Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED PUBLIC INFORMATION NW05 - Cisco ® Solutions for the Converged Plantwide Ethernet Reference Architectures
Jul 26, 2015
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
PUBLIC INFORMATION
NW05 - Cisco® Solutions for the Converged Plantwide Ethernet Reference Architectures
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Abstract
Cisco® products and solutions enable technical and cultural convergence between information
technology (IT) and industrial automation technology. This discussion reviews the Cisco® solutions
within the Cisco and Rockwell Automation® CPwE reference architectures, including Catalyst® family
of switches and Adaptive Security Appliances (ASA) firewalls, capabilities, selection and support. A
prior understanding of general Ethernet concepts, or attendance of the Fundamentals of EtherNet/IP™
Network Technology session is recommended.
2 3
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Agenda
3
Catalyst® Switching and Routing
Cisco Systems® and Rockwell Automation® Alliance
Adaptive Security Appliance Firewalls
Additional Information
Wireless LAN (WLAN)
Unified Computing System (UCS)
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Why Is This Important? Control and Information Convergence
5
Scalable, robust, secure and future-ready infrastructure: Application
Software
Network
Internet of Things, Internet of Everything
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Cisco Systems® At A Glance
5
Campus that is wired and wireless network framework for structure and
hierarchy best practices
Unified communications for mobility and collaboration
Voice, video and data
Unified computing systems for server, switch and firewall virtualization
Integration with Cisco® and IT network management applications
Resiliency and availability features
REP, Flex Links, HSRP, StackWise
Integrated catalyst network security
Cisco Systems, Inc. is the worldwide leader in networking, transforming how people connect, communicate and collaborate
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Cisco® and Rockwell Automation® Collaboration Technology, Network, Cultural and Organizational Convergence
7
Stratix 5900™ Services Router, Stratix 5100™ Wireless Access Point/ Workgroup Bridge, and Stratix 5000™/Stratix 8000™ families of industrial Ethernet managed switches, combine the best of both Rockwell Automation and Cisco
Plant-wide / site-wide focused reference architectures, which are composed of Rockwell Automation and Cisco expertise, provide a foundation to help successfully deploy the latest technologies that are optimized for both industrial automation and IT professionals
Achieve flexibility, visibility and efficiency through a converged network architecture, using open, industry standard networking technologies, such as EtherNet/IP™
Services and education to facilitate industrial automation and information technology convergence and successful architecture deployment, so that critical resources can focus on increasing innovation and productivity
People and Process Optimization:
Common Technology View:
Converged Plantwide Ethernet (CPwE) Reference Architectures:
Joint Product and Solution Collaboration:
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
What Are We Doing? CPwE Reference Architectures
7
Cisco® and Rockwell Automation® Collaboration
Tested and validated architectures
Performance, availability, repeatability, scalability, security
Cisco Validated Design
Built on technology and industry standards
“Future-ready” network design
Content relevant to both IT Network Engineers and Control System Engineers
Deliverables
Recommendations, best practices, design and implementation guidance
Documented configuration settings
Simplified design, quicker deployment, reduced risk in deploying
new technology
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
What Are We Doing? CPwE Reference Architectures
9
Education, design considerations and guidance to help reduce network Latency and Jitter, to help increase the Availability, Integrity and Confidentiality of data, and to help design and deploy a Scalable, Robust, Secure and Future-Ready EtherNet/IP™ network infrastructure:
Single Industrial Network Technology
Robust Physical Layer
Segmentation / Structure (modular and scalable building blocks)
Prioritization - Quality of Service (QoS)
Redundant Path Topologies with Resiliency Protocols
Time Synchronization – PTP, CIP Sync, Integrated Motion on the EtherNet/IP network
Multicast Management
Convergence-ready Solutions
Security – Holistic Defense-in-Depth
Scalable Secure Remote Access
Wireless – 802.11
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
What Are We Doing? CPwE Reference Architectures
10
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Cisco® Catalyst® Switch and Routing
11
2960, Layer 2 Access
Lower total cost of ownership
19 inch rack form factor, 24 and 48-port options
Flex stack for ease of management
PoE
Up to 10 GB uplinks, 100 MB or 1 GB down
depending on required performance
LAN lite or LAN Base IOS, LAN Base has more
advanced features
Converged Plantwide Ethernet (CPwE) Reference Architectures
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Cisco® Catalyst® Switch and Routing
12
3850, Layer 3 Distribution
StackWise™ allows up to 9 switches to be linked
together, managed as a single switch, 480 GB
throughput
Stackpower allows power supplies of members in
a stack to pool resources
24 and 48 port with Gigabit or 10 GB uplinks
Optional uplink modules for greater flexibility
Copper and Fiber downlinks for connections
from switches
Converged Plantwide Ethernet (CPwE) Reference Architectures
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Converged Plantwide Ethernet (CPwE) Reference Architectures
Cisco® Catalyst® Switch and Routing
13
4500, Layer 3 Distribution/Core
Mid to high-level plant distribution
and aggregation
Modular chassis: 3, 6, 7, or 10 slots for supervisor
engine and line cards and up to 48 Gigabits slot.
Virtual Switching System – two switches act as
a single virtual switch
Line cards include – 10/100/1000 Copper, Fiber,
and 10 Gigabit. Many different options
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Cisco® Catalyst® Switch and Routing
14
6500, Layer 3 Core
Flagship network core switch, different chassis
sizes. 80 Gigabits per slot.
Network services modules for security
and wireless, take place of separate
appliances
10/100/1000 modules, 10 Gigabit and
40 Gigabit modules available.
Virtual Switching System allows physical
separation of switches, but managed as a
single switch
Converged Plantwide Ethernet (CPwE) Reference Architectures
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Converged Plantwide Ethernet (CPwE) Reference Architectures
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 7
Data Sheet
Intrusion Prevention for the Cisco ASA 5500-X Series
As users and data leave the corporate boundary and the network access layer
becomes more porous, traditional signature technology alone will not suffice. Only
Cisco® intrusion prevention (IPS) technology, backed by Cisco Security Intelligence
Operations (SIO), identifies and mitigates attackers and attacks up to Layer 7 with
market-leading, context-aware threat prevention that augments your firewall and VPN
deployment.
The Cisco ASA 5500-X Series IPS Solution scales from the Cisco Borderless Network Architecture to data center
architectures, with integrated form factors ranging from 1 Gbps to 10 Gbps. Strong default efficacy allows you to
install a device and secure your network immediately. Achieve full visibility across your network with Cisco Security
Manager to mitigate risk and meet compliance - all while reducing your expenses.
Figure 1. Cisco ASA with IPS Product Family
Mitigate Risks
Manage risks with a broad and deep set of inspection capabilities:
Defend against zero-day attacks with over 40 engines and 6500 stateful, vulnerability-based signatures that
protect against tens of thousands of current exploits - and countless more to come.
Inspect a wide variety of protocols to ensure RFC conformance and prevent hacks.
Identify the source of and block denial of service (DoS), distributed denial of service (DDoS), SYN flood,
and encrypted attacks with Cisco Global Correlation.
Use patented anti-evasion technology to defend and monitor against worms, viruses, Trojans,
reconnaissance attacks, spyware, botnets, phishing, peer to peer attacks, and malware, as well as
numerous evasion techniques.
Guard Cisco infrastructure with specific protections for Unified Communications, WLAN, routing, and
switching.
Utilize identity-based firewall to provide granular and powerful policy definition.
Adaptive Security Appliance Firewalls with Firepower IPS
15
ASA – Provides firewall capabilities to logically segment
the plant floor from the enterprise. Tracks traffic flows
VPN concentration – Allows clients to connect a VPN
session to the firewall over IPSEC, or SSL
Provides up to 8 integrated and up to 14 Gigabit ports with
service modules for flexibility in network design
Provides up to 700 Mbps of VPN throughput, and up to
5000 concurrent VPN sessions
Newly added Firepower module from Sourcefire adds next
generation IPS for threat detection, and advanced
malware protection
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Converged Plantwide Ethernet (CPwE) Reference Architectures
Unified WLAN Architectures
16
Wireless LAN Controller (WLC)– Offers
centralized control, monitoring, and
troubleshooting of 802.11 networks. Supports up
to 6000 Access Points. Allows for fast roaming
and guest access. Several models available for
different size deployments
LWAP – Lightweight access points that are
managed by the WLC. Many antenna options
available, and allows for zero touch replacement.
Can be powered by PoE
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Converged Plantwide Ethernet (CPwE) Reference Architectures
Unified Computing System
17
UCS-C series. Rack mountable server with many
different physical configurations
1, 2, or 4 RU form factors
Optimized for Virtualization with VM-FEX, extending
network fabric to VMs
Cisco® Integrated Management Controller (IMC) is
a web-based interface for KVM and management
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Additional Material CPwE Reference Architectures
19
Websites Reference Architectures
Design Guides Converged Plantwide Ethernet (CPwE)
Deploying the Resilient Ethernet Protocol (REP) in a
Converged Plantwide Ethernet Architecture
Deploying 802.11 Wireless LAN Technology within a
Converged Plantwide Ethernet Architecture
Application Guides Fiber-optic Infrastructure Application Guide
Whitepapers Top 10 Recommendations for Plant-wide EtherNet/IP Deployments
Securing Manufacturing Computer and Controller Assets
Achieving Secure Remote Access to plant-floor Applications and Data
Design Considerations for Securing Industrial Automation and Control System Networks
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Additional Material Training and Certifications
20
Cisco® Industrial Networking Specialist Training
and Certification
E-learning modules (pre-learning courses)
Control Systems Fundamentals for Industrial
Networking (ICINS)
Networking Fundamentals for Industrial
Control Systems (INICS)
Classroom training
Managing Industrial Networks with Cisco
Networking Technologies (IMINS)
Exam
600–601 IMINS
CCNA for Industrial Applications - Training and
Certification
Training - TBD
Exam - TBD
Industrial IP Advantage
E-learning modules
CPwE Design Considerations and Best
Practices
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Industrial IP Advantage
21
A ‘go-to’ resource for educational information
about industrial network communication and
using standard Internet Protocol (IP) for
industrial applications
Community of like-minded companies –
Cisco®, Panduit®, and Rockwell
Automation®
Receive monthly e-newsletters with
articles and videos on the latest trends Network Design eLearning course available for TechEd Attendee promotional price!
Sign up today at www.industrial–ip.org
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
Additional Material Training and Certifications
22
http://www.cisco.com/web/learning/training-index.html
ICND1
ICND2
Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED
PUBLIC INFORMATION
www.rockwellautomationteched.com
Cisco® Solutions for the Converged Plantwide Ethernet
Reference Architectures
Catalyst, Cisco Live and Cisco are trademarks of Cisco Systems, Inc. Microsoft is a trademark of the Microsoft Corporation. Panduit is a trademark of the Panduit Corporation. EtherNet/IP is a trademark of the ODVA.