NW05 - Cisco Solutions for the Converged Plantwide Ethernet Reference Architectures

Copyright © 2015 Rockwell Automation, Inc. All rights reserved. Rockwell Automation TechED 2015 @ROKTechED #ROKTechED

PUBLIC INFORMATION

NW05 - Cisco® Solutions for the Converged Plantwide Ethernet Reference Architectures


Abstract

Cisco® products and solutions enable technical and cultural convergence between information

technology (IT) and industrial automation technology. This discussion reviews the Cisco® solutions

within the Cisco and Rockwell Automation® CPwE reference architectures, including Catalyst® family

of switches and Adaptive Security Appliances (ASA) firewalls, capabilities, selection and support. A

prior understanding of general Ethernet concepts, or attendance of the Fundamentals of EtherNet/IP™

Network Technology session is recommended.

2 3


Agenda

3

Catalyst® Switching and Routing

Cisco Systems® and Rockwell Automation® Alliance

Adaptive Security Appliance Firewalls

Additional Information

Wireless LAN (WLAN)

Unified Computing System (UCS)


Why Is This Important? Control and Information Convergence

5

Scalable, robust, secure and future-ready infrastructure: Application

Software

Network

Internet of Things, Internet of Everything


Cisco Systems® At A Glance

5

Campus that is wired and wireless network framework for structure and

hierarchy best practices

Unified communications for mobility and collaboration

Voice, video and data

Unified computing systems for server, switch and firewall virtualization

Integration with Cisco® and IT network management applications

Resiliency and availability features

REP, Flex Links, HSRP, StackWise

Integrated catalyst network security

Cisco Systems, Inc. is the worldwide leader in networking, transforming how people connect, communicate and collaborate


Cisco® and Rockwell Automation® Collaboration Technology, Network, Cultural and Organizational Convergence

7

Stratix 5900™ Services Router, Stratix 5100™ Wireless Access Point/ Workgroup Bridge, and Stratix 5000™/Stratix 8000™ families of industrial Ethernet managed switches, combine the best of both Rockwell Automation and Cisco

Plant-wide / site-wide focused reference architectures, which are composed of Rockwell Automation and Cisco expertise, provide a foundation to help successfully deploy the latest technologies that are optimized for both industrial automation and IT professionals

Achieve flexibility, visibility and efficiency through a converged network architecture, using open, industry standard networking technologies, such as EtherNet/IP™

Services and education to facilitate industrial automation and information technology convergence and successful architecture deployment, so that critical resources can focus on increasing innovation and productivity

People and Process Optimization:

Common Technology View:

Converged Plantwide Ethernet (CPwE) Reference Architectures:

Joint Product and Solution Collaboration:


What Are We Doing? CPwE Reference Architectures

7

Cisco® and Rockwell Automation® Collaboration

Tested and validated architectures

Performance, availability, repeatability, scalability, security

Cisco Validated Design

Built on technology and industry standards

“Future-ready” network design

Content relevant to both IT Network Engineers and Control System Engineers

Deliverables

Recommendations, best practices, design and implementation guidance

Documented configuration settings

Simplified design, quicker deployment, reduced risk in deploying

new technology



9

Education, design considerations and guidance to help reduce network Latency and Jitter, to help increase the Availability, Integrity and Confidentiality of data, and to help design and deploy a Scalable, Robust, Secure and Future-Ready EtherNet/IP™ network infrastructure:

Single Industrial Network Technology

Robust Physical Layer

Segmentation / Structure (modular and scalable building blocks)

Prioritization - Quality of Service (QoS)

Redundant Path Topologies with Resiliency Protocols

Time Synchronization – PTP, CIP Sync, Integrated Motion on the EtherNet/IP network

Multicast Management

Convergence-ready Solutions

Security – Holistic Defense-in-Depth

Scalable Secure Remote Access

Wireless – 802.11



10


Cisco® Catalyst® Switch and Routing

11

2960, Layer 2 Access

Lower total cost of ownership

19 inch rack form factor, 24 and 48-port options

Flex stack for ease of management

PoE

Up to 10 GB uplinks, 100 MB or 1 GB down

depending on required performance

LAN lite or LAN Base IOS, LAN Base has more

advanced features

Converged Plantwide Ethernet (CPwE) Reference Architectures



12

3850, Layer 3 Distribution

StackWise™ allows up to 9 switches to be linked

together, managed as a single switch, 480 GB

throughput

Stackpower allows power supplies of members in

a stack to pool resources

24 and 48 port with Gigabit or 10 GB uplinks

Optional uplink modules for greater flexibility

Copper and Fiber downlinks for connections

from switches





13

4500, Layer 3 Distribution/Core

Mid to high-level plant distribution

and aggregation

Modular chassis: 3, 6, 7, or 10 slots for supervisor

engine and line cards and up to 48 Gigabits slot.

Virtual Switching System – two switches act as

a single virtual switch

Line cards include – 10/100/1000 Copper, Fiber,

and 10 Gigabit. Many different options



14

6500, Layer 3 Core

Flagship network core switch, different chassis

sizes. 80 Gigabits per slot.

Network services modules for security

and wireless, take place of separate

appliances

10/100/1000 modules, 10 Gigabit and

40 Gigabit modules available.

Virtual Switching System allows physical

separation of switches, but managed as a

single switch




© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 7

Data Sheet

Intrusion Prevention for the Cisco ASA 5500-X Series

As users and data leave the corporate boundary and the network access layer

becomes more porous, traditional signature technology alone will not suffice. Only

Cisco® intrusion prevention (IPS) technology, backed by Cisco Security Intelligence

Operations (SIO), identifies and mitigates attackers and attacks up to Layer 7 with

market-leading, context-aware threat prevention that augments your firewall and VPN

deployment.

The Cisco ASA 5500-X Series IPS Solution scales from the Cisco Borderless Network Architecture to data center

architectures, with integrated form factors ranging from 1 Gbps to 10 Gbps. Strong default efficacy allows you to

install a device and secure your network immediately. Achieve full visibility across your network with Cisco Security

Manager to mitigate risk and meet compliance - all while reducing your expenses.

Figure 1. Cisco ASA with IPS Product Family

Mitigate Risks

Manage risks with a broad and deep set of inspection capabilities:

Defend against zero-day attacks with over 40 engines and 6500 stateful, vulnerability-based signatures that

protect against tens of thousands of current exploits - and countless more to come.

Inspect a wide variety of protocols to ensure RFC conformance and prevent hacks.

Identify the source of and block denial of service (DoS), distributed denial of service (DDoS), SYN flood,

and encrypted attacks with Cisco Global Correlation.

Use patented anti-evasion technology to defend and monitor against worms, viruses, Trojans,

reconnaissance attacks, spyware, botnets, phishing, peer to peer attacks, and malware, as well as

numerous evasion techniques.

Guard Cisco infrastructure with specific protections for Unified Communications, WLAN, routing, and

switching.

Utilize identity-based firewall to provide granular and powerful policy definition.

Adaptive Security Appliance Firewalls with Firepower IPS

15

ASA – Provides firewall capabilities to logically segment

the plant floor from the enterprise. Tracks traffic flows

VPN concentration – Allows clients to connect a VPN

session to the firewall over IPSEC, or SSL

Provides up to 8 integrated and up to 14 Gigabit ports with

service modules for flexibility in network design

Provides up to 700 Mbps of VPN throughput, and up to

5000 concurrent VPN sessions

Newly added Firepower module from Sourcefire adds next

generation IPS for threat detection, and advanced

malware protection



Unified WLAN Architectures

16

Wireless LAN Controller (WLC)– Offers

centralized control, monitoring, and

troubleshooting of 802.11 networks. Supports up

to 6000 Access Points. Allows for fast roaming

and guest access. Several models available for

different size deployments

LWAP – Lightweight access points that are

managed by the WLC. Many antenna options

available, and allows for zero touch replacement.

Can be powered by PoE



Unified Computing System

17

UCS-C series. Rack mountable server with many

different physical configurations

1, 2, or 4 RU form factors

Optimized for Virtualization with VM-FEX, extending

network fabric to VMs

Cisco® Integrated Management Controller (IMC) is

a web-based interface for KVM and management


Additional Material CPwE Reference Architectures

19

Websites Reference Architectures

Design Guides Converged Plantwide Ethernet (CPwE)

Deploying the Resilient Ethernet Protocol (REP) in a

Converged Plantwide Ethernet Architecture

Deploying 802.11 Wireless LAN Technology within a

Converged Plantwide Ethernet Architecture

Application Guides Fiber-optic Infrastructure Application Guide

Whitepapers Top 10 Recommendations for Plant-wide EtherNet/IP Deployments

Securing Manufacturing Computer and Controller Assets

Achieving Secure Remote Access to plant-floor Applications and Data

Design Considerations for Securing Industrial Automation and Control System Networks

http://www.rockwellautomation.com/rockwellautomation/products-technologies/network-technology/architectures.page?

http://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td001_-en-p.pdf







http://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td003_-en-e.pdf



http://literature.rockwellautomation.com/idc/groups/literature/documents/wp/enet-wp022_-en-e.pdf









Additional Material Training and Certifications

20

Cisco® Industrial Networking Specialist Training

and Certification

E-learning modules (pre-learning courses)

Control Systems Fundamentals for Industrial

Networking (ICINS)

Networking Fundamentals for Industrial

Control Systems (INICS)

Classroom training

Managing Industrial Networks with Cisco

Networking Technologies (IMINS)

Exam

600–601 IMINS

CCNA for Industrial Applications - Training and

Certification

Training - TBD

Exam - TBD

Industrial IP Advantage

E-learning modules

CPwE Design Considerations and Best

Practices

https://learningnetworkstore.cisco.com/industrial-networking/control-systems-fundamentals-for-icins-elt-icins-v1-0-021145?utm_source=Certs_industrial-networking&utm_content=ICINS&utm_campaign=CLNStore-Products



https://learningnetworkstore.cisco.com/internet-of-things-iot/networking-fundamentals-for-industrial-control-systems-inics-elt-inics-v1-0-021144?utm_source=Certs_industrial-networking&utm_content=INICS&utm_campaign=CLNStore-Products



http://tools.cisco.com/GlobalLearningLocator/courseDetails.do?actionType=executeCourseDetail&courseID=6030




https://learningnetwork.cisco.com/community/certifications/iot/industrial-networking/imins-exam




http://www.industrial-ip.org/en/community/blog/experience-the-power-of-industrial-ip-at-automation-fair





Industrial IP Advantage

21

A ‘go-to’ resource for educational information

about industrial network communication and

using standard Internet Protocol (IP) for

industrial applications

Community of like-minded companies –

Cisco®, Panduit®, and Rockwell

Automation®

Receive monthly e-newsletters with

articles and videos on the latest trends Network Design eLearning course available for TechEd Attendee promotional price!

Sign up today at www.industrial–ip.org


Additional Material Training and Certifications

22

http://www.cisco.com/web/learning/training-index.html

ICND1

ICND2





PUBLIC INFORMATION

www.rockwellautomationteched.com

Cisco® Solutions for the Converged Plantwide Ethernet

Reference Architectures

Catalyst, Cisco Live and Cisco are trademarks of Cisco Systems, Inc. Microsoft is a trademark of the Microsoft Corporation. Panduit is a trademark of the Panduit Corporation. EtherNet/IP is a trademark of the ODVA.

Date post:	26-Jul-2015
Category:	Technology
Upload:	rockwell-automation
View:	154 times
Download:	0 times