Creating a Dynamic Serial Edge For Integrated Industrial Networks

Similar documents
Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities

Industrial Communication. Ethernet as a Distributed I/O Network

Lecture 1 Overview - Data Communications, Data Networks, and the Internet

Area Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low

KIBABII UNIVERSITY COLLEGE DEPARTMENT COMPUTER SCIENCE & IT ANSWER ALL QUESTIONS IN SECTION A AND ANY TWO QUESTIONS IN SECTION B

INTEGRATED SUBSTATION NETWORK ARCHITECTURES

N-Dimension n-platform 340S Unified Threat Management System

Power over Ethernet. The Industrial Opportunity Today

Energy Infrastructure Demands Mission Critical Networking

00 ch6.ai 2010/12/16 W È 11:17:02 Ethernet Switches 6.1 Overview P Product Showcase P6-2-1

A Hybrid Communications Network Approach for Advanced Applications on the Modern Grid

SEL-2730M. Reliably Control and Monitor Your Substation and Plant Networks. Managed 24-Port Ethernet Switch

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

A Beijer Electronics Group Company

when interoperating with a Cisco Layer 3 Switch Situation: VLAN 1 shutdown, no IP on default VLAN on Cisco switch

Introduction to WAN Technologies

E-Commerce. Infrastructure I: Computer Networks

Data Communication. Introduction of Communication. Data Communication. Elements of Data Communication (Communication Model)

System Manual Part 2: TetraNode Architecture

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Arctic family of wireless communication products Secure wireless connectivity

Virtual Private Networks (VPNs)

3180 Compact Service-Aware Industrial Ethernet Switch

Cisco CCNA (ICND1, ICND2) Bootcamp

Remote networks. Easy remote access to machines and plants. Industrial Remote Communication. Edition 03/2017. Brochure. siemens.com/remote-networks

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS

Navpreet Singh INTRODUCTION TO COMPUTER NETWORKS. Computer Centre Indian Institute of Technology Kanpur Kanpur INDIA

Data and Computer Communications Chapter 1 Data Communications, Data Networks, and the Internet

Architecting the High Performance Storage Network

Simple and Secure Micro-Segmentation for Internet of Things (IoT)

Lecture #25: Networks and Communications. Communication and Networks. What will we learn?

Industrial Gigabit Ethernet Modular Switch

Multilink. Ethernet Communications for Industrial Automation, Power Utility, and Traffic Control markets. Multilin

Ethernet: Convergence, Choices, Complexities

IEC Vaasa Seminar 21st October Contents

Local Area Network(LAN)

Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS

QEI. SCADA Remote Gateways & RTUs Substation & Feeder Automation Capacitor Control

CS610- Computer Network Solved Subjective From Midterm Papers

MTA_98-366_Vindicator930

Connectivity 101 for Remote Monitoring Systems

NetPro. from Wireless Logic. Available on a per SIM license basis. No CAPEX. Retain your Airtime Contracts with your existing providers

IEEE 1588v2 Time Synchronization in Energy Automation Applications Case Studies from China

Jeff Dagle. P.O. Box 999, M/S K5-20; Richland WA ; Fax: ;

Data Communications. Course Design Data Communications. Pre/Post Test (80 Questions/80 Points) Upon Request None No No No

Data Center Interconnect Solution Overview

TCP/IP and OSI Model Ethernet LAN Network Cables Network Devices Network Topologies Redundant Internet Connections VLANs Wireless LANs Upcoming

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Line Current Differential Protection Using Broadband Power Line Carrier Technology

OrionLX. An Overview of the OrionLX Product Line

EN-4000 Hardware Description and Specifications

Chapter 2 Communication for Control in Heterogeneous Power Supply

MPLS in the DCN. Introduction CHAPTER

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

A Hybrid Communications Network Approach for Advanced Applications on the Modern Grid

CtrlS Datacenters Placement Questions And Answers

Enterprise Network Design

Mission Critical MPLS in Utilities

IT114 NETWORK+ Learning Unit 1 Objectives: 1, 2 Time In-Class Time Out-Of-Class Hours 2-3. Lectures: Course Introduction and Overview

Enterprise Network Design

SCADA OVER TETRA. Patrick Colling May 2016

Interconnecting Cisco Network Devices Part 1 v2.0 (ICND 1)

Copyleft 2005, Binnur Kurt. Objectives

Test Bank for A Guide to Designing and Implementing Local And Wide Area Networks 2nd Edition by Palmer and Sinclair

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Verizon Software Defined Perimeter (SDP).

BLM6196 COMPUTER NETWORKS AND COMMUNICATION PROTOCOLS

We are securing the past in a fast moving future. FOX605 multiservice platform.

SNIA Discussion on iscsi, FCIP, and IFCP Page 1 of 7. IP storage: A review of iscsi, FCIP, ifcp

Dymec Serial Links. SubStation Hardened RS232 Serial Copper to Fiber Link/Repeaters. Features

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

FLEXIBLE NETWORK SERVICES TO DRIVE YOUR ENTERPRISE AT CLOUD SPEED. Solution Primer

Broadband Loop Carrier Ethernet Protection Switching Using Ethernet to Create a Reliable B roadband Access Network F A Q

Network Service Description

Features. HDX WAN optimization. QoS

SD-WAN Deployment Guide (CVD)

Moxa Inc. Moxa Americas Moxa China Shanghai Office Beijing Office Moxa Europe Shenzhen Office Moxa Asia-Pacific

Designed, built, and tested for troublefree operation in extreme conditions

COMPUTER AND NETWORK SUPPORT TECHNICIAN PROGRAM

MONITORING SOLUTIONS FOR Power & Utilities

High Availability Architectures for Ethernet in Manufacturing

EXTENSIBLE WIDE AREA NETWORKING

Introduction to Networks

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Cisco How Virtual Private Networks Work

S5 Communications. Rev. 1

Secure Industrial Automation Remote Access Connectivity. Using ewon and Talk2M Pro solutions

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005

Netwoking Essentials

IEC /IEEE 1613 Lite L3 Hardened Managed 24-port Gigabit SFP. 10GbE Connectivity Four 10G SFP+ for connecting the switch to the core network

Campus Network Design

LANs do not normally operate in isolation. They are connected to one another or to the Internet. To connect LANs, connecting devices are needed.

Maxwell Dondo PhD PEng SMIEEE

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT

Study Guide. Module Three

PlantStruxure Certified Expert Program Principles of Ethernet Networking Study Guide (2015)

Objectives. Learn how computers are connected. Become familiar with different types of transmission media

Cisco Data Center Network Manager 5.1

Network Systems for Emerging WAN Applications

Alcatel-Lucent OmniSwitch Hardened LAN Switch

Transcription:

Creating a Dynamic Serial Edge For Integrated Industrial Networks Technical Brief GarrettCom, Inc. As industrial networks evolve, is becoming the standard technology for new system interfaces and for new core local network infrastructure. However, industrial networks are still far from homogeneous. There is a decades-long accumulation of industrial devices that utilize asynchronous, serial protocols for operational applications such as SCADA (Supervisory Control and Data Acquisition) and for industrial device console interfaces. These serial communications requirements may be met via separate networks distinct from the emerging IP/ infrastructure. Alternatively, as this document describes, serial devices on the edge of industrial networks can be integrated with the central IP/ network. This integration enables more universal network access and leverages common investments in a high performance, cost effective and resilient core network infrastructure. This new approach to having networkenabled serial devices represents the Dynamic Serial Edge of industrial networks. The Strategic, Integrated Industrial Network Architecture There are many factors encouraging rapid deployment of as the core technology for industrial networks. IP/ provides a broadly supported technology for system interconnection across many system suppliers. It leverages mass market component volumes to create a cost-effective, high-performance network. lends itself to fiber-based connectivity that is important in electrically noisy industrial environments. also supports ring, dual-star and mesh topologies that are highly resilient against single-point network faults, thus improving system reliability. A holistic view of the emerging industrial network (as depicted in Figure 1 below) uses switches as a universal connectivity medium at the core of the network, and then surrounds this core with edge and access layers for devices, serial devices and wide area network connections. In the -edge part of this architecture, some industrial devices connect directly to the core network, generally using integral fiber optics or copper-to-fiber media converters. These are usually single connections, but in some cases dual connectivity is implemented to enhance reliability. Often, edge switches are deployed near distributed industrial devices, sometimes serving multiple devices. The edge switches may provide dual-homed connectivity to the core network as well as copper-to-fiber media conversion. This edge architecture provides fiber-based network distribution for signal immunity in harsh environments and resilient connectivity for improved system reliability. October 2006 GarrettCom Technical Brief 1.

Figure 1 Integrated Industrial Network Architecture WAN Access Edge Core Serial Edge The Wide Area Network (WAN) access element of the architecture provides connection to private facilities or carrier-provided WAN services in order to enable access by remote systems or personnel to industrial devices in the local network. WAN access requires physical layer interfaces to WAN facilities, IP routing for interconnection of different networks, and perimeter-security capabilities such as an IP Firewall. The Serial Edge of the industrial architecture has historically been implemented as a separate network. In some cases the and Serial domains share a common WAN access element, but as yet, most do not share a local infrastructure. The transition to an integrated Dynamic Serial Edge is further described below. Traditional Serial Edge Connectivity There are numerous serial devices in industrial environments. Early systems used vendorspecific proprietary serial protocols for industrial applications. More recently, many systems have standardized on serial-mode DNP and Modbus protocols. In addition, most industrial devices utilize serial-mode console interfaces for device provisioning and administration. Over the years, relatively static, dedicated networks have been developed for connecting these serial devices and interfaces to central data collectors and/or to basic remote access facilities (see Figure 2). Devices are generally connected over dedicated copper or fiber cabling, sometimes using serial-mode copper-to-fiber media converters for signal immunity. Some local serial networks support star configurations and multicast serial protocols to enable data concentrators to communicate to several devices over a single port. Devices may be connected to dedicated modem connections for remote access, or some limited shared WAN access may be provided by a local data concentrator for both an operational data interface, such as SCADA, and separately for serial console access. October 2006 GarrettCom Technical Brief 2.

Figure 2 Traditional Static Serial Edge Network Analog Leased Lines or Dial-up Circuits to Control Center Modem Modem Data Concentrator Optical Star Fiber Links Serial-Fiber Media Converters Serial (RS232/RS485) Industrial Devices These static serial edge networks rely on dedicated connections for each application. Adding new industrial devices or new systems means adding new dedicated connections. Console access to devices is also highly restricted, inhibiting efficient access by remote technical personnel. Connections are hard-wired with no resiliency against faults and no remote management of network elements. Introducing the Dynamic Serial Edge The primary strategic objective for the serial edge of industrial networks is to network-enable serial devices so that remote systems and personnel can more readily and more securely access these devices over a common IP/ infrastructure. Cost effectiveness is also important. The new generation of the serial edge should leverage the emerging infrastructure to take advantage of the ubiquity, performance, fiber connectivity and resiliency offered by the emerging core architecture. A new Dynamic Serial Edge (see Figure 3 below) is created by the deployment of intelligent Serial-IP networking devices adjacent to distributed industrial serial devices in order to provide Serial-IP/ connectivity into the common local core network. Primary examples of such networking devices are the GarrettCom Magnum DX40 and Magnum DX800 Serial Device Routers. These devices can be widely distributed within even the harshest industrial environments and will connect serial industrial devices directly to the IP/ infrastructure. In some cases, multiple serial connections may be attached to the same industrial device. For example, multiple serial connections enable both an operational data interface such as SCADA and separately provide for serial console access. October 2006 GarrettCom Technical Brief 3.

Figure 3 Dynamic Serial Edge Network Wide Area Network IP-enabled WAN Access Local Infrastructure Serial Device Routers Serial Industrial Devices Magnum DX Serial Device Routers are typically dual-connected to the core over fiber media, and will support various network topologies that provide resilient connectivity in differing industrial applications. One common topology is dual-connected into two different backbone rings (as in Figure 4) for use in architectures such as large power substations with strict IEC 61850 designs that require redundant core networks. Another topology is a resilient -based edge collector ring connecting several dispersed serial edge devices (as in Figure 5) that may be cost-effective in highly distributed applications such as pipelines, tunnels and wind farms. Figure 4 Dual-ported Dynamic Serial Edge Topology IP/ over Fiber SCADA Admin Serial copper-port industrial devices Figure 5 Extended ring Dynamic Serial Edge Topology S1 S2 S1 S2 S1 S2 Resilient Ring October 2006 GarrettCom Technical Brief 4.

Security Features of the Dynamic Serial Edge An important aspect of the Dynamic Serial Edge is cyber security. Cyber security becomes more urgent when remote access is expanded to include serial devices. In some industries, such as electric power transmission, remote access brings regulatory obligations for cyber security protection of critical infrastructure. Many strategic networks will already have some degree of perimeter security via a WAN-access firewall function; however, rigorous port security for industrial devices requires authentication and encryption of serial connections by remote systems and personnel on an end-to-end basis, extending locally to the serial port itself. Serial Device Routers support Secure Socket Layer (SSL) sessions from remote systems and PC-based remote personnel with authentication that is specific to individual serial ports. They also perform highperformance, hardware-assisted encryption of traffic all the way to the edge of the local network. Serial Device Routers include an additional capability for associating serial ports into closed communities of interest. This feature uses 802.1Q VLAN technology, with serial ports individually assignable to different VLANs (Virtual Local Area Networks). SSL session with authentication and encryption Figure 6 Extended Cyber Security Protection over a Dynamic Serial Edge Network WAN SSL session IP-enabled WAN Access Remote console access Serial Device Routers V1 V2 V1 V1 V1 V2 V2 Serial-VLAN communities of interest Serial Device Routers vs. Other Devices Besides Serial Device Routers, there are other networking devices that can connect a serial industrial device to an IP/ network, such as Terminal Servers, Serial Device Servers, or Console Servers all essentially the same thing. Like a Serial Device Router, traditional Terminal Servers, Serial Device Servers, or Console Servers provide the basic function of Serialto-TCP/IP protocol encapsulation and connectivity to an network. However, a Serial Device Router does much more. A Serial Device Router is a combination of multiple network functions in a single product (see Figure 7). A Serial Device Router integrates the functions of a Terminal Server, an Switch and an IP Router with a firewall. New per-vlan routing technology also allows the October 2006 GarrettCom Technical Brief 5.

Serial Device Router to operate as multiple virtual switches and/or multiple virtual terminal servers at the same time. Figure 7 Multi-function Integration in a Serial Device Router Wide Area Network Wide Area Network Core Router / Firewall Magnum DX Serial Device Router Sw. Terminal Server s Serial s s Serial s The multi-function properties of the Serial Device Router considerably enhance resiliency and security at the industrial network edge. In addition to features directly applicable to the edge of local networks, the multi-functional nature of a Serial Device Router enables it to play many roles in industrial networks. These include acting as a perimeter security appliance for remote locations, or as a Layer-3 (IP protocol) gateway between different network domains. The table below summarizes key attributes that set the Serial Device Router apart from more basic IP-serial devices such as Terminal Servers. Magnum DX Serial Device Routers also are engineered to demanding power substation equipment specifications for extreme temperatures, electrical surge and immunity, and physical packaging. This enables reliable deployment in many applications where general purpose devices such as commercial-grade terminal servers will not operate. Network Capabilities Serial Device Router Terminal Server Serial-IP device services Yes Yes Resiliency features up-links Dual Single Fiber options Yes No Resilient ring / mesh / RSTP Yes No Dynamic IP Routing Yes No Security features Serial port SSL Yes No Hardware assisted encryption Yes No Serial-VLAN support Yes No Security perimeter (IP Firewall) Yes No October 2006 GarrettCom Technical Brief 6.

Achieving Business Objectives Creating a Dynamic Serial Edge, as enabled by Magnum DX Serial Device Routers, meets many critical business objectives of industrial network designers and planners. The Dynamic Serial Edge protects existing investment in industrial equipment where there are serial communications interfaces by network-enabling these serial devices for access by remote systems and personnel. Network reliability, and thus associated operational system and process reliability, is improved by increased resiliency of local network connections, use of electrical-noise resistant fiber optic connectivity, and availability of extremely hardened and reliable networking devices. Cyber security is extended to the edge of the industrial network for serial devices using serial port SSL and unique Serial-VLAN facilities, facilitating compliance with cyber security standards and further increasing network reliability. Deployment of additional industrial devices and systems is made more cost-effective by leveraging the emerging core network in industrial environments, and by building for long-term project life cycles with open standards technology. Summary The Dynamic Serial Edge is an important component of an overall integrated industrial network architecture. As the transition to -at-the-core for substation and factory-floor networks has evolved, serial edge devices have generally been left apart in a static and separate edge network. The new Dynamic Serial Edge, as enabled by products such as GarrettCom s Magnum DX40 and DX800 Serial Device Routers, changes that. New and evolving applications requirements, such as comprehensive cyber security mandates and heightened concerns for overall system reliability, require new views of the target industrial network architecture. An integrated approach to the design and planning of multi-protocol industrial networks is now available. The Dynamic Serial Edge facilitates the transition to the next generation of Integrated Industrial Networks. 2006 GarrettCom, Inc. All Rights Reserved GarrettCom, Inc. reserves the right to change specifications, performance characteristics and/or model offerings without notice. GarrettCom, Magnum, Dymec, DynaStar, Personal Switch, Link-Loss-Learn, S-Ring, Convenient Switch and Converter Switch are trademarks and Personal Hub is a registered trademark of GarrettCom, Inc. GarrettCom, Inc. 47823 Westinghouse Drive Fremont, CA 94539 PH: (510) 438-9071 Email: mktg@garrettcom.com Web: www.garrettcom.com GarrettCom Utility Networks 25 Commerce Way North Andover, MA 01845 PH: (978) 688-8807 Web: www.garrettcomutilitynetworks.com October 2006 GarrettCom Technical Brief 7.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback