactoryTalk® Application Servers

and Services Platform

• Network & Security Services – DNS, AD, DHCP, Identity Services (AAA)

• Storage Array

Remote AccessServer

Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server

DistributionSwitch Stack

HMI

Cell/Area Zone - Levels 0–2Redundant Star Topology - Flex Links Resiliency

Unified Wireless LAN(Lines, Machines, Skids, Equipment)

Cell/Area Zone - Levels 0–2Linear/Bus/Star Topology

Autonomous Wireless LAN(Lines, Machines, Skids, Equipment)

IndustrialDemilitarized Zone

(IDMZ)

Enterprise ZoneLevels 4-5

Rockwell Automation®Stratix 5000/8000

Layer 2 Access Switch

Industrial ZoneLevels 0–3

(Plant-wide Network)

CoreSwitches

Phone

Controller

CameraSafety

Controller

Robot

Soft Starter

Cell/Area Zone - Levels 0–2Ring Topology - Resilient Ethernet Protocol (REP)

Unified Wireless LAN(Lines, Machines, Skids, Equipment)

I/O

Plant Firewalls• Active/Standby• Inter-zone traffic segmentation• ACLs, IPS and IDS• VPN Services• Portal and Remote Desktop Services proxy

SafetyI/O

ServoDrive

Instrumentation

Level 3 - Site Operations(Control Room)

HMI

Active

AP

SSID5 GHz

WGB

SafetyI/O

Controller

WGB

LWAP

SSID5 GHz WGB

LWAP

Controller

LWAP

SSID2.4 GHz

Standby

WirelessLAN Controller

(WLC)

Cell/Area ZoneLevels 0–2

Cell/Area ZoneLevels 0–2

Drive

DistributionSwitch Stack

Wide Area Network (WAN)Data Center - Virtualized Servers• ERP - Business Systems• Email, Web Services• Security Services - Active Directory (AD),

Identity Services (AAA)• Network Services – DNS, DHCP• Call Manager

Enterprise

Identity Services

Identity Services

External DMZ/ Firewall

Internet

AccessSwitches

AccessSwitches

PUBLIC

www.rockwellautomation.com

ROKTechED 2016 Networks

For the rest of the story…

12

http://rockwell.lookbookhq.com/rokteched-2016-networks/cisci-solutions-industrial-it

Cisco Solutions for Industrial IT

Technology

Transcript of Cisco Solutions for Industrial IT