Ethernet Switching is the technology of choice for the vast majority of distributed Automation Systems.
Switched Ethernet
Why are we where we are
Automation networks tend to be clusters of interconnected and interrelated devices working towards a common outcome. Historically, these devices were interconnected using proprietary transmission techniques based upon the multi-drop RS-485 protocol; whilst limited in size and often unreliable, the serial fieldbus did enjoy a degree of security from its obscurity. The global desire to lower costs and increase reliability across both short and longer distances allowed Ethernet, a technology that came about in the enterprise ‘IT’ LAN, to move into the automation ‘OT’ space. With no other threat than a simple cable break to worry about in the mid-late 1990s, the introduction of networking Company Hirschmann introduced the Hiper Ring and, overnight, solved the main objection of deployment at Plant and Control Networking layers – rapid resilience. The Automation players tried to fight back but picked upon the weak and largely historical argument of ‘determinism’ – the lack of – as the reason their Customers should remain locked in to their proprietary, high-cost, and often inflexible networking standards. This view is supported as the determinism objections seemed to just disappear with the wind once each of these vendors later introduced their own range of devices with an Ethernet interface. Editor’s view: Had the argument against determinism been more considered and security selected in place of determinism, automation system networks would look very different today. That horse has well and truly bolted, and we are where we are; now we need to embrace the benefits (of which there are many) and think about what we can do to make our automation ‘OT’ networks as robust and secure as possible.
Flexible, Fast & Reliable Networking
The technology dates back to 1973 when Bob Metcalf developed the concept as a shared, high-speed medium for transmission. The original shared ’10Base5 / 10Base2 / 10BaseT (hub)’ technology implementation became a victim of its own success and evolved into the switched platform now commonplace. Transmission speeds have increased 1000-fold over the years, with backbones now able to operate at up to 10Gbps. More typical speeds deployed in Automation projects are 1Gbps for Server connections and the distributed backbone. Access devices connect at 100Mbps. The emergence of full duplex transmission in the late 1990s and the wire speed forwarding that became commonplace in 2000-2005 issues of determinism have been largely eradicated. Recent enhancements to the technology include Zero Loss Ethernet and Real Time Ethernet, engineered to satisfy the most stringent and time-sensitive of applications. Devices have evolved for certified operation in extreme environments. These include rail, where vibration and the environment are the issues, and power, where electromagnetic interference and highly accurate timing are key drivers. Industrial-strength products can be securely mounted in every automation environment, and they can also provide power to the devices attached, making them more of a utility to the automation system. The more general switching opportunity of today relates to network optimisation and getting to grips with the challenges of network security.
Optimisation
Multiple network services can now be consolidated across a common, resilient, and high-speed backbone without compromise. This consolidation makes for simplified management and administration, it allows networks to be designed with no single point of failure and also dual redundant topologies where application services are protected from both communication path failures and switch node failures. IT4A’s critical network design methodology uses threat assessment and risk treatment planning to underpin both product and feature selection. This approach allows the investment in network infrastructure to be linked directly to business continuity planning.
Security
Network security is often described as an onion skin as there are many layers. The first layer is physical and considers media (copper/fibre) selection, routing and containment. At the second ‘Ethernet’ layer, security is achieved through the deployment of features such as VLANs for segmentation by application, 802.1x, port locking and strong passwords to control access through effective authentication.
Think Awareness
With Ethernet able to span thousands of miles and the fact that a single rogue device can compromise the entire system, knowing what is attached to your infrastructure, where it is, and for what purpose is of paramount importance. Grouping devices based upon their application rather than their physical location is a good practice approach that introduces greater organisation and security. The result is the creation of smaller networks, networks where the primary traffic flows are to other devices or a server within that same sub-network and only occasional access beyond. Crossing beyond a sub-network boundary requires the function of a router; controlling what passes between these networks requires a firewall. Routing and Firewalling are often network services found within a single physical device.
GET IN TOUCH FOR ALL YOUR AUTOMATION NETWORKING, CYBER-SECURITY, & PROTECTIVE MONITORING REQUIREMENTS
Automation networks rely upon five key technology areas:
“I can honestly say that with IT4A working alongside us, we assembled the right team and managed to achieve all our goals successfully”
Nuclear Sector, Project Manager