IoT Solutions -...
Transcript of IoT Solutions -...
IoT SolutionsConnecting Oil & Gas Pipelines
Konrad Reszka / IoT Vertical Solutions Group Test Lead
BRKIOT-2109
Oil & gas pipeline management is challenging. Pipelines can run over large geographical distances and through harsh environments. But it is essential that they operate as safely and efficiently as possible. Should an issue arise operators must have the capability to rapidly restore operation to meet environmental, safety, and quality requirements. How can a network be designed to support these capabilities while withstanding the same harsh conditions?
To address these unique challenges the Cisco Connected Pipeline solution delivers a unified architecture to support real time pipeline operations as well as video and collaboration services for safety and security. This session will cover the design and implementation details of the Connected Pipeline solution. Different options for connecting block valve, pump stations, and control centers will be analyzed (including DWDM, REP, and MPLS/IP). Other topics will include data center design, security, service separation, and remote access.
Abstract
• The Impact of IoT
• Oil & Gas Solutions
• Connected Pipeline Use Cases
• Design Details
• Control Centers
• Pipeline to Control Center
• Pipeline Sub-Stations
• Q&A
Agenda
The Impact of IoT
IoT: Connecting the Unconnected
6.8 7.2 7.6
50Billion“Smart Objects”
2010 2015 2020
50
0
40
30
20
10
BIL
LIO
NS
OF
DE
VIC
ES
25
12.5
InflectionPoint
TIMELINE
World Population
50
The Adoption Rate of Digital Infrastructure is
5X FASTER than Electricity & Telephony
Shift in Dominant End Points
Analytics and
Modelling
Improve
Productivity
Precision
Agriculture
Energy Saving
Smart Grid
Safety & Security Smart Home
S+CC
Transport and
Connected Vehicles
Intelligent
Buildings
Predictive
Maintenance
From ConsumerTablets, Laptops, Phones
Human Interactions
To Enterprise & Operational TechnologiesSensors, Smart Objects, Device Clustered Systems
Machine to Machine Interactions
Gartner, Inc, October 8, 2014http://www.gartner.com/newsroom/id/2867917
Converged, Managed Networks
Operational Technology Information Technology
TrafficControl
TelemetryPassenger
Wi-fiPassenger
Safety
TrainsMachine
PartsAccess Points
Video Cameras
ERP CRM VOIP Video
PCsSmart-phones
Data-Center
Branch Offices
Convergence Delivers Control over Open Standards
Operational Technology
TrafficControl
TelemetryPassenger
Wi-fiPassenger
Safety
TrainsMachine
PartsAccess Points
Video Cameras
Information Technology
ERP CRM VOIP Video
PCsSmart-phones
Data-Center
Branch Offices
Convergence Delivers Control over Open Standards
TrafficControl
Passenger Wi-fi Video ERP CRM VOIP
ProjectMgmt.
AssetTracking
FleetOperations
Sensor Network Email HRMS
TrainsMachine
PartsAccess Points
Video Cameras
Branch Offices
SensorsPCsSmart-phones
Data-centers
IoT Information Technology
ERP CRM VOIP Video
PCsSmart-phones
Data-Center
Branch Offices
Operational Technology
TrafficControl
TelemetryPassenger
Wi-fiPassenger Safety
TrainsMachine
PartsAccess Points
Video Cameras
Convergence Delivers Control over Open Standards
TrafficControl
Passenger Wi-fi Video ERP CRM VOIP
ProjectMgmt.
AssetTracking
FleetOperations
Sensor Network Email HRMS
TrainsMachine
PartsAccess Points
Video Cameras
Branch Offices
SensorsPCsSmart-phones
Data-centers
IoT
Shift in Architectural Philosophy
From To
Protocol Gateways(Inherently complex, inefficient and
fragmented networks)
Closed Systems(Little external interaction)
Proprietary Networks(Usually layer 2 based)
Various Protocols(Modbus, SCADA, BACnet, LON, HART)
Standardized Networks(IP Based/ISO Stack)
Geographically Distributed
and Remote Edge Systems(support for IP and non-IP)
Standardized Interfaces(Wireless/Wired)
Oil & Gas Solutions
Subsea
Production
System
Petrochemical/Refinery
Storage
LNG
Terminal
LNG Tanker
Oil Tanker
FPSO
Oil Rig
Data Center
Terminal
Headquarters
Oil/Lube
Connected
Pipelines
Connected
Refinery Dow
nstr
ea
mM
idstr
ea
mU
pstr
ea
m
Remote Operations
Collaborative
OperationsConnected
Processing Facility*
Connected
Wellhead*
Connected Oilfield
* to be released in H2FY15
Secure Ops
Oil & Gas Solution Overview
Secure
OpsConnected
Oilfield
Solution
BOM
Business
Outcome
Key
Capabilities
Reduced Downtime
Plant Wireless Industrial WiFi
Mobile HMI
Asset Tracking
People Tracking
Man Down
1552S/1552WU
IPICS
Wireless Site Survey
Secure Remote
Access
Secure Ops Secure Remote Access
Asset Discovery/Inventory
OS Patching and AV
Situational Awareness
Identity Services
Secure Site and Center
ASA5500/SourceFire
819H/CGR, Remote Mgmt
Svc
Operational
Excellence
Remote Operations Integrated Operations
Collaborative Operations
Wellhead Monitoring
Remote Asset Monitoring
Distributed Analytics
ISRG2/ASR/UCS220
Physical Security, WebEx
Remote Mgmt Services
Connected
Refineries
Connected
Pipelines
Incident Resiliency
Pipeline Automation Rapid Leak Detection
Multiservice Infrastructure
Video Surveillance
Supervisory Control
Third Party Interference
Detection
ONS15454, ASR903/901
IE2K/3K/4k, 819H
Cisco Prime
HLD/LLD
Cisco Schneider Functional Reference Model
SIEM
ProcessControl PowerManagement SafetySystems
Compressor/PumpSta on
Mul serviceDomain
Sta onWAN&Security
ProcessDomain
Metering/PIGSta on
Metering
PIGSystems
GasQuality
Mul serviceDomain
Sta onWAN&Security
ProcessDomain
SCADA&Opera onalBusinessSystemsSIEM
EngineerWorksta ons
Applica onServers
DomainController
Instrumenta on Instrumenta on Instrumenta on Instrumenta on
Quantum Quantum MiComc264
SIL3Controller SIL3Controller
GTW RI/O GTW RI/O
Historian OperatorSta on
Historian PACISOperator
Historian OperatorSta on
HMI
EthernetNetwork EthernetNetwork SafeEthernetNetwork
EthernetNetworkSafeEthernetNetwork
WirelessAP
MobileWorker
IPVoice
AccessControl
CCTV
RFID
EthernetNetwork
WirelessAP
MobileWorker
IPVoice
AccessControl
CCTV
RFID
EthernetNetwork
WirelessAP
Controller Controller Controller
EthernetNetwork
Historian Historian Historian
HMI HMI
Router Firewall Switch Router Firewall Switch
ConvergedOT&ITOpera onalFieldTelecoms
SCADAPrimary
RAS
LeakDetec on
PhysicalSecurity
OperatorWorksta ons
SCADABackup
TrainingServer
Historian
Repor ng
MeteringSystems
MainControlCenter
VideoOpera ons
AccessOpera ons
VideoStorage
IncidentResponse
IP/Ethernet
DWDM
IP/MPLS
(virtualized/non-virtualized)
(virtualized/non-virtualized)
BackupControlCenter
MCCW
AN&Security
BCCW
AN&Security
Mul serviceDomain
MobileWorker
IPVoice
AccessControl
CCTV
RFID
EthernetNetwork
WirelessAP
ProcessDomain
RouterFirewall
Switch
Sta onWAN&Security
BlockValveSta on
Quantum
Instrumenta on
CentralizedOpera ons Offic
e
/ BusinessDomain InternetEdge
Internet3rdPartySupport
Voice
Wireless
WLANController
CallManager
Voicemail
EngineerWorksta ons
Applica onServers
DomainController
SCADAPrimary
LeakDetec on
OperatorWorksta ons
SCADABackup
Historian
Repor ng
MeteringSystems
IncidentResponse
(virtualized/non-virtualized
)
(virtualized/non-virtualized
)
Wireless
WLANController
CallManager
Voicemail
SCADA&Opera onalBusinessSystems PhysicalSecurity Voice
Magelis
IONMetering
SEPAMProtec on
TeSysTMotorMgt
Al varDrive
MiCOMFeeder
Protec on
Magelis
VideoOpera ons
AccessOpera ons
VideoStorage
(Red
undant
Op
ons)
(Red
undant
Op
ons)
(Red
undant
Op
ons)
SIEM SIEM
SIEM SIEM SIEM
Switch
SIEM SIEM SIEM SIEM
SIEM SIEM SIEM SIEM SIEM
SIEM SIEM
SIEM SIEM
SIEM SIEM SIEM SIEM SIEM SIEM SIEM
SIEM SIEM SIEM SIEM SIEM SIEM
RI/O
ScadaPack
SIL3Op onNoSILOp on
Wirelessop on
3G/LTE,WiMax900MhzRFMesh
Satellite,Microwave
ROADM ROADM ROADM
CrewWelfare/Infotainment
SIEM
IDMZ
TImingServer
SIEM
AAA
TImingServerRAS
SIEM
SIEM
AAA
WANNetworks
IDMZ
Flexible and Modular - supports a phased Oil and Gas Pipeline transformation
Control Room Virtualization
Converged Wide Area Operational Telecoms
Pipeline Station Wired and Wireless Networks
Integrated Multi-Service use cases
IEC 62443 / ISA99 Security model
Cisco Rockwell Functional Reference Model
SIEM
SIEM
SIEM
SIEM SIEMSIEM
SIEM
SIEM
SIEM SIEM
SIEM
SIEM
SIEM SIEM
Compressor(/(Pump(Sta9on(
Meter/PIG/Terminal(Sta9on(
Block(Valve(Sta9on(
SIEM
SIEM
SIEM
Flexible and Modular - supports a phased Oil and Gas Pipeline transformation
Control Room Virtualization
Converged Wide Area Operational Telecoms
Pipeline Station Wired and Wireless Networks
Integrated Multi-Service use cases
IEC 62443 / ISA99 Security model
Level 3.5Industrial
DMZ
Level 3ICS SCADAServer
Engineering Workstation
Level 1
Level 0
Control
Zone
Level 2 SCADAClient
Batch Control
Sensors Drives
Safety Control
SCADAClient
Level 5
Level 4
Enterprise
ZoneEmail Applications• IEC-62443 / ISA-99
• Isolation between the enterprise environment and the Industrial Control System / SCADA network
• Industrial DMZ in Level 3.5
• Required for all Use Cases
Purdue Security Model for Control Hierarchy
Pipeline Station Overview
MCCC
PBCCM
C
PT
C
PMB B BB B B B B BB BB B
Pipeline Length
B
B
B
Main/Backup
Control Centre
Metering/
PIG Station
Compressor /
Pump Station
Block Valve
Station
Terminal
Station
Component Function
Control Center Monitoring and control of the pipeline system
Compressor station Provides pressure for gas pipelines to keep flow moving
Pump station Provides pressure for oil pipelines to keep flow moving
Metering station Simultaneous, continuous analysis of quality and quantity being transferred in a pipeline
PIG station Cleaning and inspecting the pipeline and flow lines
Terminal station Where product will be delivered to end customer
Block valve station Isolate a segment of the line for leaks or maintenance
Network
Infrastructure Provider
Connected Pipelines: Industry Partnership
Enterprise
Pipeline Automation Supplier
Pipeline SCADA, Process & Energy
Automation
Pipeline Simulation, LDS & Operational
Applications
Domain Expertise
IP Networking, Wireless and Optical
Communications
Industrial Cyber Security, ISA SP99
High Availability Designs
Virtualization and Convergence
Architectures
Connected Pipeline Use Cases
SCADA Real Time Operations
• Poll, collect, store and display information from station IEDs
• Send real-time control commands to stations in a reliable and fail-safe manner
Energy Management
• Ensuring power quality and reliable distribution
• Real time propagation of electrical events and responses within the station and WAN
Leak Detection / Intrusion Detection
• Distributed Acoustic Sensing
Physical Security
• Pipeline station internal and external CCTV
• Access Control Systems
• High Quality Video stream to Control Center from pipeline stations
Remote Access
• Access operational servers and content from the office, remote engineers and 3rd parties
• Remote access to the Process control domain (Levels 0-3 of the Purdue model)
• Access office (Levels 4-5 of the Purdue model) resources from the process domain.
Voice and Emergency Response
• Broadcast emergency announcements to remote stations
• Integrate IP / landline voice, mobile, radio, video, and emergency response services
Control Centers
Control Center Virtualization
Resiliency Visibility Simplicity
Control Center Architecture
Data Center CC EdgeDMZOperator Workstations
EnterpriseWAN to
Pipeline
• UCS B w/ 6120 Interconnects
• Nexus 5500
• Fiber Channel Storage
• ASA 5525 • ASR 902• Nexus 2200 Fabric Extenders
Fiber Channel TwinaxEthernet
Control Center Server Connectivity
Primary SCADA 10.1.1.2
Secondary SCADA 10.1.1.3
UCS 6120 Nexus 5500UCS B
HO
ST
AH
OS
T B
Virtual IP 10.1.1.1
VPC
VPC
NIC Teaming
NIC Teaming
SCADA Application Redundancy Options
• Application
• VM
• Host
Supervisory Control
Energy Management
Leak Detection
Physical Security
Control Center Perimeter Security
Data Center DMZ
SCADA Support / Office Development / Test PSS
• Controllers
• Servers
• Leak
• Historian
• Operators
• Remote Access
• Decision Support
• Domain Controllers
• Engineering
• Database
• SCADA
• Historical
• Video
• Access
• Mgmt
L3 Interface802.1q Trunk
L3 Interface
• SCADA A, SCADA B and PSS segmented at the WAN & remote Pipeline through L3VPN
• SCADA A & B imported into SCADA Perimeter, PSS L3VPN imported into the PSS Perimeter
• Service and route policy applied at the firewall
• DMZ Provides protection and landing area from the Enterprise
• No cross pollination of traffic without explicit firewall configuration
• Layer 2 Segmentation from the Zones to the Firewall (L3) through VLAN’s
• Firewall interfaces PSS & SCADA pushed into different VRF’s at the ASR’s
Control Center Traffic Segmentation
SCADA Servers
SCADA ZONE
Decision Support & RAS
DMZ
Video Servers and Mgmt
PSS
Enterprise
SCADA A
SCADA B
PSS
ASR Terminating L3VPN/WAN
L3 and Perimeter/Zone policy
applied at the Firewalls
• Dual Nexus Switches and Dual Fabric Interconnects with virtual Port Channels (vPC)
• Server Redundancy can be at Application, VM, or Host level
• Dedicated Storage Array with RAID
• SAN Replication available to Backup Control Center
• Dual Edge Routers
Control Center Resiliency Summary
Connecting the Pipeline to the Control Center
WAN Options
Wireless L2VPN L3VPN DWDM
WAN Design with Wireless DMVPN
• 3G/LTE Connections with a DMVPN Tunnel
• Limited Bandwidth
Operations
SCADA A
Terminal StationTerminal Station
Primary
Control Center
Sub-Station Sub-Station
WAN Design with L2VPN
• Active/Active Point-to-Point Pseudowires from Control Center to Terminal Station “Spokes”
• EoMPLS
• Separate Pseudowire per Service for security and isolation
Operations
SCADA A
Security /
Services
(Voice, Video)
Operations
SCADA B
Backup
Control Center
Terminal Station Terminal Station
Primary
Control Center
MPLS
MPLS Pseudowires (L2VPN)
Access Facing Interface
EFPEthernet Flow Point
ASR 903
Core Facing MPLS Interface
VLAN w
VLAN x-y
VLAN z
BDI
Bridge Domain L3 Interface
PseudowireVirtual Circuit (VC)
VFIVirtual
Forwarding Interface
• VRFs at Terminal Stations and Control Centers
• MPLS and BGP
• L3VPN per Service for security and isolation
• TE-FRR for fast convergence
WAN Design with L3VPN
Operations
SCADA A
Security /
Services
(Voice, Video)
Operations
SCADA B
Backup
Control Center
Terminal Station Terminal Station
Primary
Control Center
MPLS
• Mux/Demux points at Terminal Stations and Control Centers
• Ideal for remote locations, harsh environments, or for high bandwidth requirements
• Wavelength λ per service for security and isolation
WAN Design with DWDM
Backup
Control Center
Terminal Station Terminal Station
Primary
Control Center
• Traffic is divided into unique wavelengths of light (channels or lambdas)
• Physical layer separation over single fiber
• Up to 80 channels
• Up to 100 Gbps / channel
• Up to 2000km without regeneration
• OTDR can pinpoint where a fiber break occurred
• Operates on the C-Band 1530-1565nm
Dense Wave Division Multiplexing (DWDM)
Pipeline Sub-Stations
• DWDM, L2 Ethernet, Wireless
failover
• Level 2.5 protection zone
• Process, safety & energy domains
• Multiservice domain
• Industrial and wireless mobility
• Legacy serial transport
• Distributed Acoustic Optical Sensing
• IEC 62443 / ISA99 Security model
Main Pipeline Station Architecture
SCADA A
Station Ring
SCADA B
Station Ring
Multi Service
• Separate equipment in the main station
• Communications required at the station level between the two operators
• Firewalls provide security to explicitly permit communications between SCADA systems
• ACLs restrict Multiservice communication between the two ASRs
• Could also be used if the operator is the same between pipeline segments.
Extending Pipelines – Option 1
SCADA A
Multi Service
SCADA B
Multi Service
SCADA A
SCADA B
Segment A Segment B
Segment A Segment B
• Share the ASR and the Firewalls.
• Communications required at the station level between the two segments
• Firewalls provide security to explicitly permit communications between SCADA systems between pipeline segments
• ACLs restrict Multiservice communication between the two ASR’s.
Extending Pipelines – Option 2
Multi Service Multi Service
SCADA
A
SCADA
A
SCADA
BSCADA
B
Inter-Station Connectivity Considerations
Distance between Stations
Environmental Conditions
Power and Space Availability
Cable Conduit Placement
• Ideal for Ethernet rings
• One port always blocks
• Fast and predictable convergence (50 – 250ms)
• VLAN Load Balancing
• Deterministic definition of blocking port
• Clear view of complete topology
Resilient Ethernet Protocol (REP)
• A REP segment is a chain of ports connected with the same segment ID
• One switch can only have two ports in the same segment
• REP guarantees there is no connectivity between edge ports
• When all interfaces in the segment are up, the alternate port is blocking
• When a link or switch failure occurs, the blocked port begins forwarding
REP Operation
REP
Segment
A
B
C
E
D
Edge Ports
ALT Port
Ethernet REP Ring
Terminal Station Terminal StationSub Station Sub Station
WAN to
Control Center
Sub Station
1 VLAN, 1 Subnet
Which way to the PLC?
I know how to get
there!
I know how to get
there!
HSRP
REP Segment
REP ALT
Ethernet + DWDM Ring
Terminal Station Terminal StationSub Station Sub Station
WAN to
Control Center
Sub Station
1 VLAN, 1 Subnet
HSRP
StationSub StationStation
Ethernet + DWDM Rings
Terminal Station Terminal Station
WAN to
Control Center
Multi Context ASA
SCADA A
SCADA B
Multi Service
Multi Context ASA
ActiveStandbyStandby
StandbyActiveActive
Terminal StationTerminal Station
SM
R1
SM
R1
SM
R1
Mux/Demux
Patch Panel
SM
R1
XP
ON
DE
R
XP
ON
DE
R
Express
Port
DWDM Physical Connectivity
Mux/Demux
Patch Panel
SM
R1
Mux/Demux
Patch Panel
SM
R1
XP
ON
DE
R
XP
ON
DE
R
Mux/Demux
Patch Panel
DWDM Physical Layer Example
Pipeline Segments
All traffic goes through Main Station
Physical topology agnostic
Ethernet + MPLS Pseudowire Ring
Terminal Station Terminal StationSub Station Sub Station
WAN to
Control Center
Sub Station
1 VLAN, 1 Subnet
HSRP
Point-to-Point L2VPN Pseudowire
StationStationStation
Ethernet + MPLS Rings
Terminal Station Terminal Station
WAN to
Control Center
Multi Context ASA
SCADA A
SCADA B
Multi Service
Multi Context ASA
ActiveStandbyStandby
StandbyActiveActive
ASA Failover Keepalives
VRF A
Main Terminal Connectivity and Security Details
Active ASA - A
VRF A
Bridge Domain A
Standby ASA - A
ASR ASR
L2
Pseudowire/DW
DM
L3 Interface A
To Control Center
Bridge Domain A
L2
Pseudowire/DW
DM
VFI VFI
L3 Interface A
From Pipeline Sub Stations
Failover Port Failover Port
MPLS Rings CLI Reference (Partial)FOR YOUR REFERENCE
! Terminal Station ASR 903
!
interface GigabitEthernet0/4/1
description Connection to IE4K-O3105
mtu 9216
no ip address
load-interval 30
negotiation auto
rep segment 100 edge
cdp enable
service instance trunk 1 ethernet
encapsulation dot1q 100-101
rewrite ingress tag pop 1 symmetric
bridge-domain from-encapsulation
!
l2 vfi pipelinering1 manual
vpn id 100
bridge-domain 100
neighbor 10.200.100.2 encapsulation mpls
!
Access Facing Interface
REP Edge Termination
EFP (Ethernet Flow Point)Match VLANs 100-101
Remove the VLAN tag for transport
Forward to a dynamic bridge-domain matching the incoming VLAN
Virtual Forwarding Interface
VC Identifier
Associate with Bridge-domain 100
Establish an MPLS VC to 10.200.100.2
Dual Ethernet Rings
StationStation StationStationMain Station Main Station
WAN to
Control Center
Active/StandbyASA 5525x
Active/Standby ASA 5525x
ASR 903Dual RP
ASR 903Dual RP
IED
SCADA A
SCADA B
Multi Service
Main Station
• Active/Standby RPs, Active/Standby ASA
Between Stations
• REP, Dual SCADA Rings
Core
• MPLS TE-FRR, Active/Backup Pseudowires
Pipeline Resiliency Summary
Switches Routers ONS
• IE-2000
• IE-3000
• IE-4000
• ISR 819
• ASR 902 / 903
• ONS 15454
• NCS 2006
Ethernet Platforms: IE 2000
• 4, 6, 8 and 16 Port Fixed configurations, Compact form factor
• SFP Uplinks to minimize configurations while providing flexible fiber options
• All Optical SFP base option
• Feature Variations – Support for Motion applications (IEEE 1588 PTP), Gig uplinks and Conformal coating in select configurations , IA
Lite and Base IOS software packages
• Industrial Environmental and Certifications
• Integrated power supply, Alarm relay, IE Swap Drive (Removable SD) for easy switch replacement
• IE2000 Datasheet http://www.cisco.com/c/en/us/products/collateral/switches/industrial-ethernet-2000-series-switches/datasheet-c78-
730729.html
16 copper ports (incl. 4 PoE/PoE+ ports)+ 2
combo ports
5.1 x 5.0 x 5.26 in
6 copper ports or
4 copper ports + 2 SFP
5.1 x 2.95 x 4.51 in
8 copper ports
+ 2 combo (copper or SFP) ports
5.1 x 3.6 x 5.26 in
16 copper
+ 2 combo ports
5.1 x 5.0 x 5.26 in
6 fiber ports
5.1 x 3.15 x 4.51 in
FOR YOUR REFERENCE
Ethernet Platforms: IE 3000
• Ruggedized for Industrial Applications, NEMA TS-2 compliant
• Modular design with many configurations
• Extended power options, AC and DC
• Surge protection
• IE SwapDrive for “Zero-Config” replacement
• Ease of use features
• Cisco device manager & CNA support
• Integration with factory management tools using Profinet, CIP
• Layer 3 Industrial Switches
• A separate L3 SKU as well as a software upgradable option
• Software is the same as the Catalyst 3750 IP Services
• IE3000 Datasheet http://www.cisco.com/c/en/us/products/collateral/switches/industrial-ethernet-3000-series-switches/data_sheet_c78-440930.html
FOR YOUR REFERENCE
• Superior bandwidth and capacity: 40 Gbps non-blocking switching capacity with up to 20 Gigabit Ethernet ports per switch
• High density industrial Power over Ethernet or Power over Ethernet Plus support providing in-line power to up to eight power devices
• IOS software features for smooth IT integration and policy consistency
• Robust resiliency and enhanced security
• Simplified, pay-as-you-go software upgrade path with universal software image
• Data Sheet: http://www.cisco.com/c/en/us/products/collateral/switches/industrial-ethernet-4000-series-switches/datasheet-c78-733058.html
Ethernet Platforms: IE 4000FOR YOUR REFERENCE
• Industrial Grade MPLS PE Router – Meets IEC 61850-3 & IEEE1613
• Fully Redundant (PSU, RSP, FAN) & Modular Chassis
• Deterministic Low Latency WAN Routing for Teleprotection
• Carrier Grade Transport Services - TDM Circuit Emulation
• High Performance Forwarding: 55Gbps Throughput RSP1A/B
• Diverse Interfaces – Serial, T1/E1, STM1, 10G, GE
• ASR903 datasheet http://www.cisco.com/c/en/us/products/collateral/switches/me-3400e-series-ethernet-access-
switches/data_sheet_c78-495220.html
• ASR920 datasheet http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-
732103.html?cachemode=refresh
ASR 902 / ASR 903 AggregationFOR YOUR REFERENCE
• Compact
• Industry’s most compact hardened M2M gateway with Dual SIM
• Hardened
• Built for challenging environment – shock/vibration, humidity, splash water, temperature, dust, no
moving parts
• Services-rich
• IOS-based, secure native SMS gateway with GPS support
• Mobile IP and IPv6 ready
• 819 datasheethttp://www.cisco.com/c/en/us/products/collateral/routers/819-integrated-services-router-isr/data_sheet_c78-678459.html
ISR 819FOR YOUR REFERENCE
DWDM Platforms: ONS 15454
69
40/80 Wavelength DWDM
Metro, Regional, Long Haul scalability
Widely deployed across Carrier, Enterprise, Government, &
Education customers
ROADM Leadership
Leader Worldwide Market Share
Any Fiber Topology (mesh, ring, linear, etc…)
Any-to-Any Wavelength Provisioning
Service Flexibility
Transponder based Wavelengths
Router/Switch based Wavelengths
Muxponder L1 Aggregation
Xponder L2 Aggregation and Services
Automation and Intelligence
Automated turn-up, Automated Power Control
Advanced GUI, feature rich performance monitoring
ONS 15454 M6 Datasheet http://www.cisco.com/c/en/us/products/optical-networking/ons-15454-m6-multiservice-transport-platform-mstp/index.html
ONS 15454 M2 Datasheet http://www.cisco.com/c/en/us/products/optical-networking/ons-15454-m2-multiservice-transport-platform-mstp/index.html
FOR YOUR REFERENCE
Technology Bandwidth Latency Distance ReliabilityRapid
ConvergenceQoS
Skill sets to
Deploy/Oper
ate
Multiservice
Support
Ethernet
MPLS
DWDM N/A
3G
LTE
Satellite
WiMax
Communications Options SummaryFOR YOUR REFERENCE
• Single source of truth and policy for network access
• Authentication and Authorization
• 802.1x, Web-Auth, MAB
• Policies based on Who, What, Where, When, How
• Posturing and Profiling
• Policy is enforced at the access layer
• ACL, VLAN, SGT
• APIs for deep integration with other vendors
Station Port Security with ISE(Identity Services Engine)
• A dedicated port for maintenance, enterprise, or internet access
• Isolated, tightly controlled access
• Validate user and device against Active Directory, Certificate, or local database
• Validate source of access (switch type, location, wired/wireless, interface)
Station “Convenience Port”
Sample Convenience Port ISE Authorization Policy
Allow an authorized employee with an authorized
device on an IE-4000 switch on the correct port
Apply appropriate policy for employees in Zone 1
Multiple Zones
ISE Live Authentication Reporting
Putting it All Together
End to End Network Infrastructure
Block ValveBlock Valve
Main StationMain Station
Nexus 5548
ASA 5525x
UCS B 5100 Storage
ASR 902
IDMZ
Primary Control Center
ASR 903
(Dual RP)
ISR 819
IE 4000
ASR 903
(Dual RP)
ISR 819
IE 4000
IE 4000
IE 4000 IE 4000
IE 4000
IDMZ
Backup Control Center
UCS C220 M4
ASR 1000
(VPN)
ASR 903
Nexus 2k
IE 2000 IE 2000
Nexus 5548
ASA 5525x
ASR 902
Nexus 2k
Storage
MPLS Core
ISR 3945
(VPN)
UCS 6100
NCS 2006 NCS 2006
NCS 2006 NCS 2006
Block Valve Block Valve
ISR 819ISR 819
IE 2000
Enterprise
Connected Pipeline Example
• Best Practices and Configurations
• A baseline Connected Pipeline Design
• Available to Customers and Partners
• October 2015
Cisco Validated Design
VALIDATEDDESIGN
Conclusion
Reduced Complexity and Staffing requirements
Reduced System Integration needs and costs
Pipeline capacity expansion with no downtime
Faster Leak and Rupture Detection
Simplified and Validated Infrastructure for On-time Project Execution
Fit for purpose: optimize space and power requirements
Business Outcomes and Key Takeaways
Q & A
Participate in the “My Favorite Speaker” Contest
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle <KonradNC>
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could Be a Winner
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
Glossary
3G 3rd Generation Mobile Network
CCTV Closed Circuit Television
DNP3 Distributed Network Protocol
DWDM Dense Wave Division Multiplexing
GOOSE Generic Object Oriented Station Event
IDS Intrusion Detection System
IEC International Electrotechnical Commission
IETF Internet Engineering Task Force
IP Internetworking Protocol
IPICS IP Interoperability and Collaboration System
IPS Intrusion Prevention System
ISA International Society of Automation
L2 Layer 2 of the OSI Network Reference Model
L3 Layer 3 of the OSE Network Reference Model
LAN Local Area Network
LTE Long Term Evolution
MPLS Multi Protocol Label Switching
NTP Network Time Protocol
ONS Optical Networking System
PIG Pipeline Inspection Gauge
REP Resilient Ethernet Protocol
SCADA Supervisory Control and Data Acquisition
SLA Service Level Agreement
TCP Transmission Control Protocol
VLAN Virtual Local Area Network
VPLS Virtual Private LAN Service
VoIP Voice Over Internet Protocol
VPN Virtual Private Network
WAN Wide Area Network