These blogs typically contain words of wisdom and advice from industry consultants or subject matter experts. The content of this blog, however, is from actual users who recently answered a series of questions by Mark Fondl, Malisko’s Industrial Internet of Things (IIoT) business development lead. The responses that follow are in the users’ own words.
What are some pointers when explaining the different needs of the manufacturing networks to upper management?
- With today’s typical level of automation, as the network goes—so goes the plant.
- If you lose your email, it’s annoying. If you lose your manufacturing operations, its career-limiting.
- We have told management that our most critical needs are 1) uptime, 2) reliability, 3) security. However, IT has told their management that their most critical needs are 1) security, 2) reliability, 3) uptime. Trying to get these priorities aligned between the group has been an extreme challenge.
Any major issue that you have experienced that could have been avoided? How?
- Yes. Have and follow your network architecture and standards, using certified—qualified—network installers.
- When IT decided to move field technicians into regions and then central to headquarters, the network skill level at the plants was very ad hoc. In some places, there were experienced technicians/electricians, but other plants barely had mechanics who knew enough to not mess with things that make sparks. Remote network support does not work if you don’t have boots on the ground for process control.
- Duplicate IP addresses in a usually static environment.
Do you have suggestions on an approach to create a collaborative environment between IT and the control groups?
- Garner a mutual understanding that the control and IT networks are different. Though some standards might apply equally across both environments, other standards might have a higher or lesser degree of importance or necessity in the other environment. Common differences lie at the level of architecture that the two groups are focused on. The IT systems, standards, support structures and policies are typically more established than in the controls realm. As the need arises to integrate plant floor/controls data systems across the business, the control group often does not have the same level of knowledge or infrastructure as the enterprise level. Adopting and learning the IT standards and policies are not a nice-to-have but a must.
- This has been one of the greatest struggles within our organizations. Unfortunately, this relationship is still extremely adversarial. My best advice is to have a single point of confluence where the IT and control groups meet. All needs from the control group go to a single person, who then figures out what IT group needs the information and funnels all technical requests back to the control group. One other piece of advice is to get all needs and requests in front of each group with as much advance time as possible.
- Training, as control systems further evolve into Ethernet communications, and the ability to communicate with IT in terms that both sides can understand will go a long way.
What should others know about security and the positive and negative effects it may have on performance or supportability?
- OEMs think they have the solution and will sell you anything. Make them prove it before they come on site. Assure them that IT will not allow them to use the corporate network and that cellphone signal is less than one bar inside the metal building.
- Higher security increases mean complexity of system architecture. However, it can provide higher reliability if it’s designed correctly. Higher security has not impacted network performance; however, it has increased cost due to the time required to approve access for contractors needing to support systems.
- From a security position, keeping firewalls and Level 3 switches as impenetrable as possible is important.
Is it important that plant floor people be involved in support of the networks?
- Yes, especially process systems and packaging integration.
- They are ultimately the customer and they should have some say in the services to be provided.
- Plant floor people accept responsibility for the health of equipment in plant processes. Plant tech is the nervous system that assures that equipment runs safely and reliably. Establish agreement that asset care includes plant tech. Establish the role for plant floor personnel. Much of the support of plant tech is provided by remote resources. Remote support can be efficient and cost-effective. Plant floor people are an essential part of effective support.
Is it important to create a demilitarized zone (DMZ) or boundaries in the networks? Why?
- Yes, to limit who has access to systems they’re not authorized to access or trained to support.
- Protocol changing across DMZ boundaries makes it more difficult for outside attacks on specific protocol. When implemented with a firewall, it also provides additional visibility and audit along with troubleshooting capabilities.
- Creating a DMZ helps keep unwanted network traffic from flooding the control network and interfering with machine-to-machine communications. The DMZ creates another layer of protection for your control network.
Can you discuss the importance of using outside resources to help with your projects?
- If you’re not current with industrial network technologies, you might inadvertently install commercial off the shelf (COTS) grade equipment and will pay dearly for saving a few pennies.
- The biggest issue is they have done multiple installations and learned from others’ mistakes. In other words, experience.
- They can deploy industry best practices and know ways to optimize cost and resource requirements.
What are the key capabilities you look for in a system integrator to work on your network designs or deployment?
- Are they smart enough to listen to me before they tell me how good they are?
- OT and IT capability under the same roof.
- Solid understanding of network fundamentals (how is it constructed/configured and what makes it work), experience with similar or applicable applications, and ability to view application from design, installation and maintenance viewpoints.
- Deployment of industry best practices following Converged Plantwide Ethernet (CPwE) methodologies focused on cell, area deployment with server infrastructure on different VLANs/networks.
Steve Malyszko, P.E., is president and CEO of Malisko Engineering Inc., a certified member of the Control System Integrators Association (CSIA). See Malisko Engineering’s profile on the Industrial Automation Exchange.