Automated Fitting Process Using Robust Reliable Weighted ...
Deploy Secure, Reliable, and Robust Industrial Network Solutions Autom… · Reliable, and Robust...
Transcript of Deploy Secure, Reliable, and Robust Industrial Network Solutions Autom… · Reliable, and Robust...
Electrical • Lighting • Automation •
DataComm
Deploy Secure, Reliable, and
Robust Industrial Network Solutions
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
CONTEXTUALIZATIONEnergy/Product, OEE
Voltage, Kwh, Running Time,Temperature
Real-time Data
InformationANALYTICS
Predict bearing will fail in 10 hours
KnowledgeOPTIMIZE
More efficient process workflows
Wisdom
SmarterMachines & Equipment
2
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
DATA BEING TRANSMITTED ACROSS THE PLANT
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
INFORMATION-DRIVEN UP THE CHAIN
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
LEADERSHIPUNDERSTANDINGOF IoT
BELIEVE IoT WILL
CREATE GROWTH
DEVELOPED
A STRATEGY
87% 7%
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
“JUST THERE” VS PURPOSE-BUILT
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
“JUST THERE” VS PURPOSE-BUILT
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
DEVICE SPRAWL
Connected devices at home:• Smartphones• Power management devices• Lighting controls• Smartwatches• Smartphones• Alexa/Google/Apple devices• Smart TVs• Tablets• Readers• Oh, and your computer
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
IT/OT ConvergenceInflexibilitySkills Gap Vulnerability
CHALLENGES FACING INDUSTRIAL INFRASTRUCTURE
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
IT/OT ConvergenceInflexibilitySkills Gap Vulnerability
CHALLENGES FACING INDUSTRIAL INFRASTRUCTURE
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
OT
CONVERGENCE
13
…FINANCIALS HR LOGISTICS QUALITY CRMMRPERP -
MATERIALS &
TRANSPORTCONTROLLERS SENSORS,
ACTUATORS
MACHINES &
EQUIPMENT …
Business Systems – Transactional
Operations - Real-time
IT
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
Priority is on
reliability and integrity
of the system, uptime
is king
Priority is
pervasiveness of
data and
confidentiality of
such data.
End-points are of
heterogeneous make
and task specific with
long lifespans
End-points are of
homogenous make
and multi-purpose
with short lifespans
Architectures are
ubiquitous in nature
and consist of multi-
tiered systems to
encourage wide
accessibility
Architectures are of
proprietary nature
and consist of
isolated, task specific
systems.
Outcomes are
physicalOutcomes are
digital
OT vs. IT
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
IT – LIFECYCLE ~5 YEARS OT – LIFECYCLE 15+ YEARSVS.
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
IT/OT ConvergenceInflexibilitySkills Gap Vulnerability
CHALLENGES FACING INDUSTRIAL INFRASTRUCTURE
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved.COMPANY INTERNAL — CONFIDENTIAL
Industrial Network Distribution Solution
ASSESS DESIGN IMPLEMENT SUPPORT & MANAGE
CO
NS
ULT
ING
SE
RV
ICE
S
Industrial Data Center
PR
E-E
NG
INE
ER
ED
SO
LUT
ION
S
SIMPLIFY AND ACCELERATE
Digital Plant Maturity Models
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATIONCopyright © 2017 Rockwell Automation, Inc. All Rights Reserved.
INFORMATION INFRASTRUCTURE & SECURITY
4
3
Manage Your
System Performance
Manage Your
Asset Performance
REDUCE
DOWNTIME 30%
ASSET PERFORMANCE
INFRASTRUCTURE DEVELOPMENT
& MANAGEMENT
…through application monitoring, performance optimization, predictive maintenance, and risk management
…with device integration to the cloud, data collection and device health checks, notifications and alarms, and 24/7 remote monitoring
INFRASTRUCTURE DEVELOPMENT & MANAGEMENT ASSET PERFORMANCE
2
1
Protect and Maintain
Your Infrastructure
Build Your Secure
Infrastructure
…applying managed security services; threat detection, response and recovery; complete infrastructure administration/monitoring; and 24/7 remote support…based on best practices for network assessment, design and implementation –and leveraging pre-engineered solutions and IDCs
REDUCE
MTTR 76%
REDUCE
MAINTENANCE
COST20%
SHORTEN
PROJECT
TIMELINE50%
A secure information infrastructure enables digital transformation
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved.COMPANY INTERNAL — CONFIDENTIAL
CPwE ARCHITECTURES
LOGICAL FRAMEWORK
EtherNet/IP (Industrial Protocol),
Real-Time Control and Information,
Wired and Wireless LANs
(Unified and Autonomous WLAN),
Fast Network Resiliency,
Traffic Segmentation,
Industrial Security Policies,
Ease of Use
Industrial Security Policies,
Site Operations,
Resiliency, Routing,
Network and Security Management
Secure Application and Data
Share, Inter-zone Segmentation,
Access Control, Threat Protection
Enterprise Security Policies,
Collaboration Tools, Unified Wireless,
Business Application Optimization
Physical or Virtualized Servers• FactoryTalk Application Servers and
Services Platform• Network & Security Services – DNS, AD,
DHCP, Identity Services (AAA)• Storage Array
Remote AccessServer
Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server
DistributionSwitch Stack
HMI
Cell/Area Zone - Levels 0–2Redundant Star Topology - Flex Links Resiliency
Unified Wireless LAN(Lines, Machines, Skids, Equipment)
Cell/Area Zone - Levels 0–2Linear/Bus/Star Topology
Autonomous Wireless LAN(Lines, Machines, Skids, Equipment)
IndustrialDemilitarized Zone
(IDMZ)
Enterprise ZoneLevels 4-5
Rockwell AutomationStratix 5000/8000
Layer 2 Access Switch
Industrial ZoneLevels 0–3
(Plant-wide Network)
CoreSwitches
Phone
Controller
Camera
Safety Controller
Robot
Soft Starter
Cell/Area Zone - Levels 0–2Ring Topology - Resilient Ethernet Protocol (REP)
Unified Wireless LAN(Lines, Machines, Skids, Equipment)
I/O
Plant Firewalls• Active/Standby• Inter-zone traffic segmentation• ACLs, IPS and IDS• VPN Services• Portal and Remote Desktop Services proxy
SafetyI/O
ServoDrive
Instrumentation
Level 3 - Site Operations(Control Room)
HMI
Active
AP
SSID
5 GHz
WGB
SafetyI/O
Controller
WGB
LWAP
SSID
5 GHzWGB
LWAP
Controller
LWAP
SSID
2.4 GHz
Standby
Wireless
LAN Controller
(WLC)
Cell/Area Zone
Levels 0–2
Cell/Area Zone
Levels 0–2
Drive
DistributionSwitch Stack
Wide Area Network (WAN)
Data Center - Virtualized Servers• ERP - Business Systems
• Email, Web Services
• Security Services - Active Directory (AD),
Identity Services (AAA)
• Network Services – DNS, DHCP
• Call Manager
Enterprise
Identity Services
Identity Services
External DMZ/ Firewall
Internet
Industrial IT
IT
OT
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
CPWE DESIGN GUIDES AND WHITEPAPERS
▪ Deploying Industrial Data Centers
▪ Identity and Mobility Services
▪ DLR (Device Level Rings)
▪ Industrial Firewalls
▪ Location Services
▪ NAT (Network Address Translation)
▪ 802.11 Wireless
▪ Network Segmentation
And more…
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
21
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
22
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
THE CHANGING ICS THREAT
LANDSCAPE
Insiders Cyber CriminalsHacktivistsNation States Terrorists
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
SECURITY IN THE INFORMATION-DRIVEN PLANT
Must Address:
▪ Safeguarding IP
▪ Protecting from disruptive
intrusions
▪ Maintaining critical infrastructure
systems
▪ Avoiding network-related
downtime
▪ Enabling, but controlling, remote
access to operations
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
Requires a holistic
approach
▪ Security assessment▪ Understand your risk areas
▪ Defense-in-depth▪ Multi-layered approach
▪ Trusted vendors▪ Following core security
principles
SECURITY IN THE INFORMATION-DRIVEN PLANT (CONT)
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
SECURITY ASSESSMENT
Should include at least:
▪ Inventory of devices and
software
▪ Observation and documentation
of system performance
▪ Identification of tolerance
thresholds
▪ Prioritization of vulnerabilities
based on impact and potential
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
DEFENSE-IN-DEPTH
Six key parts:
▪ Policies & procedures
▪ Physical
▪ Network
▪ Computer
▪ Application
▪ Device
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
TRUSTED VENDORS
28
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved.PUBLIC INFORMATION
DURINGBEFORE AFTER
Attack Continuum
INDUSTRIAL
CYBER SECURITY
SERVICES
Backup and Recovery Solutions
QualifiedPatch Management
Vulnerability and Risk Assessments
Application Whitelisting Deployment
Real-Time Threat Detection Services
ICS Security Zone and IDMZ Segmentation
FactoryTalkSecurity Implementation Services
Remote Monitoring and Administration Services
Network Access Control Deployment
Incident Response and Disaster Recovery Planning Services
Incident Handling and Response*
Cyber Security AwarenessTraining
Asset InventoryServices
Policy & Procedure Development
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
SCALABLE INFRASTRUCTURE SUPPORTTECHCONNECT – MANAGED SERVICES
Remote Support Services
Rockwell Automation Tech Support has
certified personal on staff
▪ CCNP (Cisco Network Professional)
▪ CCNA (Cisco Network Associate)
▪ CCNA Security (Cisco Security)
▪ CCENT (Entry Network Technician)
▪ VMware Certified Associate
▪ VMware Certified Professional
One number to call for support… Manufacturing
IT Support
Secure
Remote Access
Asset Health
Monitoring
Threat
Detection
Infrastructure
Administration
Infrastructure
as a Service
Valu
e
1-800-998-1621 • www.sydist.com
A Family- and Employee-Owned Company
KEY TAKEAWAYS
• Build your network with a PURPOSE, don’t let
it become overgrown
• Without data, you’re just another person with
an opinion
• Take a holistic approach to security, with
defense-in-depth
• Take advantage of the tools we have provided
PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 32
GAIN in-depth industry
knowledge and earn PHD credits
by attending forums, hands-on
labs, and tech sessions
EXPERIENCE the latest technologies and
solutions at exhibits from Rockwell
Automation and our PartnerNetwork™
members
NETWORK with industry experts
and peers
Attending the Automation Fair® event equips you with innovative strategies to help you
become more globally competitive and productive with The Connected Enterprise.
www.automationfair.com
PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 33
ENLIGHTENED keynotes, technical
sessions and hands-on labs that deliver
information on the latest modern
process automation technologies and
techniques
INSPIRED customer-delivered best practices
to highlight innovative approaches,
outstanding ROI, and important successes
achieved through Rockwell Automation
solutions
NETWORK with other process
professionals from a broad spectrum
of industries
Join your peers at this interactive 2-day, industry leading event to gain greater insight
into the latest process automation technologies.
Process Solutions User GroupNovember 12-13, 2018
Philadelphia, PA
QUESTIONS/COMMENTS/DISCUSSION
• Leave name and e-mail address for Industrial
IP Advantage Promo Code
• $350 value
Electrical • Lighting • Automation • DataComm1-800-998-1621 • www.sydist.com