Interested in linking to "Come together"?
You may use the Headline, Deck, Byline and URL of this article on your Web site. To link to this article, select and copy the HTML code below and paste it on your own Web site.
Hegrat adds that firewalls are more secure because they filter all data through one point, but routers and switches are less secure because they usually have multiple network connections. “One of our customers that makes heavy equipment in the Midwest had a virtual local area network (VLAN) with several access points, and last summer the Zotob worm virus found a hole in it,” says Hegrat. “This event brought down production for seven hours at dozen of plants, and cost millions of dollars in lost production time.” They had to scrub this virus the old-fashioned way and manually restore thousands of devices across the U.S.
“Today, intelligent firewalls can monitor network traffic, respond to network-based events like this by logically disconnecting themselves, and separating corporate/external networks from production,” says Hegrat.
To further help users safely integrate control and corporate networks, Bennet Levine, Contemporary Controls’ R&D manager, advises them to implement:
“Ethernet requires a little more awareness because it’s too flexible to some extent,” says Levine. “If you’re not careful, you easily can access an office network from the plant or vice-versa, and potentially flood the other with unwanted data.” To prevent these problems, Contemporary Controls supplies EIS8-100T and UL 864-rated Ethernet switches to segregate and direct network traffic.
In fact, system integrator ATS Automation recently used EIS8-100T switches to help implement an integrated Alerton distributed digital control (DDC) system at the new, combined 42-story Washington Mutual (WaMu) Bank and Seattle Art Museum. ATS senior sales engineer Pete Segall says this application shows how plant and corporate networks can be successfully integrated because it combines:
|FIGURE 2: SWITCHES COMBINE CONTROL|
Two Ethernet switches are physically connected to an Alerton BACnet/Ethernet smoke control network to jointly run day-to-day HVAC, alarm-based smoke handling, and other equipment at the 42-story WaMu Bank and Seattle Art Museum.
Segall reports that two EIS8-100T switches helped ATS develop an integrated control that could jointly monitor and control HVAC, smoke, and other combined smoke-and-HVAC equipment both daily and on an alarm-event basis. “Pure smoke control systems don’t function on a day-to-day basis, but HVAC and combined systems do,” adds Segall.
The two Ethernet switches were physically connected to the Alerton BACnet/Ethernet smoke control network via Cat 5 cabling, so precise, required DDC logic routines could be carried out (See Figure 2). One switch is located in the central fire control room, and the other is in a telecom room on WaMu’s second floor. In addition, one switch is used as a gateway between the non-smoke control Global DDC logic boards and the building management system’s computer and user interface.
“Ten years ago, this kind of integration would have been extremely difficult because there were no open protocols, and we would have had to write proprietary system drivers to translate between the fire, control and security protocols,” says Segall. “Open protocols such as BACnet and Modbus make all of this easier, and having a single point of connection between the several hundred Ethernet devices in our dedicated HVAC and fire network and WaMu’s overall corporate network gives us secure flexibility.”
Whatever technical methods are used to integrate industrial and business networks, everyone agrees none will be secure without plant and IT cooperation, jointly developed security policies, and training.
Jay Hardison, plant superintendent for Colorado Springs Utilities (CSU), says the utility has been using EtherNet/IP for its corporate backbone, and Profibus and DeviceNet for its plant-floor water/wastewater treatment plants for several years, and recently added Rockwell Software Maintenance Automation Control Center (RSMACC). RSMACC adds required security and offers supplemental authentication, auditing, archiving, and verification.
|FIGURE 3: SPRINGS IN COLORADO|
|Northern Water Reclamation facility combines EtherNet/IP, Profibus, DeviceNet, and maintenance automation software at its water/wastewater treatment plant.|
ControlGlobal.com is exclusively dedicated to the global process automation market. We report on developing industry trends, illustrate successful industry applications, and update the basic skills and knowledge base that provide the profession's foundation.