Ethernet hardware webcast questions and answers

The Control Engineering webcast, Ethernet Hardware, Nov. 12, is available for archived viewing, and the system integrator who provided advice on industrial Ethernet hardware answered additional questions from the audience, below. This webcast is a Control Engineering Registered Continuing Education Program (RCEP) accredited for 1 professional development hour (PDH).


Before defining an Ethernet network infrastructure, it’s important to understand who’s involved and what standards, policies, procedures, media, and roadmap are involved, according to Kurt Forster, MCITP (EA), industrial IT systems and security specialistSome of the questions raised during the Control Engineering webcast on Ethernet hardware were answered during the live question-and-answer session (available for viewing as part of the 1-hour webcast). Questions among Control Engineering registrants' included Ethernet network design, Ethernet switches, Ethernet protocols, network troubleshooting, network security, and Power over Ethernet-related topics. Kurt Forster, an industrial network expert with Autopro Automation Consultants Ltd., provided advice on Ethernet hardware for the webcast and answered additional questions that didn't fit into the 1-hour webcast, below. Registrants to the Control Engineering RCEP-accredited webcast are eligible for a professional development hour (PDH) after viewing and passing a quiz. See the Ethernet Hardware webcast here.

Audience question: What is the recommended separation between industrial and IT networks?

Answer from Kurt Forster: There are many different ways to separate the industrial networks from the enterprise. These are the most common:

1. Full air gap is a total segregation between the two infrastructures with no possible connectivity or direct data transfer between the two.

2. On-command air gap. This is the same as No. 1; however, when asked to do so and permission is granted, a cable between the two infrastructures would be connected and enabled for an amount of time. This would then be disconnected once the session was finished.

Ethernet Hardware webcast by Control Engineering with Autopro Automation Consultants3. Single firewall pass-through is when you have a firewall in between the two infrastructures, and a select set of clients are allowed through.

4. Single firewall and an automation demilitarized zone (DMZ). It's the same as No. 3, without a pass-through. All data ends in a DMZ zone. (Firewall and DMZ are owned and controlled by the integrated control systems - information systems (ICS-IS) team

5. Double firewall shared DMZ is where one firewall on the enterprise connects to an ICS switch. From that ICS switch the automation firewall also would connect into it. (The DMZ space would be shared between information technology/information systems (IT/IS) and ICS-IT. Most servers and computers would be dual-homed, or it would be a shared IP range.)

6. ICS-IS firewall to ICS/IS boundary router with a DMZ coming off of the firewall would run from the boundary firewall into an IT/IS firewall with a DMZ coming off of the firewall.

Recommendation: It depends on who administrates the infrastructures above. However, I feel that No. 6 is the best and recommended solution as there are clear defined DMZs from both sides of the boundary router.

Question: What are the recommended ways of connecting industrial Ethernet to legacy networks?

Answer: This depends on what you call a legacy network and which legacy network is deployed. However, if we are talking about a token ring network or a control network, then normally you would have devices with the protocol network interface card (NIC), for Modbus, etc., in a PC and a second Ethernet NIC in the PC. This PC would normally be a historian, which would be able to push the data to the new historian or supervisory control and data acquisition (SCADA) server. This question is too broad to recommend one clear solution. However, if you build the new network as a ISA95 Purdue level and connect the legacy network via a dual homing at ISA Level 2, then this would be the best solution without more details.

Q: When doing a SCADA system installation using an Ethernet-type network connection, are there differences in an intranet- or Internet-type installation and setup? What are the advantages or disadvantages of each?

A: An intranet installation would be done on a server over the internal network with the installation media actually in the server itself. Internet installation would be done between a computer on an intranet and a device at a remote location connecting to the network via the Internet through a firewall. This could also mean that the installation is done on a cloud server on the Internet.

I am going to presume that you are asking about an intranet installation and a cloud Installation. The advantage of an intranet installation is that you are responsible for the hardware and applications being installed on the hardware. You are also responsible for the security and the patching levels of the devices. This may not sound like an advantage, but some applications are not designed to be installed on virtual or hardware that is not supported. Certain drivers are required to allow alarming with network failures. These drivers may not work on cloud servers.

The benefit of using cloud servers for applications that can run on the cloud is that you never need to worry about hardware upgrades, and if done correctly in a "high availability" or "fault tolerant" mode, you should never lose connection to the servers.

Q: What are the advantages of using SCADA systems, and what is the best type of physical hardware to use for maximum redundancy (minimizes downtime) in the event of power interruption or natural disaster?

A: The advantages of using SCADA can be found around the Internet, but in short, in most systems, it allows the monitoring, control-system administration, data collection, and historization to be done from a central location. When this is done from two separated locations in a fault-tolerant and high- availability design, a disaster could happen and could be controlled from a separate building (sometimes called a war room or standby control room) while the main control building is being evacuated.

Q: Besides security, what other advantages does Ethernet provide over intranet-type hardware?

A: Intranet is just a term for a type of network architecture and whether it crosses communication boundaries between business zones, such as intranet, extranet, and Internet. Ethernet devices are used in all of these designs.

Q: What are the advantages and advancements, current and future, that we should know about in the Ethernet hardware?

A: Ethernet hardware runs all infrastructures from remote and local closed networks to cloud systems, so it is important to understand the different types of Ethernet devices for the business zones in which you will work, such as enterprise, manufacturing, production, control, and automation. There are devices like switches that are used in all of the zones mentioned, but know which switch to use for its zone application is important. Because the industrial sector is normally 10 years behind the IT/IS sector, Ethernet devices that have trended and proven to be successful over the past 10 years slowly are getting introduced into new designs being deployed today. Often systems designed and applied in the industrial market are done in 15-year lifecycles. The technology must be proven, reliable, and maintainable for this period.

<< First < Previous 1 2 Next > Last >>

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me