An update regarding the Industrial Network Automation Project which I announced almost a month ago.
I spent the last month reflecting upon the different designs, technologies and challenges that are encountered when managing industrial networks. I am happy to announce that I have finished planning the content which I intend to write about. I have identified approximately 100 articles that I could write. Each article appears to be anywhere between 4,000 to 10,000 words, which is about 8-20 print pages in length excluding graphics. That’s a lot of writing…!
In terms of content structure I have grouped content to follow six major topics:
- Industrial Networking Foundations: This topic provides an introduction to industrial networks, the importance of good working relationships between IT & OT teams, and why risk management and management of change are critical safety controls within the context of industrial environments. We will also discuss components of an industrial network, such as SCADA & PLC systems. Industrial protocols that underpin these systems will be covered as well as their interaction with “traditional” networking protocols.
- Industrial Network Design & Technologies: This topic discusses the various layers and zones that an industrial network should be designed to accommodate, as well as the technologies that are encountered across these zones. If you have read the “Converged Plantwide Ethernet Design and Implementation Guide” by Cisco & Rockwell Automation then this section will be very familiar. We’ll be covering the Cell Zone, Manufacturing Zone, Demiliarised Zone, and Enterprise Zone. Device management, wireless networking (including LTE with Cisco devices), identity management, and security considerations will make an appearance here.
- Supporting Industry 4.0: The core of this topic is understanding how we can develop contexts and leverage business intelligence to support the notion of “intent based networking” within an industrial environment. We will be exploring how Cisco IOx and edge compute architectures could support data gathering for maintenance centers and engineering teams, how risk and management of change can be supported by automatically simulating changes within a test environment, how low risk changes can be automatically deployed once approved in an IT work management system, and when a “NetDevOps” mindset may not be appropriate.
- Operating Contexts: In this topic we will put our architect and designer hats on as we look at Cisco validated design guides to see how the technologies we have covered thus far are implemented across differing operating contexts. Some of the questions that we will answer include: How might the industrial network of an open cut mine differ from an underground mining environment? What technologies are used in Smart Cities and Connected Grid environments? How can “industrial networks” be present in education an retail environments?
- Securing Industrial Network Environments: It is time to put our security glasses on and look at the industrial network through the lens of an adversary. This topic will highlight the devastating impact that an insecure operating environment can have on human lives, the environment, and the economy. We will use the knowledge gained from operating contexts to identify “bad smells” when it comes to network design, discuss why project teams and operations must collaborate to ensure that the change landscape is known, detail techniques to identify and prevent unauthorised changes, as well as look at security within a control systems and SCADA context.
- Multi-Vendor Environments: The final section will discuss vendors that may be deployed alongside/as replacements for Cisco devices within the industrial network.
I would like to write each article as if it were preparation for a CCIE examination while retaining practice use cases. I want to stress that I am not writing these posts for myself, but for existing professionals that may or may not work strictly within a networking role. Packet captures, lab diagrams, and configurations will be provided freely on my GitHub where required to compliment an article. There will also be references and additional reading links for those who wish to dive deeper than I do. To that end – it’s going to take a long time to write everything, especially to the standard that I would like to write towards, so this project is going to be an ongoing endeavor of mine…!
As much as I love technical documentation, I think we can all agree that it can get dry and difficult to read at times. I am hoping to shake things up a bit by introducing an over-arching narrative across each section that follows Taylor, an OT Specialist, who initially works for “Mining Enterprise Materials” (“MEM”). Taylor’s journey in section 1 sees them as a “newbie” at MEM trying to help the IT team wrap their heads around what an industrial network is and why the on-site teams likely don’t trust them. I am drawing some inspiration here from two excellent DevOps books called “The Phoenix Project” and “The Unicorn Project”, as well as a fantastic Cisco Live 2020 Barcelona session called “”Bringing IT and OT Together to Drive Business Benefits” (PSOIOT-2400).
Finally, an important disclosure. I do not consider myself an expert in some of the content that I am setting out to write. I am setting out to close knowledge gaps on an industry that I love working in. Once I push into Section 4 and beyond I am hoping to find people who work in environments that I do not to compare “ideal design” to “reality”. To that end, if there is anything that you think needs to be absolutely covered, then feel free to email luke[at]ether-net[dot]com. It is impossible for me to cover everything but if enough people request a topic then I’ll likely add it to “the list”.
Looking forward to sharing more about what I have planned, until then – update over!