Ethernet Switching is the technology of choice for the vast majority of distributed Automation Systems.

Switched Ethernet

Why we are where we are

Automation networks tend to be clusters of inter-connected and inter-related devices working towards a common outcome. Historically these devices were interconnected using proprietary tranmission techniques based upon the multi drop RS485 protocol; whilst limited in size and often unrelaible the serial fieldbus did enjoy a degree of security from its obscurity. The global desire to lower cost and increase reliability across both short and longer distances allowed Ethernet, a technology that came about in the enterprise 'IT' LAN, to move in to the automation 'OT' space.

With no other threat than a simple cable break to worry about in the mid-late 1990's the introduction networking Company Hirschmann introduced the Hiper Ring and, overnight, solved the main objection of deployment at Plant and Control Networking layers - rapid resilience.

The Automation players tried to fight back but picked upon the weak and largely historical argument of 'determinism' - the lack of - as the reason their Customers should remain locked in to their proprietary, high cost and often inflexible networking standards. This view is supported as the determinism objections seemed to just dissappear with the wind once each of these vendors later introduced their own rangees of devices with an Etherent interface.

Editors view: Had the argument against Etherent been more considered and security selected in place of determinism, automation system networks would look very different today. That horse has well and truly bolted and we are where we are; now we need to embrace the benefits (of which there are many) and think about what we can do to make our automtion 'OT' networks as robust and secure as possible.

Flexible, Fast & Reliable Networking

The technology dates back to 1973 when Bob Metcalf developed the concept as a shared, high-speed, medium for transmission. The original shared '10Base5 / 10Base2 / 10BaseT (hub)' technology implementation became a victim of its own success and evolved into the switched platform now common place. Transmission speeds have increased 1000 fold over the years with backbones now able to operate at up to 10Gbps.

More typical speeds deployed in Automation projects are 1Gbps for Server connection and the distributed backbone. Access devices connect at 100Mbps.

The emergence of full duplex transmission in the late 1990's and the wire speed forwarding that became common place in 2000-2005 issues of determinism have been largely eradicated. Recent enhancements to the technology include Zero Loss Ethernet and Real Time Ethernet engineered to satisfy the most stringent and time sensitive of application.

Devices have evolved for certified operation in extreme environments. These include rail, where vibration and the environment are the issues, and power where electro magnetic interference, highly accurate timing are key drivers. Industrial strength products can be securly mounted in every automation environment, they can also provide power to the devices attached making them more of a utility to the automation system.

The more general switching opportunity of today relates to network optimisation and getting to grips with the challenges of network security.

Optimisation

Multiple network services can now be consolidated across a common resilient and high speed backbone without compromise.

This consolidation makes for simplified management and administration, it allows networks to be designed with no single point of failure and also dual redundant topologies where application services are protested from both communication path failures and switch node failures.

IT4A's critical network design methodology uses threat assessment and risk treatment planning to underpin both product and feature selection. This approach allows the investment in network infrastructure to be linked directly to business continuity planning.

Security

Network security is often described as an onion skin as there are many layers. The first layer is physical and considers media (copper/fibre) selection, routing and containment.

At the second 'Ethernet' layer security is achieved though the deployment of features such as VLANs for segmentation by application and 802.1x, port locking and strong passwords to control access through effective authentication.

Think Awareness

With Ethernets able to span ,000's miles and the fact that a single rogue device can compromise the entire system, knowing what is attached to your infrastructure, where and for what purpose is of paramount importance. Grouping devices based upon their application rather their physical location is a good practice approach that introduces greater oganisation and security.

The result is the creation of smaller networks, networks where the primary traffic flows are to other devices or a server within that same sub-network and only occational access beyond. Crossing beyond a sub-network boundary requires the function of a router; controlling what passes between these networks requires a firewall. Routing and Firewalling are often network services found within a single physical device.

Automation networks rely upon 5 key technology areas:

"I can honestly say that with IT4A working alongside us we assembled the right team managed to achieve all our goals successfully"

Nuclear Sector,
Project Manager