T83 - Identity and Mobility in Converged Plantwide …...• Corporate devices have pre-installed...

PUBLIC

Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 1

T83 - Identity and Mobility in Converged Plantwide Ethernet (CPwE) Architectures

PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 2

IntroductionThis presentation is an overview of the joint solutions from Cisco Systems and Rockwell Automation: Deploying Identity Services within a Converged

Plantwide Ethernet Architecture Design and Implementation Guide: ENET-TD008

Deploying Wireless LAN Technology within a CPwE Architecture Design and Implementation Guide: ENET-TD006

Location Based Services within a Converged Plantwide Ethernet Architecture Whitepaper: ENET-WP012

http://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td008_-en-p.pdf


http://literature.rockwellautomation.com/idc/groups/literature/documents/wp/enet-wp012_-en-p.pdf


Agenda

Additional Resources

Application Use Cases

Identity Services in CPwE

IoT Security Overview


Legacy OT “things” Visibilityof what’s out there

Device access restrictions

Controlling devicecommunications

Device connectivityand autonomous conditions

Simplifying IT/OT management for Unified view

Customer IoT Security Concerns


IoT Threat Defense Priorities

Visibility & Analysis Security ServicesSegmentation Remote Access

UmbrellaStealthwatch

ISE / TrustSecCognitive Threat Analytics

NGFWISE / TrustSec

Cognitive Threat Analytics

AnyConnect Risk Assessment Secure Operations Incident

Response


Cisco IoT Threat Defense Components

• Risk assessment for baseline • Deployment and Migration• Incident response Service for

breach situations

• AnyConnect - Secure Connection into OT network

• AnyConnect - Prevent threat into OT environment

• FP NGFW - Segment IT and OT environments

• TrustSec - Segment OT devices in the IT network

• CTA & ISE - Quarantine dangerous devices

• Switches – Dynamic segmentation enforcement

• ISE - Profile Devices• Stealthwatch- Visibility of data

and traffic• Umbrella - Visibility and blocking

of malicious traffic• CTA - Threat Analytics to assess

threatVisibility & Analysis

Segmented Access Control

IOT Security Services

Secure Remote Access


Convergence of IT and OT

IT • Helps protect IT

Assets• Confidentiality,

Integrity, Availability• Data, Voice, Video• Network

Authentication• Threat Detection

OT• Operations

uptime/Safety• High Availability,• Integrity, Confidentially• Control

Protocols/Motion• Physical Access• Process Anomalies

Cyber security IT/OT Convergence

Before: Rigid Silos between IT and OT

• Security Risk Assessment• Asset Visibility across IT/OT• Segmented Access Control• Evolving Security Regulations • Remote Access


Agenda






Cisco Identity Services Engine (ISE)Delivering Visibility, Context, and Control to Secure Network Access

NETWORK / USER CONTEXT

How

WhatWho

WhereWhen

DEVICE PROFILING FEED SERVICE

REDUCE NETWORK UNKNOWNS AND APPLY THE RIGHT LEVEL OF SECURE ACCESS CONSISTENTLY ACROSS WIRED, WIRELESS and VPN

EmployeeAccess

Contractor +Vendor

GuestAccess


Secure AccessConsolidating Access for Employee/Contractors/Vendors

Who?

When?

Where?

How?

What?

Employee Attacker Guest

Personal Device Company Asset

Wired Wireless VPN

@ Plant 1, Zone 2 Headquarters

Weekends (8:00 a.m. – 5:00 p.m.) PST


Distributed ISE in CPwE Architecture

Remote AccessServer

DistributionSwitch

Cell/Area Zone - Levels 0–2Linear/Bus/Star Topology

Autonomous Wireless LAN

IndustrialDemilitarized Zone

(IDMZ)

Enterprise ZoneLevels 4–5

Industrial ZoneLevels 0–3

(Plant-wide Network)

CoreSwitches

Safety Controller

Soft Starter

Cell/Area Zone - Levels 0–2Ring Topology - Device Level Ring (DLR)

Unified Wireless LAN

SafetyI/O

Instrumentation

Level 3 - Site Operations(Control Room)

HMI

APSSID5 GHz

WGB

SafetyI/OController

LWAP

SSID2.4 GHz

WirelessLAN Controller

(WLC)

Cell/Area ZoneLevels 0–2

Cell/Area ZoneLevels 0–2

Drive

DistributionSwitch

EnterpriseExternal DMZ/

Firewall

Cloud

AccessSwitches

AccessSwitches

IFW

IFW

I/O I/O I/O

RobotServoDrive

ISE PSN

ISE PAN / MnTISE PSN

FIRE FIRE

Distributed ISE roles:PAN – Policy Administration NodeMnT – Monitoring NodePSN – Policy Service Node

MDM – Mobile Device Management

MDM server


Mobile Device Policies Limited Access

Access exclusively for corporate-issued devices Authentication / authorization: user credentials, device certificate, whitelist

Enhanced Access Access for corporate-issued and personal devices (BYOD) On-boarding process, self-registration Authentication / authorization: user credentials, device certificate, device type, whitelist

Advanced Access Access for corporate-issued and personal devices (BYOD) Posture of the device through third-party Mobile Device Managers (MDMs)

Location Based Services Additional authorization based on device location Access to Industrial Zone only when on site


Limited Access

• Corporate devices have pre-installed digital certificates• ISE grants access to the network based on the device’s

certificate and the whitelist• Devices can further be provided access according to the

AD group• Devices can be denied access if:

• Missing / invalid certificate• User in the wrong group• User account disabled• Not a part of the whitelist• Device type / OS is not allowed (profiling)


Enhanced Access (BYOD)• Personal Devices are on-boarded using a self-

registration portal to receive digital certificates• The personal devices are provided different

access levels based on authentication and authorization rules

• Devices can be denied access if:• Missing / invalid certificate• User in the wrong group• User account disabled• Not a part of the whitelist / not registered• Device type / OS is not allowed (profiling)

www


Advanced Access – MDM Posture• And the Enhanced access use case, the

Mobile Device Manager (MDM) is used to manage and secure mobile endpoints.

• The integration between ISE and MDMs is through a REST API

• ISE queries the MDM for additional compliance and posture attributes:

• OS version / patches• Approved software• Malware detection / removal

www


Location Based Services (LBS) Architecture

Open Ecosystem Scalable

Infrastructure

Track Any Wi-Fi Device or Tag

Chokepoint Integration

App

licat

ions

an

d M

anag

emen

tW

irele

ss

Infra

stru

ctur

eD

evic

e

AccessPoint Access

Point

Access Point

Wireless LAN Controller

Mobility Services EngineEnterprise

NetworkCisco® Identity Services Engine (ISE)

Cisco PrimeTM Network

Chokepoint

Cisco Kinetic

PartnerApplications

Single Pane of Glass for Cockpit Dashboard


Location Based Services

Wireless LANControllers (WLC)

Cisco Prime

Mobility Service Engine

NMSP

Associated Client

LWAP LWAP

• Integration of MSE (Mobility Service Engine) with ISE for location-based authorization

• MSE is managed by Prime Infrastructure for configuration, maps creation, and WLC assignment

• MSE communicates with the WLC using NMSP Protocol

• WLC sends Received Signal Strength (RSSI) and other data from APs for connected clients

• MSE calculates the client’s location• Devices have access if a user is authorized and

located in range


Location Based ServicesHyperlocation

Modular Components What is Hyperlocation?• Indoor Wi-Fi Client Location

Solution• Accuracy of ≈ ±1–3 meters (50%

confidence) vs. RSSI ≈ ±5- 7 m• Data RSSI & Angle of Arrival

(AoA) vs. Probe RSSI• No client application needed• Clients MUST be associated to

the Access Point• Requires dense AP placement

and accurate maps


WLC

Identity Services in CPwEEmployee / Vendor Wireless Access – Industrial Zone


(IDMZ)




CoreSwitches

Cell/Area Zone - Levels 0–2


Controller

LWAP

DistributionSwitch

Enterprise

External DMZ/ Firewall

Cloud

IFW

ISE PSN

FIRE FIRE

AD / PKI

WLC

WLC

dACL

SSID Maintenance

• Access based on AD group and/or certificate

• Dynamic Access Control List (dACL) and VLAN


MDM server


WLC

Identity Services in CPwEEmployee Wireless Access – Enterprise Zone


(IDMZ)




CoreSwitches



Controller

LWAP

DistributionSwitch

Enterprise


Cloud

IFW

ISE PSN

FIRE FIRE

AD / PKI

WLC

WLC

dACL

SSID Corporate



• Secure tunnel to Enterprise


MDM server


WLC

Identity Services in CPwEVendor / Guest Wireless Access – Guest DMZ


(IDMZ)




CoreSwitches



Controller

LWAP

DistributionSwitch

Enterprise


Cloud

IFW

ISE PSN

FIRE FIRE

AD / PKI

WLC

WLC

dACL

SSID Guest



• Secure tunnel to Guest DMZ


MDM server


Identity Services in CPwEEmployee / Vendor Wireless Access – Autonomous WLAN


(IDMZ)




CoreSwitches



Controller

LWAP

DistributionSwitch

Enterprise


Cloud

IFW

RADIUS server(ex.: Cisco ISE, Microsoft NPS)

FIRE FIRE

AD / PKI

ACL1

SSID Maintenance

SSID OEMACL2


• Static ACL and VLAN• More secure than WPA2-PSK


WLC

Identity Services in CPwEEmployee / Vendor Wired Access – Cell/Area Zone

RAS


(IDMZ)




CoreSwitches



Controller

LWAP

DistributionSwitch

Enterprise


Cloud

IFW

ISE PSN

FIRE FIRE

AD

WLC

WLC

dACL• Access based on AD group

and/or certificate• Dynamic Access Control List

(dACL) and VLAN


MDM server


Agenda






Mobile HMI – Plant Personnel

Industrial Demilitarized Zone (IDMZ)

Enterprise Zone

Industrial Zone

Cell/Area Zone

Level 3 - Site Operations

LWAP

Enterprise

IFW

Cisco ISE

Cisco ISE

WLC

HMI TerminalFactoryTalk® View SE clientFactoryTalk® ViewPoint clientFactoryTalk® Batch MobileThin client (RDP)

FactoryTalk® ViewPoint clientVNC client

1

23

1. User connects to Industrial SSID, dynamic ACL / VLAN is applied

2. Access to the FactoryTalk®

servers and RDP server in Site Operations

3. Access to the HMI Terminal in Cell/Area ZoneFactoryTalk®

serversRDP server

• FactoryTalk® Security: application-level security to complement network security

• Restrict read-write access: dedicated on-premise devices, no cellular access


Mobile Analytics – Plant Personnel


Enterprise Zone

Industrial Zone

Cell/Area Zone


LWAP

Enterprise

IFW

Cisco ISE

Cisco ISE

WLCFactoryTalk®

VantagePoint® server

FactoryTalk®

Analytics for Devices

FactoryTalk®

VantagePoint® client

Analytics user

InternetFactoryTalk®

Cloud

4

1

23


2. Access to FactoryTalk®

VantagePoint® server in Site Operations


Analytics for Devices (“Shelby”)4. Access to the FactoryTalk® Cloud

analytics – web traffic must be inspected and/or proxied


ThinManager® Software for Mobile Devices


Enterprise Zone

Industrial Zone

Cell/Area Zone


LWAP

Enterprise

IFW

Cisco ISE

Cisco ISE

WLC

Anchor WLC

ThinManager® server

HMI Terminal

Reverse Web Proxy

ThinManager®

client

1

24

RDP server3

5

ThinManager®

client

IP camera


2. Access to ThinManager® server in Site Operations

3. RDP content (for example, FactoryTalk® View SE application)

4. VNC server content (for example, HMI terminal)

5. Video streaming from IP camera

Right content to the right person at the right place with location-based mobility.


Mobile HMI – Corporate User


Enterprise Zone

Industrial Zone

Cell/Area Zone


LWAP

Enterprise

IFW

Cisco ISE

Cisco ISE

WLC

Anchor WLC

FactoryTalk®

ViewPoint server

Reverse Web Proxy

FactoryTalk®

ViewPoint client

2

2

1

1. User connects to Corporate SSID, secure tunnel to Enterprise WLC


ViewPoint server via reverse web proxy


Mobile Analytics – Corporate User


Enterprise Zone

Industrial Zone

Cell/Area Zone


LWAP

Enterprise

IFW

Cisco ISE

WLC

Anchor WLC

FactoryTalk®

VantagePoint® server

Reverse Web Proxy

FactoryTalk®

VantagePoint® client

Analytics user


Cloud

1

3

3

4FactoryTalk® VantagePoint®server (Enterprise)

2

1. User connects to Corporate SSID, secure tunnel to Enterprise WLC


VantagePoint® server (Enterprise)


VantagePoint® server (Industrial) via reverse web proxy

4. Access to the FactoryTalk® Cloud analytics – web traffic must be inspected and/or proxied


FactoryTalk® TeamONE™ – the App for Productivity


Diagnostic modules:• Connect• Device Health• Trend• Alarms• Shelby Action Cards (future)

FactoryTalk® TeamONE™ – Isolated IACS Network

Industrial Zone Network Enterprise Zone Network

IDMZ

Collaboration modules:• Chat• Incident• Pinboard / Teamboard• KnowledgebaseTeam join / switchApp updates

FactoryTalk®

Cloud

FactoryTalk®

Cloud


FactoryTalk® TeamONE™ – Converged Network

Industrial Zone Network

Enterprise Zone Network

IDMZ

Diagnostic modules:• Connect• Device Health• Trend• Alarms• Shelby Action Cards (future)

Collaboration modules:• Chat• Incident• Pinboard / Teamboard• KnowledgebaseTeam join / switchApp updates

FactoryTalk®

Cloud

Cloud traffic inspectionand proxy


FactoryTalk® TeamONE™ – Diagnostic Modules


Enterprise Zone

Industrial Zone

Cell/Area Zone


LWAP

Enterprise

IFW

Cisco ISE

Cisco ISE

WLCFactoryTalk®

Alarms & Events server

FactoryTalk®


FactoryTalk®

TeamONE™ user


Cloud

1

34

FactoryTalk®

TeamONE™ user

2

1. Client connects to Industrial SSID, dynamic ACL / VLAN is applied

2. Access to devices in Cell/Area Zone for diagnostics


Alarms & Events server4. Access to the FactoryTalk®



FactoryTalk® TeamONE™ – Collaboration Modules


Enterprise Zone

Industrial Zone

Cell/Area Zone


LWAP

Enterprise

IFW

Cisco ISE

Cisco ISE

WLC

Anchor WLC

FactoryTalk®


FactoryTalk®

TeamONE™ user


Cloud

2

1

FactoryTalk®

TeamONE™ user

3

4 Two scenarios:1, 2. User connects to Industrial SSID, direct access to FactoryTalk®

Cloud through IDMZ3, 4. User connects to Corporate SSID and Enterprise WLC via the tunnel (no access to Industrial Zone)Cloud traffic must be inspected and/or proxied


Conclusion Define your company security policies and understand risks Holistic Defense-in-Depth security to Connected Enterprise Identity Services for secure personnel access – wired, wireless & remote IoT threat defense enables Visibility, Segmentation, Remote access and

Security services


Please take a moment to complete the brief session survey on our mobile app and let us know how we’re doing!

Username: Last namePassword: Email address used to register

Locate the session in the “Schedule” icon

Click on the “Survey” icon in the lower right corner of the session details

Complete survey & submit

Download the ROKTechED app and login:

Thank you!

Complete A Survey


Agenda






Additional Material Network Architecture Icon Key

Layer 2 Access Link (EtherNet/IP Device Connectivity) Layer 2 Interswitch Link/802.1Q TrunkLayer 3 Link

Layer 2 Access Switch, Catalyst 2960

Multi-Layer Switch - Layer 2 and Layer 3,Stratix® 8300, Stratix® 5700, Stratix® 5400, Stratix® 5410

Layer 3 Router, Stratix® 5900

Autonomous Wireless Access Point (AP),Stratix® 5100 as Autonomous AP

Layer 2 IES with NAT, Stratix® 5700, Stratix® 5400

Layer 2 IES with NAT and Connected Routing, Stratix® 5700, Stratix® 5400

NAT

NAT - CR

Layer 3 Distribution Switch Stack, Catalyst 3750-X, Catalyst 3850

Layer 3 Core Switch, Catalyst 4500, 4500-X, 6500, 6800

Layer 3 Core Switch with Virtual Switching System (VSS)Catalyst 4500-X, 6500, 6800

Firewall, Adaptive Security Appliance (ASA) 55xx

Wireless workgroup bridge (WGB),Stratix® 5100 as workgroup bridge (WGB)Unified Wireless Lightweight Access Point (LWAP),Catalyst 3602E LWAP

Unified Wireless LAN Controller (WLC), Cisco 5508 WLC

Unified Computing System (UCS), UCS-C series

Identity Services Engine (ISE) for Authentication,ISE - PAN/PSN/MnT

Layer 2 Access, Industrial Ethernet Switch (IES), Stratix® 2500, Stratix® 5700, Stratix® 5400, Stratix® 8000IES IFW

Layer 3 Router with Zone-based Firewall, Stratix® 5900

Industrial Firewall, Stratix® 5950


Website: http://www.odva.org/

EtherNet/IP https://www.odva.org/Technology-

Standards/EtherNet-IP/OverviewSecuring EtherNet/IP Networks

EtherNet/IP Network Infrastructure Guide https://www.odva.org/Portals/0/Lib

rary/Publications_Numbered/PUB00035R0_Infrastructure_Guide.pdf

Common Industrial Protocol (CIP™) https://www.odva.org/Technology-

Standards/Common-Industrial-Protocol-CIP/Overview

The Family of CIP™ Networks https://www.odva.org/Portals/0/Library/

Publications_Numbered/PUB00123R1_Common-Industrial_Protocol_and_Family_of_CIP_Networks.pdf

CIP Security https://www.odva.org/Technology-

Standards/Common-Industrial-Protocol-CIP/CIP-Security

Additional Material

http://www.odva.org/

https://www.odva.org/Technology-Standards/EtherNet-IP/Overview

https://www.odva.org/Portals/0/Library/Publications_Numbered/PUB00035R0_Infrastructure_Guide.pdf

https://www.odva.org/Technology-Standards/Common-Industrial-Protocol-CIP/Overview

https://www.odva.org/Portals/0/Library/Publications_Numbered/PUB00123R1_Common-Industrial_Protocol_and_Family_of_CIP_Networks.pdf

https://www.odva.org/Technology-Standards/Common-Industrial-Protocol-CIP/CIP-Security


Additional Material CPwE Architectures - Cisco and Rockwell Automation®

CPwE website Overview Documents

Alliance Profile

Top 10 Recommendations for plant-wide EtherNet/IP Deployments

Design Considerations for Securing Industrial Automation and Control System Networks

http://www.aquentstudiosra.com/11035_cpwe/

http://literature.rockwellautomation.com/idc/groups/literature/documents/sp/enet-sp006_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/wp/enet-wp022_-en-e.pdf



Additional Material CPwE Architectures - Cisco and Rockwell Automation®

Topic Design Guide WhitepaperDesign Considerations for Securing IACS Networks — ENET-WP031A-EN-P

Converged Plantwide Ethernet – Baseline Document ENET-TD001E-EN-P —

Resilient Ethernet Protocol in a CPwE Architecture ENET-TD005B-EN-P ENET-WP033A-EN-P

Deploying 802.11 Wireless LAN Technology within a CPwE Architecture ENET-TD006A-EN-P ENET-WP034A-EN-P

Deploying Identity Services within a CPwE Architecture ENET-TD008A-EN-P ENET-WP037A-EN-P

Securely Traversing IACS Data Across the Industrial Demilitarized Zone (IDMZ) ENET-TD009A-EN-P ENET-WP038A-EN-P

Deploying Network Address Translation within a CPwE Architecture ENET-TD007A-EN-P ENET-WP036A-EN-P

Migrating Legacy IACS Networks to a CPwE Architecture ENET-TD011A-EN-P ENET-WP040A-EN-P

Deploying A Resilient Converged Plantwide Ethernet Architecture ENET-TD010A-EN-P ENET-WP039B-EN-P

Site-to-site VPN to a CPwE Architecture ENET-TD012A-EN-P —

Deploying Industrial Firewalls within a CPwE Architecture ENET-TD002A-EN-P ENET-WP011B-EN-P

Deploying Device Level Ring within a CPwE Architecture ENET-TD015A-EN-P ENET-WP016A-EN-P






















Ethernet Design Considerations Reference Manual ENET-RM002C-EN-P EtherNet/IP Overview, Ethernet

Infrastructure Components, EtherNet/IP Protocol

EtherNet/IP IntelliCENTER®

Reference Manual (MCC-RM001)

The OEM Guide to Networking ENET-RM001A-EN-P Intended to help OEMs understand

relevant technologies, networking capabilities and other considerations that could impact them as they develop EtherNet/IP solutions for the machines, skids or equipment they build

Segmentation Methods Within the Cell/Area Zone ENET-AT004B-EN-E

Additional Material

http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/enet-rm002_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/mcc-rm001_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/enet-rm001_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/at/enet-at004_-en-e.pdf


Integrated Architecture® Builder (IAB) Updates and additions to better-reflect

CPwE structure, hierarchy and best practices

Improved Switch Wizard for distribution (for example, Stratix® 5410) and access (for example, Stratix® 5700)

Easier to create a large EtherNet/IP network with many topologies

CIP™ traffic is measured per segment, not just controller scanner and adapter centric

EtherNet/IP Capacity Tool Popular Configuration Drawings (PCDs)

Updates and additions to better reflect CPwE recent enhancements

Additional Material

http://www.rockwellautomation.com/global/support/configuration.page?

http://www.rockwellautomation.com/global/products-technologies/integrated-architecture/tools/select.page?#tab2

http://www.rockwellautomation.com/global/products-technologies/integrated-architecture/tools/overview.page?

http://literature.rockwellautomation.com/idc/groups/literature/documents/qr/iasimp-qr035_-en-p.pdf

http://literature.rockwellautomation.com/idc/groups/literature/documents/qr/iasimp-qr035_-en-p.pdf


Training ResourcesEducation - Industrial IoT / Industrial IT (Bridging OT-IT)

A ‘go-to’ resource for training and educational information on standard Internet Protocol (IP), security, wireless and other emerging technologies for industrial applications

Led by Cisco, Panduit, and Rockwell Automation Receive monthly e-newsletters with

articles and videos on the latest trends Scenario-based training on topics such as: logical

topologies, protocols, switching, routing, wireless and physical cabling

Network Design eLearning course available at promotional price for TechEd Attendees! Earn PDHs by signing up today at www.industrial–ip.org with code “EVENTS2017”

http://www.industrial-ip.org/en/industrial-ip/internet-of-things/internet-of-things-animation-video?gclid=COG17qWht80CFdgNgQodsvUGUw



Four eLearning courses cover key aspects of implementing networked, industrial control systems. 20-30 minutes interactive, scenario-based courses cover automation controls and physical infrastructure considerations.



Courses 1 and 2: Designing for the Cell/Area Zone Design secure, robust, future-ready networks for cells, machines, skids and other functional

units by implementing reference architectures and standard IP Course 3: Designing for the Industrial Zone

Learn design principles on line integration, high-availability networks and wireless architectures to optimize plant networks

Course 4: IT/OT Integration Understand how to effectively converge a smart manufacturing facility with IT and OT

stakeholders

EtherNet/IP Topologies Security Wireless


Training ResourcesTraining and Certification – Industrial IoT / Industrial IT (Bridging OT-IT)

• Cisco Industrial Networking Specialist Training and Certification– Classroom training

• Managing Industrial Networks with Cisco Networking Technologies (IMINS)

– Exam: 200–401 IMINS– CPwE Design Considerations

and Best Practices

• CCNA Industrial Training and Certification– Classroom training

• Managing Industrial Networks for Manufacturing with Cisco Technologies (IMINS2)

– Exam: 200–601 IMINS2– CPwE Design Considerations

and Best Practices

http://www.rockwellautomation.com/en_UK/training/certificate-courses/cisco-imins.page?

https://learningnetwork.cisco.com/community/certifications/iot/industrial-networking/imins-exam

http://www.rockwellautomation.com/en_UK/training/certificate-courses/cisco-imins.page?

https://learningnetwork.cisco.com/community/certifications/ccna-industrial/imins2


Training ResourcesTraining and Certification – Industrial IoT / Industrial IT (Bridging OT-IT)

Industrial Networking Specialist

Module 1 Industrial Networking Solutions and Products

Module 2 Industrial Network Documentation and Deployment Considerations

Module 3 Installing Industrial Network Switches, Routers, and Cabling

Module 4 Deploying Industrial Ethernet Devices

Module 5 Maintaining Industrial Ethernet Networks

Module 6 Troubleshooting Industrial Ethernet Networks

CCNA IndustrialModule 1 Industrial Networking Concepts and

Components

Module 2 General Troubleshooting Issues

Module 3 EtherNet/IP

Module 4 Troubleshooting EtherNet/IP

Module 5 PROFINET

Module 6 Configuring PROFINET

Module 7 Troubleshooting PROFINET

Module 8 Exploring Security Concerns

Module 9 802.11 Industrial Ethernet Wireless Networking


Training ResourcesRockwell Automation - Webinars

Industrial Automation Webinars On-Demand Webinars

Introduction to Building a Robust, Secure and Future-ready Network Infrastructure

Increase Business Agility by Converging Manufacturing and Business Systems

The Power of Building a Secure Network Infrastructure

Design Considerations for Building a Secure Network Infrastructure

http://www.rockwellautomation.com/en_NA/training-events/webinars/overview.page?#tab1

http://www.rockwellautomation.com/en_NA/training-events/webinars/secure-network-infrastructure.page

http://www.rockwellautomation.com/en_NA/training-events/webinars/converging-manufacturing-systems.page?

http://www.rockwellautomation.com/en_NA/training-events/webinars/build-ethernet-architectures.page?

http://www.rockwellautomation.com/en_NA/training-events/webinars/designing-network-infrastructures.page








Training ResourcesCisco Training & Certifications

ICND1 ICND2

Cisco Certification

Track

http://www.amazon.com/CCENT-ICND1-100-101-Official-Guide/dp/1587143852/ref=sr_1_1/185-0198128-0867965?ie=UTF8&qid=1433515510&sr=8-1&keywords=100-101+icnd1

http://www.amazon.com/Routing-Switching-ICND2-200-101-Official/dp/1587143739/ref=sr_1_3?ie=UTF8&qid=1433515617&sr=8-3&keywords=100-101+icnd2

https://learningnetwork.cisco.com/community/certifications

https://learningnetwork.cisco.com/community/certifications

www.rockwellautomation.com

PUBLIC

Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 51

Thank You!

Date post:	31-Jan-2020
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times