The limits of convergence of data networks
Our experience shows that – today – not every Ethernet-based network can be planned, implemented, and operated in the same way. A wrong approach with regard to attaining full network convergence carries high risks. Since Ethernet-based communication has become more and more prevalent in industrial networks, special network designs – geared towards the requirements of the applications – have established themselves in the various industry sectors. Numerous IT departments are now attempting to implement the connection demanded by the production networks using the well-known procedures for the design and operation of office networks, break up existing industrial network structures, and integrate the automation devices into an existing IT infrastructure. The risks for the companies are substantial.
The IT requirements focus primarily on the user experience, i.e. the performance of the transmission of data such as telemetry, location, voice, and video over a common infrastructure, as well as on cybersecurity.
On the other hand, OT focuses on the secure operation of plants with the reliable data exchange of time-critical applications – even in harsh environments. The focus here is therefore on constant availability.
Connecting two worlds
Learn in this exlusive report why a secure connection between communication networks and enterprise IT is so essential – and all what you have to hake into account.
It should be noted that for a failsafe industrial plant, an integrated network concept based on a physical network separation with a connection concept meeting both security and performance requirements is strongly recommended. Convergence concepts that merely treat the industrial network like another, logically separated one, or do not even include a VLAN separation, should be considered with utmost care by users. As has been proven in countless industrial applications, the network – as part of the automation – plays a crucial role for smooth operations. A planning and an implementation based on the key OT criteria ensure the success of industrial companies.
What should be considered when connecting OT and IT networks?
Solution providers with experience in both areas recognize industrial networks as part of the automation. Thus, they plan greenfield and brownfield projects under different aspects than pure office and data center networks.
The data flow in industrial network infrastructures is characterized by horizontal and partly vertical communication. Thus – unlike in the purely vertical client-server communication in the office IT – there often is a direct data exchange between devices (horizontal communication). The vertical communication also differs to some extent, e.g. if it takes place between device and controller. To ensure the proper functioning of the industrial control components, a deterministic, isochronous, and very low-jitter cyclic communication is required. The prerequisite for this is a continuously active communication connection, which in the case of a client-server-based Ethernet communication – operating according to the “best-effort principle” – does not exist within the other enterprise IT.
If a fault or service case nonetheless occurs, an industrial facility can generally not be restored quickly enough under IT-customary SLAs (service-level agreements). Even a constantly available service may not be sufficient, if the response time in the SLA is defined as between two to four hours. Ultimately, only a fast restoration time matters, i.e. how long it takes until the plant runs smoothly again. A quick, simple fault localization – especially in more complex network infrastructures – is only possible with appropriate and integrated diagnostic and monitoring tools that can also be operated by the automation personnel. The tools should monitor all relevant connected end devices – including control and drive units and peripherals – and not limit themselves to infrastructure devices such as servers and switches.
In order to replace defective components and resume operation again as quickly as possible, it makes sense to also place the aggregation networks, such as the industrial backbone, directly at the plant – thus obtaining short service paths and quick response times. The environmental conditions in a production plant, a distribution station, or a filling/refilling system differ greatly from the climatic conditions in a data center or office. The fact that robust components should be used here, for which there are replacements even after many years, goes without saying.
In the field of office IT, outsourcing is a common practice for many companies. In line with the necessary high availability of industrial facilities, though, their associated networks are rarely outsourced. Own employees are responsible and equipped to handle maintenance work and malfunctions. For particularly critical areas, replacement parts are kept on site. Furthermore, when planning and operating an industrial infrastructure, care must be taken to have trained personnel in sufficient numbers available on site to ensure a trouble-free operation. Not every company is able to always have IT professionals at the ready. Thus, the contact persons typically are automation experts with IT knowledge and not IT specialists. That is why the network technology should also be manageable by trained automation technicians, since “non-IT specialists” often have to service individual components.
In any case, this role must be filled by skilled personnel, who can form an interface between automation technology and IT connection and serve as a competent contact for both sides. Besides the wired industrial IT architecture, this role also involves the management of wireless channels (WLAN, BT, Wireless HART, ...) in industrial environments.
In industrial environments, a distinction is made between safety – the functional safety, and security – the data security. The subject of safety covers functionalities that serve to protect people as well as plant and machinery. In an emergency, it must be possible to put individual machines, plant sections, or entire plant complexes into a safe state. For this, an instantaneous and direct data transmission to the critical control elements is necessary. The safety signals must be transmitted media-independently and reliably with the highest priority. If network sections are implemented with “emergency stop” functionality, the respective network connection must be ensured – in both wired and wireless network infrastructures (such as Wireless LAN). To meet the requirements in the area of security in industrial networks, special cell protection and firewall concepts need to be implemented, among other things. Through this, each production area must be protected against unauthorized access. Especially for the sensitive remote access, professional security concepts are required, e.g. to clearly regulate authorized maintenance work at defined plant sections. The version management, too, differs from the typical office IT. For the loading of patches for industrial plants, firmly scheduled maintenance time slots must be utilized; since performance losses associated with installing updates while the production is running can often be critical. For instance, unplanned network scans can unintentionally bring entire plants to a halt.