Isolate your automated Ethernet network for improved efficiency and security

By isolating automation Ethernet networks, companies will see improvements and benefits in the following three areas: Network speed, simplified data, and network security.

By Anthony Molnar, Turck April 28, 2014

Before Ethernet was used for automation, fieldbus networks ruled the plant floor. Fieldbus always worked on a dedicated industrial control network, separate from a business’ Ethernet. This isolation subsided as Ethernet for automation (also known as manufacturing or industrial Ethernet) came into the marketplace. But isolating the manufacturing Ethernet network from the business Ethernet network is critical to efficient and safe automation.

By isolating automation Ethernet networks, companies will see benefits in three areas:

  • Network speed: With an isolated network, engineers can monitor and minimize the amount of traffic on the network, optimizing speed and reliability.
  • Deterministic data: An isolated network simplifies what information is being sent and received, which is critical for system control. When you know how much time it takes to get information back from slave devices, you can better determine if a machine is malfunctioning or needs servicing.
  • Security: An isolated network limits who can access the system and what devices control the machines.

Following the best practices outlined below will help one to maintain a reliable and optimized isolated Ethernet network to keep the plant running smoothly and efficiently.

1. Limit access to improve safety and security.

Safety and security issues can arise when manufacturing Ethernet and business Ethernet operate on the same network. Isolating the manufacturing Ethernet is the first step in securing machines and processes by limiting access to the system and its controls. If manufacturing and business Ethernet are sharing a network, it is possible for any employee to intentionally or inadvertently change settings on the manufacturing network, which can lead to safety issues. With an isolated system, a company can tailor its levels of security.

For employee protection, companies should install a safety system on the network. Safe I/O is the Ethernet-capable version of traditional machine-control guarding and safety systems that guarantee devices to fail in a safe state. Traditional elements, including guard switches, emergency-stop buttons, pull cords and light curtains, which historically were hardwired to a device, can now be deployed through the Ethernet network. This enables companies to maintain a safety rating on a machine as if it were hardwired.

2. Mitigate production risks.

Efficient and error-free production is the lifeblood of successful automation. An isolated network helps mitigate production risks in two critical areas:

  • Downtime: Downtime can be crippling for a plant. By controlling who has access to PLCs and their devices, companies prevent employees from inadvertently or purposefully accessing the Ethernet network and changing settings that may cause a machine to stop running.
  • Quality control and assurance: A twist on the downtime risk is quality control and assurance issues. If settings are changed, the machine may continue to function, but it may not produce the product correctly, which can be a quality and assurance nightmare. 

3. Choose the right products for optimal function.

The cable and connection style are critical communication elements in manufacturing Ethernet, and using standard business products may not be a good option. The organizations that manage Ethernet standards have created guidelines specifying possible conditions to which cable and connectors could be exposed in the manufacturing environment. These are referred to as MICE, and include Mechanical, Ingress, Climatic/Chemical, and Electromagnetic conditions. A shielded Ethernet cable, for example, is preferable to an office-grade Category 5 twisted pair cable because of its robust components and an ability to withstand the electrical noise of a plant floor that can potentially interfere with a network. The recommended connector is a M12 D-Coded design, which is round, instead of an RJ45 connector, which looks like an oversized phone jack. The M12 D-Coded connectors are designed for the manufacturing environment and maintain a watertight seal, greatly reducing the risk of environmental hazards that could jeopardize network performance.

Finally, it can be tempting to fieldwire connections to create custom network solutions. However, customized, pre-manufactured molded cordsets are a better choice. If fieldwire connections aren’t property assembled or maintained, data packets can be lost, resulting in downtime. Molded cordset communications lines are guaranteed to be tight, so no communications are lost.

4. Find success by defining IT and engineering roles.

Who controls and monitors Ethernet for automation can turn into a power struggle between engineers and the IT department. While IT professionals are very knowledgeable about Ethernet in the business environment, they don’t necessarily understand manufacturing Ethernet as well as a control engineer would. Likewise, a control engineer understands Ethernet’s application on the plant floor for manufacturing and automation, but wouldn’t necessarily understand how it affects the overall business system like an IT professional would.

For a truly successful implementation of isolated manufacturing Ethernet, both sides need to create a specific level of understanding and agree on IT and engineering roles and responsibilities. The following questions can help start that discussion:

  • What is our Ethernet hierarchy/structure?
  • Who is the expert for each area of Ethernet?
  • Where are potential areas of conflict?
  • Once potential conflicts are defined, who will be responsible for those specific areas? 

Anthony Molnar is TURCK’s networks business development manager. For more information, visit

– Edited by Jessica DuBois-Maahs, associate content manager, CFE Media,