Design advice for connecting IT and OT
High-performance infrastructure, including industrial Ethernet networks, helps with efficient, secure and reliable connections between information technology (IT) and operational technology (OT) systems and software. Note the unseen costs of unmanaged switch and transition layer between IT and OT.
The more information technology (IT) systems and the machine/plant level operational technology (OT) systems are connected, the more data traffic is expected to occur in the network. It also becomes more difficult to identify the routes data takes through the network and recognizing critical changes in the network status. In Ethernet-based networks, like Profinet where Profinet traffic and non-Profinet traffic are mixed, sporadic and unpredictable events are likely to occur.
Unseen costs of unmanaged switches
Availability, security and performance of Ethernet-based industrial networks are influenced by the kind of network switches used. On a capital cost basis, unmanaged Ethernet switches are selected for many machines and systems. These switches are cheap to buy, but only provide a limited range of functions and can increase risk, adding lifecycle costs. For example, the port statistics unmanaged switches determine cannot be retrieved and are worthless. Unmanaged switches are not detected during a topology scan and are therefore may be overlooked in network or cybersecurity documentation. They can sometimes even negatively affect network communication by not supporting certain protocol-typical functions (such as for Profinet). Unmanaged switches cannot be integrated in the hardware configuration either: If an unmanage switch fails, the programmable logic controller (PLC) does not receive a diagnostic message.
Using managed switches makes network management much easier. They offer many possibilities for device and port configuration, as well as activating additional functions, such as port mirroring, bandwidth control or redundancy support. They also supply important information for diagnostics, such as errors, discards and network load.
In an IT environment, we find an established distinction of switches. With the growing connection between IT and OT, the model can be adapted for industrial automation’s use by understanding that different levels require different features from Ethernet switches. (See table).
Network transitions between IT and OT
|Information technology (IT)||Core|| |
|Industrial information technology (IIT)||Distribution|| |
|Operational technology (OT)||Access|| |
An industrial information technology (IIT) level is developing as the link between IT and OT. It is responsible for the acquisition and transfer of data and information from the OT area to IT. This data and information may not be directly related to machine and system control. Even so, the data can be crucial for process control and optimization, such as quality monitoring and evaluation, logistics and material flow.
Distribution layer switches are expected to provide data transfer with gigabits per second because a lot of TCP/IP data is expected in this level. In general, a high netload will occur because the distribution layer connects many different networks. A routing/firewall function also is necessary to ensure a secure data exchange only on allowed routes. Keeping the rough industrial environment in mind, it is advisable to use switches with integrated leakage current monitoring. A relevant number of network issues do not originate in physical communications, but are impaired by too-high shield currents.
Christian Wiesel, marketing and public relations staff, Indu-Sol GmbH. Edited by Mark T. Hoske, content manager, Control Engineering, CFE Media, firstname.lastname@example.org.
KEYWORDS: Industrial network design, Ethernet switches, IT/OT
Connections between information technology (IT) and operational technology (OT) are increasing.
Unmanaged Ethernet switches can have unforeseen costs.
Industrial information technology (IIT) helps link IT and OT communications.
Are you managing to increase lifecycle costs and risk with unmanaged Ethernet switches?