Network Design Industry 4.0 and Security siemens.com Unrestricted© Siemens AG 2016
Network DesignIndustry 4.0 and Security
siemens.comUnrestricted© Siemens AG 2016
Unrestricted © Siemens AG 2016June 2016Page 2 Peter Brown
Ethernet Network Design
Product
design
Production
planning
Engineering
Production
Digital workflow
Service
Unrestricted © Siemens AG 2016June 2016Page 3 Peter Brown
Global Trends / Industry 4.0
Track & TraceGlobalizationThe world isconnectedBig data
Maximumtransparency
throughout theentire valueadded chain
OptimizeProduction
Logistic
Reliablecommunication
for WAN
Enable industrialcommunication
to cope withincreasing
amount of data
Establishsecurity
mechanisms tocontrol the opencommunicationwhere needed
Industryrequirements
Manage to findone concept for
industrialcommunication
Solutionorientation
Individuali-zation
Offer a completesolution packageincluding serviceto the customer
Enable endcustomers to
react flexible withour solution on
the marketrequirementsC
halle
nge
Tren
d
Unrestricted © Siemens AG 2016June 2016Page 4 Peter Brown
All Industry Sectors
For all industries … … and for all regions
Process DiscreteHybrid
Win
dpo
wer
Tran
spor
tatio
n
E-C
ar
Elec
tron
ics
Aut
omot
ive
Gla
ss&
Sola
r
Phar
mac
eutic
als
Food
&B
ever
age
Met
al&
Min
ing
Cem
ent
Pulp
&Pa
per
Che
mic
als
Oil
&G
as
Wat
er
Ref
iner
y
Elec
tric
Pow
er
Industrial networksIndustrial networks
Discrete automationDiscrete automationProcess automationProcess automation
Unrestricted © Siemens AG 2016June 2016Page 5 Peter Brown
Customer requirements for industrial networks
RobustnessHigh temperatures, rugged environments- Fan less switches (dusty environment etc.), FastConnect cables
FlexibilityChanging production layouts at the shop floor- Modularity, different interfaces for electrical or optical connections
High AvailabilityRing redundancy e.g. with MRP, HSR, PRP,…- Quick and easy replacement with C-Plug (transfer config to new device)
DeterminismSynchronization of several drives in one machine- Wired as well as wireless
Moving UnitsAutomated guided vehicles, monorails, cranes- IWLAN RCoax Cable for durable wireless connection during movement
SafetyEmergency shutdown over PROFINET- Wired as well as wireless
SecurityRemote administration for machine vendors, Firewall, DMZ- One security module for office and automation requirements
Outdoor
Warehouse
Production
Unrestricted © Siemens AG 2016June 2016Page 6 Peter Brown
PROFINET provides increased flexibility, efficiency, and performance
PROFINET is the right solution for every application
Industrial Wireless LAN
Safety
Flexible topologies
Expandability
Web tools
Open standard
Tailor-made plant concepts
Flexibility
Easy cabling
One cable for all purposes
Device/network diagnostics
Energy efficiency
Optimal use of resources
Fast device replacement
Ruggedness/stability
Easy cablingEasy cabling
Efficiency
Media redundancy
Large quantity structures
High transmission rate
Speed
High precision
Increased productivity
Fast start-up
Performance
Unrestricted © Siemens AG 2016June 2016Page 7 Peter Brown
Merging of automation and IT
Totally IntegratedAutomationPortal
RT / IRT data Other TCP-data Quality gathering data Video
Network load
Long-term development of plants‘ network load
High data volume through- Acquisition of quality data- High resolution videos- Web services- Cloud-connectionparallel to real-time data (RT/IRT).
Can cause… overloads on single ports... lower plant availabilityBy reason of defective network designand configuration.
Unrestricted © Siemens AG 2016June 2016Page 8 Peter Brown
How Do We Draw Our Network?
PROFINET
Unrestricted © Siemens AG 2016June 2016Page 9 Peter Brown
§ Automation & control§ Hazardous area§ SCADA§ 24/7 operation§ Motion control§ Wireless communication§ General IT§ File transfers§ Voice§ Video§ Network physical distance
§ Data quality§ Reserved bandwidth§ Confidential information§ Email / instant messaging§ Trending / archiving§ Spanning departments§ Printing§ Remote access§ Billing / invoicing§ Track & trace§ Product individualisation
What does the network need to do?
OT Vs IT
Unrestricted © Siemens AG 2016June 2016Page 10 Peter Brown
OT Vs IT
Industry:Location – Rough environmentInstallation – Plant maintenanceTopology – Plant specific, variedAvailability – Network downtimes <300mSDevice density – Low, switches with few portsNetwork monitoring – Part of plant monitoring
Office:Location – Air conditioned officesInstallation – Network specialistsTopology – StarAvailability – Minute to hours acceptedDevice density – High, switches with many portsNetwork monitoring – Specially trained IT staff
Unrestricted © Siemens AG 2016June 2016Page 11 Peter Brown
Example Control & Automation Network
Unrestricted © Siemens AG 2016June 2016Page 12 Peter Brown
Example Control & Automation Network
Unrestricted © Siemens AG 2016June 2016Page 13 Peter Brown
Example Control & Automation Network
Unrestricted © Siemens AG 2016June 2016Page 14 Peter Brown
Example Control & Automation Network
Unrestricted © Siemens AG 2016June 2016Page 15 Peter Brown
Example Control & Automation Network
Unrestricted © Siemens AG 2016June 2016Page 16 Peter Brown
Example Control & Automation Network
Unrestricted © Siemens AG 2016June 2016Page 17 Peter Brown
Design Summary
§ Zoning and Security are essential§ VLANs§ Layer 3 switches§ ACL§ Bandwidth reservation§ Network redundancy§ Protection of safety-related systems§ OT team & IT Team cooperation
Unrestricted © Siemens AG 2016June 2016Page 18 Peter Brown
Security
Unrestricted © Siemens AG 2016June 2016Page 19 Peter Brown
PI Security Concept
The PROFINET Security ConceptFrom the PROFINET Security Guideline
§ Network Architecture – Security Zones§ Trust Concept – within Zones§ Perimeter Defence – Firewall/VPN§ Provision of Confidentiality and Integrity§ Transparent Integration of Firewalls
Unrestricted © Siemens AG 2016June 2016Page 20 Peter Brown
Methods of network security
§ Firewall - Protect against unauthorized access
§ VLAN (Virtual Local Area Network) - Logicalnetwork that operates on the basis of a physical network
§ DMZ (De-Militarized Zone) - Exchange datawith external partners via safe areas
§ VPN (Virtual Private Network) - Secure tunnelbetween authenticated users
Complete plant security
Secure automation cells
Internet
Unrestricted © Siemens AG 2016June 2016Page 21 Peter Brown
Industrial Security
As a minimum:
§ Inherent Safety§ Physical & environmental security§ System hardening§ Application security§ Device hardening§ Network security§ Disaster recovery / mitigation planning
Unrestricted © Siemens AG 2016June 2016Page 22 Peter Brown
Thank you for your attention!
Peter Brown
Product Specialist
Siemens Customer Service
Email: [email protected]
Mobile: 07808 825551
siemens.com/SINETPLAN