Designing EtherNet/IP Machine/Skid level Networks

Transcription

Designing EtherNet/IP Machine/Skid level
Networks
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Agenda
Selecting Infrastructure
Information Integration
Demonstration of Integration Techniques
Best Practices and Example Architectures
Where
to learn more
Reference
Architectures
Solutions
33
Agenda
Selecting Infrastructure
Reference Architectures Solutions
44
Machine level Network Considerations
Control Requirements
• I/O and motion control how much how fast
Integration to upstream or downstream equipment
• Line Controller
• Safety interlocking
Integration of data
• SQL or other servers for data collection and monitoring
• Supply chain integration
Remote Access
• Troubleshooting, monitoring, program changes
55
Switch Considerations
Advantages
Managed
Switches
(ie. Statix 5700)
•
•
•
•
•
•
•
Segmentation services (VLANs)
Diagnostic information
Security services
Prioritization services (QoS)
Multicast management services
Network resiliency
Loop prevention
Unmanaged
Switches
(ie. Stratix 2000)
• Inexpensive
• Simple to set up
Embedded
Switches
(ie. CompactLogix
controller)
• Diagnostic information
• Prioritization services (QoS)
• Time Sync Services (1588 Transparent
Clock)
• Network resiliency
• Loop prevention
Disadvantages
• More expensive
• Requires some level of support and
configuration to start up
•
•
•
•
•
•
No management capabilities
No security
No diagnostic information
Difficult to troubleshoot
No resiliency support
No loop prevention
• Limited management capabilities
• May require minimal configuration for Ring
Topology
Why Managed Switches for Machine
Networks?
 Robust/future proof the control network:
Reduce risk from interference from other devices on the network
 Customer support & satisfaction

 Security features for Network access to the Control System:
Enabler for remote access
 Customer support/satisfaction
 Equipment differentiation

 Diagnostic Capability:
Reduce TTM
 Increase equipment differentiation
 Improve customer support/satisfaction and reduce risk)

7
Topology Flexibility with EtherNet/IP
LINEAR - Simplify cable management
HYBRID – Obtain maximum flexibility
STAR– Connect broad range of devices
RING – Maximum availability
EtherNet/IP is topology neutral for maximum flexibility
Security Considerations
 Physical Access Security
 Disable unused switch ports
 Lock a port to only allow specific devices to be
connected
 Change passwords from default settings
 Access Control Lists
 Limit access to secure areas of the network.
 Limit access to secure services on the
network
 Block remote access to secured devices
 VLANs
 Simplify security enforcement by creating
function groups
 Establish groups by function, by location, etc.
Infrastructure Performance Considerations
Bandwidth
1 at 4ms RPI
3 at 10ms RPI
10ms RPI
4ms updates
This application will use less than 10% of bandwidth on the single Ethernet
segment…
Agenda
Information Integration
Reference Architectures Solutions
11
11
If Machines could talk what would they
say?
Who would they talk to? ERP, MES, Partners, other
Machines?
12
Remote Access Approaches
Inside-Out
Direct to ICS
Terminal Services
modems
Outside-In
VPN appliance
Inside-Out
Conferencing
technology
(WebEx)
Terminal Services
Through IT
Infrastructure
Outside-In
VPN Technology
13
Secure Remote Access Workshop W21
Secure remote access for
employees and trusted
partners such as machine
builders and system
integrators
Enterprise
Data Center
Cisco VPN Client
Internet
Enterprise Zone
Levels 4 and 5
Enterprise Edge
Firewall
S SL V P N
• Meeting the security requirements
of IT while enabling manufacturers to
leverage shared, distributed company
resources and trusted partners
• Management of assets - monitor,
configure and audit
• Simplify change management,
version control, regulatory
compliance and software license
management
• Simplify remote client
health management
I P S EC VPN
Remote Engineer
or Partner
Enterprise
Connected
Engineer
Enterprise
WAN
HTTPS
Enterprise Zone
Levels 4 and 5
Patch Management
Terminal Services
Application Mirror
AV Server
Demilitarized Zone (DMZ)
Gbps Link Failover
Detection
Cisco
ASA 5500
Firewall
(Standby)
Firewall
(Active)
Remote Desktop
Protocol (RDP)
FactoryTalk Application Servers
•
•
•
•
View
Historian
AssetCentre
Transaction Manager
FactoryTalk Services
Platform
• Directory
• Security/Audit
Data Servers
Remote Access Server
Catalyst
6500/4500
• RSLogix 5000
• FactoryTalk View Studio
Catalyst 3750
StackWise
Switch Stack
EtherNet/IP
Manufacturing Zone
Site Manufacturing
Operations and Control
Level 3
Cell/Area Zones
Levels 0–2
14
Network Topology
ERP, Email,
Wide Area Network (WAN)
Enterprise Zone
Levels 4 and 5
Patch Management
Terminal Services
Application Mirror
AV Server
Gbps Link
for Failover
Detection
Cisco
ASA 5500
Firewall
(Standby)
Firewall
(Active)
FactoryTalk Application Servers
•
•
•
•
View
Historian
AssetCentre
Transaction Manager
Catalyst
6500/4500
FactoryTalk Services
Platform
Remote
Access
Server
• Directory
• Security/Audit
Data Servers
Catalyst 3750
StackWise
Switch Stack
Cell/Area #1
Drive
Controller
• DNS, DHCP, syslog server
• Network and security mgmt
I/O
Cell/Area Zones
Levels 0–2
Cell/Area #3
HMI
Rockwell Automation
Stratix 8000
Layer 2 Access Switch
I/O
VLAN 10
Network Services
Cell/Area #2
HMI
Industrial Zone
Site Operations and Control
Level 3
Cisco
Catalyst Switch
Controller
HMI
Drive
Drive
Controller
VLAN 20
I/O
VLAN 30
15
How is your Machine/Skid connecting to
the Plant Network?
Popular Switches with routing capability
10/100 and Gig ports
Stack-wise resiliency
10/100 and gig ports
High density
1 gig, 10 gig, and 40
gig ports
• Stratix 8300
Cisco 3560x
Cisco 3750x
Cisco 6500x
16
Plant Network Connectivity Options
CompactLogix L36ERM chassis
Plant Network
EtherNet/IP
EtherNet/IP
Kinetix 5500
ArmorBlock I/O
PV+ EOI
POINT I/O
ControlLogix L71S Machine Solution
(with a managed switch)
Plant Network
IP - 10.10.6.x
ControlLogix L71s chassis
EtherNet/IP
EtherNet/IP
Kinetix 5500
ArmorBlock I/O
PV+ EOI
POINT I/O
Machine Network
192.168.5.x IP Address
255.255.255.0 Mask
0.0.0.0 Gateway
CompactLogix 5370 Machine Solution
(with embedded switches/VLAN)
Plant Network
10.10.x.x Interface
CompactLogix
L36ERM
Stratix 8300
192.168.1.x Interface
EtherNet/IP
ArmorBlock I/O
PV+
POINT I/O
Kinetix 5500
Machine Network
255.255.255.0 Mask
192.168.5.1 Gateway
PowerFlex 525
(with a Subnet/VLAN on Plant network)
Plant Network
Compact Logix L36ERM
IP - 10.10.6.x
IP – 192.168.5.1
Stratix 8300 or Cisco 3560
Stratix 5700
Kinetix 5500
ArmorBlock I/O
POINT I/O
PV+ EOI
Machine Network
255.255.255.0 Mask
192.168.5.1 Gateway
PowerFlex 525
Network Address Translation
Send message
to Machine 2
CMX
10.104.2.100
10.104.100.23
Machine 2 NAT
10.104.x.x :
192.168.1.x
Machine 1 NAT
10.104.x.x :
192.168.1.x
192.168.1.100
192.168.1.100
192.168.1.104
Within a Machine
192.168.1.104
Between Machine and Line Network
(with a managed switch & NAT)
10.10.x.x Network
Plant Network
Embedded NAT
EtherNet/IP
Kinetix 5500
ArmorBlock I/O
PV+ EOI
POINT I/O
Machine Network
255.255.255.0 Mask
192.168.3.1 Gateway
PowerFlex 525
CompactLogix Machine Solution
(embedded with NAT)
Plant Network
NAT Device
EtherNet/IP
10.10.x.x Interface
ArmorBlock I/O
PV+ EOI
POINT I/O
Kinetix 5500
Machine Network
255.255.255.0 Mask
192.168.5.1 Gateway
Connectivity to Plant VLAN or NAT
Plant VLAN
PV+ or PV+
Compact
PowerFlex
4/40 AC
Drive
Plant
PV+ or PV+
Compact
10.10.10.10
PowerFlex
4/40 AC
Drive
Machine
VLAN
VLAN
Pros:
• No machine level switch configuration needed if the
machine is a single VLAN
• Removes “single point of failure” for NAT device
• Designed to allow network services (SNMP, VPN,
DNS, DHCP)
Cons:
• IP addressing must be unique at the machine level
10.10.10.10  192.168.1.2
CompactLogix 5370 L3
NAT
Pros:
•
•
IP Addresses private to machine (not visible outside of
machine network)
Web diagnostics available outside machine
Cons:
•
•
Additional cost for NAT device or switch
Some additional complexity and management
26
Dual Interfaces vs. NAT
Plant Network
PV+ or PV+
Compact
Plant Network
PV+ or PV+
Compact
10.10.10.10
EtherNet
EtherNet
PowerFlex
4/40 AC
Drive
192.168.1.2
2nd Interface
Pros:
•
•
•
IP Addresses private to machine
End user manages external IP address
Program does not change when Plant network
address change
Cons:
•
•
•
•
Limited Security
Cable resiliency between, machine and plant
Web diagnostics not available outside machine
Only CIP will traverse the backplane
10.10.10.10  192.168.1.2
PowerFlex
4/40 AC
Drive
CompactLogix 5370 L3
NAT
Pros:
•
•
•
•
Same pros as Dual NIC Plus
Lower network connectivity cost
Web diagnostics available outside machine
Will limit access to Machine network (only devices in
NAT table will communicate)
Cons:
•
•
NAT Table Configuration
Some network protocols will not traverse
through NAT
27
Agenda
Best Practices and Example Architectures
28
28
(Subnet/VLAN on Plant network)
Plant Network
IP - 10.10.6.x
IP – 192.168.5.1
Stratix 5700
Kinetix 5500
ArmorBlock I/O
POINT I/O
PV+ EOI
Machine Network
255.255.255.0 Mask
192.168.5.1 Gateway
PowerFlex 525
77% Savings on Network Enabling Technology
(Multiple VLANs at the Machine level)
Programming
L36ERM
Control
PV+ EOI
Control
PV+ EOI
Stratix 5700
PowerFlex 525
Kinetix
5500
Video
Control
ArmorBlock I/O
POINT I/O
Control
Segmentation within the machine also available
(Hybrid Topology, VLAN Plant switch)
Plant Network
IP - 10.10.6.x
IP – 192.168.5.1
Stratix 5700
POINT I/O
PV+ EOI
Kinetix 5500
ArmorBlock I/O
PowerFlex 525
(Embedded with VLAN)
Plant Network
IP - 10.10.6.x
IP – 192.168.5.1
EtherNet/IP
ArmorBlock I/O
POINT I/O
Kinetix 5500
(Managed with NAT, Hybrid Topology)
Plant Network
EtherNet/IP
Embedded NAT
EtherNet/IP
Kinetix 5500
PV+ EOI
POINT I/O
ArmorBlock I/O
(embedded with NAT)
Plant Network
NAT Device
EtherNet/IP
ArmorBlock I/O
PV+ EOI
POINT I/O
Kinetix 5500
Plant HMI Connectivity Only
• Benefits
– Clear network ownership demarcation line
• Challenges
– No visibility to control network devices
– Limited future-ready capability
– No Bridging and Routing Capability
Plant: 10.10.10.20
PVP6
Machine: 192.168.1.20
Kinetix 5500
35
Agenda
Where
to learn more
Reference
Architectures
Solutions
36
36
EtherNet/IP Network Infrastructure Booth
Additional On-site Information
Booth 1407
37
Network Infrastructure Wall
High Availability
Time Synchronization
Integrated Safety
Integrated Motion
Convergence-Ready
OEM Machine
 Integrated Architecture – Booth 915
38
Workshops, Hands-On Lab
 L19 - Applying EtherNet/IP in Real-Time Applications
Rockwell Automation
 8:00AM, 10:00AM, 12:30PM, 2:30PM

 W14 – Plantwide Network Infrastruture
Rockwell Automation, Panduit, Fluke and Cisco
 10:00AM

 W16 - Fundamentals of Securing EtherNet/IP Networks
Rockwell Automation and Cisco
 2:30PM

 W21 - Scalable Secure Remote Access Solutions
Rockwell Automation and Cisco
 8:00AM

 T04 — Designing Innovative Machines with the Rockwell Automation
Midrange Architecture System

Rockwell Automation — 11:00AM
39
Additional Material
ODVA
 Website:

http://www.odva.org/
 Media Planning and Installation Manual

http://www.odva.org/Portals/0/Library/Publications_Numbered/PUB00148R0_EtherNetI
P_Media_Planning_and_Installation_Manual.pdf
 Network Infrastructure for EtherNet/IP: Introduction and Considerations

http://www.odva.org/Portals/0/Library/Publications_Numbered/PUB00035R0_Infrastruct
ure_Guide.pdf
 Device Level Ring

http://www.odva.org/Portals/0/Library/CIPConf_AGM2009/2009_CIP_Networks_Conference_Tec
hnical_Track_Intro_to_DLR_PPT.pdf
 The CIP Advantage

http://www.odva.org/default.aspx?tabid=54
40
Additional Material
Rockwell Automation
 Networks Website: http://www.ab.com/networks/
 EtherNet/IP Website: http://www.ab.com/networks/ethernet/
 Media Website: http://www.ab.com/networks/media/ethernet/
 Embedded Switch Technology Website:

http://www.ab.com/networks/switches/embedded.html
 Publications:







ENET-AP005-EN-P Embedded Switch Technology Manual
ENET-UM001G-EN-P EtherNet/IP Modules in Logix5000 Control Systems …. provides
connection and packet rate specs for modules
1783-UM003 Stratix 8000 and Stratix 8300 Ethernet Managed Switches User Manual
ENET-WP0022 Top 10 Recommendations for plant-wide EtherNet/IP Deployments
ENET-RM002A-EN-P Ethernet Design Considerations Reference Manual
ENET-AT004A-EN-E Segmentation Methods within the Cell/Area Zone
ENET-RM003A-EN-P Embedded Switch Technology Reference Architectures
 Network and Security Services Website:

http://www.rockwellautomation.com/services/networks/
41
Additional Material
Panduit, Cisco, Rockwell Automation Collaboration
 Plant-wide EtherNet/IP Ecosystem Partners Website
 Fiber Optic Infrastructure Application Guide
ENET-TD003
42
Additional Material
Cisco and Rockwell Automation Alliance
 Websites

http://www.ab.com/networks/architectures.html
 Design Guides

Converged plant-wide Ethernet (CPwE)
 Application Guides

Fiber Optic Infrastructure Application Guide
 Education Series

 Whitepapers
Top 10 Recommendations for plant-wide EtherNet/IP
Deployments
 Securing Manufacturing Computer and Controller Assets
 Production Software within Manufacturing Reference
Architectures
 Achieving Secure Remote Access to Plant-Floor Applications
and Data

43
Additional Material
Cisco and Rockwell Automation Alliance
 Education Series Webcasts

What every IT professional should know about Plant-Floor Networking

What every Plant-Floor Engineer should know about working with IT
Industrial Ethernet: Introduction to Resiliency
 Fundamentals of Secure Remote Access
for Plant-Floor Applications and Data
 Securing Architectures and Applications
for Network Convergence
 IT-Ready EtherNet/IP Solutions


Available Online

44
Thank you for participating!
Please remember to tidy up
your area for the next
session.
Designing EtherNet/IP Machine Level
Networks
Workshop 15 - Automation Fair 2012
Follow ROKAutomation on Facebook & Twitter.
Connect with us on LinkedIn.
www.rockwellautomation.com

Designing EtherNet/IP Machine/Skid level Networks

Transcription

Similar documents

Davis Development Group and Landerhaven Corporate

Case Study

Reimagining Automation - ignio™ Dr. Harrick Vin

Global Food Manufacturer Reduces Downtime Costs Increases Quality

Case study

Equinox Map

Implementation of effective e-government applications: Challenges

PlantPAx System Overview

csi global connect-internet remote access