Professional Services for Industrial Networking
Expert support for future-proof communication networks
First-class network components alone are not enough to create a first-class industrial communication network. A thorough understanding of network structures is at least as important. You get both when you work with us and our qualified and experienced partners, and it definitely pays off. We give you professional help for the development of your industrial network solution and the interaction between Operational Technology (OT) and Information Technology (IT) that is precisely tailored to meet your specific requirements in all industries.
Infinite opportunities from infinite data
Hannover Messe 2021 took place from April 12 to 16 in digital format.
Siemens participated with a unique virtual presence. In line with the motto "Infinite opportunities from infinite data", participants in the Digital Enterprise Virtual Experience were able to explore all of the Siemens highlights in a realistic 3D environment and be inspired by this first-rate digital experience.
Register now to receive retroactive access to all content and presentations.
How can you ensure that a communication network will meet all current and future industry requirements? And how do you get the most out of the potential offered by state-of-the-art networks?
The best way is to work with a reliable, skilled partner that’s every bit at home in industrial automation as in designing and implementing communication networks. In other words: with Siemens.
On-Site Service and Support
Implementing a network solution for industry requires some preliminary work. It starts with an on-site visit to thoroughly review and document the existing network, determine weak points in performance and specify needs. We perform this evaluation review with you. That saves both time and costs, and ensures the project will be smoothly implemented.
Design and Consulting
Whether for a new or an existing network, an expansion project or an upgrade, we perform a thorough performance analysis of your network and infrastructure as part of our Network Design Services and Radio Frequency (RF) Planning and Site Survey Services. We then work with you to determine which levers will work best to meet the required needs.
Integration and Deployment
Our Pre-Configuration and Testing Services minimize the risk of malfunctions and outages in your communication network. Our Implementation Services also let you benefit from rapid commissioning and certainty during the construction stage, all of which will ensure the smooth operation of your plant and network.
Once the project has been implemented, the plant employees will require prompt training to make sure your new network runs perfectly and is efficiently maintained. The complex nature of the latest enterprise-wide communication networks makes it important to understand the system as a whole. We share this knowledge with you as part of our standard training sessions, which analyze the interconnection between automation systems and IT systems from the ground up. Our range of training sessions also includes certification and customized courses.
How fit is your communication network?
Demands for the high performance of wired and wireless networks are growing tremendously. To be absolutely certain that your network can perform the way it’s supposed to perform, let our experts give it a check-up.
You’ll receive reliable and explicit documentation on your network’s current status and we’ll help you analyze the results and derive recommendations for action. Together, we’ll make your industrial networking fit for the future!
Competent answers to important questions about industrial communication networks – available at any time and clearly arranged according to different topic areas.
Here you can find first-hand expert know-how to get the most out of today's complex industrial communication networks.
In contrast to standard IT, operating times around the clock (24/7) are demanded in industrial IT. The life cycles of industrial plants are much longer, i.e., updates may no longer be available for some components or may not be readily implemented in an accepted/released system. For example, a plant builder no longer provides a warranty or a safety certification would have to be renewed. As a rule, there are no defined time windows to perform maintenance work, changes may have to be made during operation. The automation process dictates the operating processes and not a single user.
It is common practice to design industrial network concepts based on the specific requirements of the respective application. In addition to safety, security and data availability concepts are also already included at an early stage of the network planning. Even though existing comparable network concepts can serve as the basis, individual application-specific characteristics are the compelling reason why no overarching standard architectures can be used.
In addition to dealing with a lack of space, it is crucial to enable the fastest possible exchange of defective components. To quickly put systems and plants into operation again, it makes sense to also place the aggregation networks – such as the industrial backbone – directly at the plant, thus keeping the service path short and the response time low.
The environmental conditions in a production plant, a distribution station or a filling/refilling system differ greatly from the climatic conditions in a data center or office. The fact that robust components should be used here, for which there are replacements even after many years, goes without saying.
A clear, physical separation of the two worlds makes sense and is nowadays also practiced, since the requirements differ greatly. In industrial applications, high availability, robust devices and fast switchover times are essential. Accordingly, the protocols used in the industrial automation environment have developed differently from those run in the office environment. This is one of the reasons why it is useful to decouple and separate the industrial network from the rest of the enterprise network through layer 3.
A threat to industrial networks that should not be neglected stems from the use of open communication technologies, e.g. Ethernet and OPC. These make previously proprietary, closed systems considerably more vulnerable to threats from the outside. No technology has increased the risk as much as Microsoft Windows, which is used as the de facto operating system in many industry sectors. While this trend brings many benefits to the plant operation, such as when it comes to the development effort as well as deployment and training costs, it at the same time exposes the control systems to all the risks and threats of the IT world.
Another threat exists due to the long life cycles of assets in industrial environments. In fact, many control systems have been in operation for more than 20 years. Instead of investing and migrating to modern systems – a very costly and potentially cumbersome process – many automation users have maintained legacy systems and merely improved their connectivity to retrieve more information from them. The consequence: Formerly closed systems are suddenly – and without preparation – connected to open enterprise networks and the Internet. As already mentioned, they are thus exposed to all common threats of modern communication.
Ignoring cyber threats to industrial IT systems can have far-reaching consequences for any plant operator – from environmental damage to image damage to financial loss. Other possible consequences include:
- Declining plant availability all the way to a plant stoppage
- Loss of data, recipes, intellectual property and confidential data
- Sabotage/manipulation of the industrial plant
- Changes in the production process and thus faulty products and services due to manipulated data
- Declining or lost competitiveness
- Penalties for security incidents due to non-compliance with legal requirements
In order to support you in the implementation of a comprehensive security concept, Siemens not only offers an extensive industrial security portfolio of products and services, but also several operational guidelines that make basic recommendations for organizational and technical measures. In the form of Industrial Security Services, Siemens furthermore offers comprehensive services to support the planning and implementation of suitable action catalogs that precisely meet your requirements. The defense-in-depth security concept used by Siemens is primarily based on the international standard IEC 62443 / ISA99, which has proven itself in the industrial environments of automation. It is aimed at plant operators, integrators as well as component manufacturers, and thus covers all security-relevant aspects of industrial security.
The use of so-called whitelisting software is a good alternative to virus scanners. Such systems work with so-called positive lists, in which the user specifies the processes or programs that may be executed on the computer. If a user or malware attempts to install a new program that is not stored in the lists, the software automatically stops this and prevents damage. Unlike virus scanners, whitelisting software manages without regular updates of the signatures.
As a provider of industrial software, Siemens supports the user in this respect by testing its own software for compatibility with virus scanners and whitelisting software.
Fundamentally, no security concept or measure can provide 100% protection. For an adequate protective concept, users must therefore weigh the costs of the security against the benefits of an integrated network as well as the likelihood and impact of a security breach. This may result in varying protective goals for the various areas of the production, which in turn can be protected with different measures. By taking a holistic view of the production, Siemens can also help in defining suitable protective goals.
The safety-related segmentation of the plant network into individual protected automation cells serves to increase the security, in addition to the general risk minimization, and is a fundamental component of a security concept.
Here, the segmentation of the network into cells and the assignment of the devices take place according to the communication and protection needs. Therefore, the implementation of a security concept often begins with the segmentation of the plant into logical security cells – according to the physical and functional layout of the network architecture. A security cell can again consist of several smaller segments, but in the case of disconnection, must ultimately be able to work autonomously for a certain period of time without a connection to other plant or functional units.
By carefully selecting the frequency band and based on that, the proper channel planning. Interference can also be caused by reflections, which can be minimized through appropriate antenna selection and positioning. An organizational solution is also recommended – restrict the use of WLAN-enabled devices in industrial environments.
Depending on the application, several solution possibilities are feasible. If real-time processing is required, a deterministic communication can be achieved via the Industrial Point Coordinated Function (iPCF), e.g., for PROFINET. Environmental conditions in near-industrial surroundings already may make the use of industrial WLAN components indispensable.
In today's companies, this is organizationally solved in many different ways. The recommendation by Siemens is that the automation-relevant network infrastructure is the responsibility of the maintenance personnel or an automation-related IT department – already simply because of the necessary operating times. The central firewall as the point of transfer between IT and automation is usually run by the office IT department, but the coordination of the guidelines has to be done by mutual agreement.
For a professional automation operation, it is recommended to employ a central management system that monitors the states of the network in real-time as well as allows parameters to be set, configurations to be backed up and software updates to be rolled out. It should be flexible enough so that it can be integrated into an existing control room as well as into a higher-level monitoring system. For analysis purposes, functions such as port mirroring or so-called TAPs (BANY) are useful, whose network recordings are evaluated using suitable analysis tools. Especially in the case of a fault, a remote access solution can prove to be very beneficial – diagnostics can then be started quickly without travel time.
The responsibility within the company strongly depends on the operational concept. In a situation as described above, the operational responsibility would be organized in automation-related departments. Maintenance is performed on-site at the plant; the automation-related IT department usually provides its services remotely.
Your partner for the entire industrial networking in the Digital Enterprise
With industrial network solutions, we help our customers to lay an optimal foundation for digitalization through the interaction between OT and IT and accompany them as they navigate the digital transformation. Optimally interconnecting automation and office networks requires in-depth knowledge of both OT and IT. That’s why the specific offering of industrial network solutions follows a comprehensive approach.