Four tips: properly managed network architectures

Dan McGrath, Panduit-

I had an interesting and insightful conversation with a system integrator about the current state of industrial network architecture design and deployment at Automation Fair this past November.  My contention is that two kinds of switches are found in many plants today:  Unmanaged and ‘Poorly Managed’!  The system integrator engineer wholeheartedly agreed!

It’s not about the “manager”… it’s about the plan.

The discussion revolved around how to best design and deploy IT best practices for security, high availability, and quality of service for an industrial network architecture. Too often machines/systems are deployed with unmanaged switches, which may allow for initial startup of the machine or process, but are a liability when you need to scale more nodes or integrate into the factory. But it’s not just a question around unmanaged vs. managed switches.

Can a good manager and a bad plan coexist?

Deploying managed switches can give you a false sense of manageability and security. If managed switches are deployed as ‘plug and play’ devices without attention to configuration and setup, you may be left in a similar position of having a network teetering on the edge of functionality or with major security flaws.

The system integrator agreed that a skills gap exists when it comes to planning and configuration of the physical and logical network fabric. In my experience, one root cause has been not enough cooperation between IT and automation to even develop a plan.  I think there is a better way today:

Everyone can use the KISS – Knowledge, Integration, Simplify, Standardize approach to make a better plan:

  • Knowledge. Three ways to get smart and answer:  Is your networking knowledge current?  Do you have an up-to-date architecture plan and specifications when you plan projects?
  1. Join Industrial IP Advantage and read white papers, how-to guides, case studies that provide guidance, examples and ROI information for IT, Engineers and Operations/Maintenance.
  2. Engage with industry experts in our soon to release forum section and tune into Industrial IP social media channels on LinkedIn and Facebook.
  3. Consider outside help for assessing and improving your current plant network. Consulting services can provide training and implementation help to bridge the knowledge gap.
  • Integration. Discriminate the managed switch you select. Look for switches that integrate easily, simplify management – and deployment – while being future ready:
  1. Chose configuration that can be understood by IT staff and automation staff.  Does your managed switch have a configuration interface that IT understands already? Can you lock down ports or monitor your switch through your HMI or automation software?  Security must be pervasive so we need tools to cooperate.
  2. Use smart ports that have selectable configurations for the type of node you are connecting:  HMI, automation device, wireless, etc.
  3. Consider SFP (small form factor pluggable) slots for fiber. Fiber has proven benefits for resiliency and uptime when connecting switches.
  • Simplify. Building your network on standard unmodified Internet Protocol and EtherNet/IP will simplify your network design – here are three reasons:
  1. The selection of managed switches and designing a secure infrastructure becomes a lot easier without the worry of proprietary Ethernet variants and their complexities.
  2. Internet Protocol has the broadest footprint of tools and expertise for a secure, robust network from enterprise to plant.
  3. ODVA’s advancements of standard Internet Protocol extends EtherNet/IP architectures – motion, safety, process, and energy management.
  • Standardize. Don’t reinvent the wheel. ‘System’ solutions have seen real progress so you don’t need to struggle with as many ‘component’ design details.
  1. Leverage validated reference architectures. Real world networking use cases with test data to prove resiliency and Quality of Service factors.
  2. Use reference designs, popular configuration drawings and design/configuration tools that have configuration rule checking to build your architecture.
  3. Look for ‘building block’ integrated solutions that have managed switches, UPS power, and structured cabling  in a ready to deploy, fully wired enclosure optimized for industrial installation.

A smarter, secure, managed network can be easier to deploy than you may think.