See Beckhoff at Hannover Messe
Industrial Ethernet Book Issue 88 / 12
Request Further Info   Print this Page   Send to a Friend  

IT/OT guide to deploying Ethernet on the plant floor

There are numerous advantages to using Ethernet on the plant floor, and also critical issues to consider for a successful implementation: migration strategies, communications differences, security needs and the need for industrially hardened devices. IT and OT personnel need to work together to deploy networks.


A unified system architecture for companies deploying Ethernet extends seamlessly between the office and factory environments, and needs to provide solutions for secure access.

ETHERNET ADOPTION ON THE PLANT FLOOR is in full swing. Collaboration between IT and automation engineers benefits both parties. Mutually arrived at, practical considerations for migration and security help ensure that the Ethernet trend on the plant floor will proceed smoothly. This article provides insights into issues that IT and automation professionals should consider as they connect Industrial Ethernet and solutions such as PROFINET to the plant floor.

Major manufacturers such as major automotive companies are moving exclusively to Ethernet for both enterprise and plant networking. Why? For one reason, it allows an entire assembly line to be on one physical network, and enables the ability to plug in anywhere and access any node on the network. This is a huge step forward from the past, when companies had a collection of isolated fieldbus networks, one at each machine. With Ethernet, companies get a unified network that is far easier to manage.

From an architectural perspective, the design is simpler and cleaner, making troubleshooting easier and giving users the ability to log on from anywhere. Once connected, tools can be used to see if a node is responsive, and to harvest detailed data for better decision making. Bottom line: bringing Ethernet onto the plant floor opens the door to engineering capabilities that current fieldbus networks can’t handle, from the free flow of production data to simplified device monitoring and maintenance. There are a few issues, however, that both IT and OT staff should keep in mind as they make the move.

Five Critical Issues to Consider



It’s an evolution, not a revolution. As demands on the plant floor exceed the capabilities of legacy fieldbus networks, Ethernet is positioned as the successor. High bandwidth, single cable networks, and vertical integration are all key drivers in the evolution of plant floor technology. Ethernet builds on but does not necessarily have to replace fieldbus technology. One advantage of using an Ethernet network: if there is a legacy fieldbus, you can make the migration to Ethernet in small blocks. It can be done at the fieldbus level in stages, or it can be a higher-level integration to the corporate network or the server level of the network. Because this can be planned and done in small pieces, it makes it relatively easy to manage. You don’t have to rip everything out and start from scratch. PROFINET, for example, can integrate legacy fieldbuses through a proxy, a device whose protocol mapping is defined in the PROFINET specification.

Put a migration strategy in place. Installing Ethernet on the plant floor doesn’t require a complete overhaul. Due to devices such as proxies and gateways, it’s possible to design production lines and machines that integrate with existing equipment onto the network. Specific details of the migration can be addressed during budget and schedule analysis. The key is to have a strategy, not go at the project in a haphazard way. What will the end product look like? Everything you do should be based on that vision.

Communicate and collaborate across functions. Involving automation engineers and IT staff early in the planning process lets companies clearly define roles and responsibilities for everyone involved. Web-based management tools and other technologies allow engineers to administer and maintain the plant floor network without IT tools or expertise.

Especially with PROFINET networking devices, all managed devices have web-based management tools. Typically those implementing on the plant floor network are engineering personnel—they’re not IT. So it’s important to have IT involved in the planning process. If IT knows what production is planning on implementing on the plant floor, they can make suggestions on how to optimize the network from an IT perspective, improving security and manageability. Because engineers are on the frontline of implementation, the web-based tools mean they don't have to be IT experts. This collective vision, collaboratively arrived at, is a key to success.

Create a 'DMZ' for security. One of the big issues on the manufacturing floor is segmenting the manufacturing network from the corporate or IT network. Creating network segmentation, or a 'demilitarized zone' (DMZ) in the Ethernet infrastructure between the business and plant floor networks, helps ensure traffic from one doesn't inadvertently flow to the other. This not only keeps unwanted traffic off the network, but also prevents unauthorized personnel from accessing areas that are off limits. The DMZ is created using security appliances that feature separate firewall rules for traffic moving between the plant floor, the DMZ, and the office network. Essentially it's a separation point between IT and the engineering management areas.

Use security devices designed for automation. When companies use tools designed with plant engineers in mind, the engineers can administer firewalls and secure VPN tunnels on their own. For example, you can deploy a dual firewall DMZ using a firewall on the office network and a firewall on the plant floor. Both IT and plant floor engineers would own the firewall on their side of the network. This allows domain experts to maintain their own firewalls and reduces the possibility of a common security gap in the DMZ.

A managed switch provides information that can prevent downtime and speed troubleshooting when the line goes down. The more expensive downtime is in your facility, the more important it is to invest in a managed switch. Managed switches cost more but the incremental cost is trivial compared to the cost of downtime. Up to now, you probably think this topic covers standalone Ethernet switches. But managed switches are also contained within PROFINET devices. So the same kind of diagnostic information you can extract from a standalone switch can be extracted from a switch in a PROFINET device.

Carl Henning is deputy director for PI North America.

www.profibus.com


Source: Industrial Ethernet Book Issue 88 / 12
Request Further Info    Print this Page    Send to a Friend  

Back

Sponsors:
Analog Devices: Time Sensitive Networking
ICDC: Your best ODM partner
DINSpace fiber optic and Cat 6 patch panels
CC-Link IE TSN

Get Social with us:



© 2010-2019 Published by IEB Media GbR · Last Update: 25.03.2019 · 41 User online · Privacy Policy · Contact Us