016. Idea: Industrial Networks 101


Chris: 00:30

Welcome to EECO Asks Why. Today, we’re going to sit down with Bill Medcalf, who’s Director of Information Systems at Global Process Automation, and he’s going to help us understand about OT networks. So we’re going to break down industrial networks for our listeners and Bill, welcome. How are you doing today?

Bill: 00:46

I’m doing great. Chris, happy to be here.

Chris: 00:49

We’re glad to have you, sir. And looking forward to all the knowledge that you’re going to bring our listeners. So maybe you can start us off with just a top level explanation of what it means when you hear that term OT.

Bill: 01:01

Okay. So OT typically refers to Operational Technology and basically OT is the infrastructure. It’s what our manufacturing systems, our industrial control systems are built on. Typically a lot of people will confuse it with IT because there’s a lot of networks and switches and things of that nature involved there. But the true determining factor about OT is the computers and the systems and the networks that then interact with the physical world.

So unlike IT, where we’re about sharing files and communicating bank information and things like that. In the OT environment, we’re actually talking about things that interact with physical world, whether it’s conveyor belt, manufacturing, lines, whatever.

Chris: 01:47

Okay. So that’s a very good breakdown for us and we hear it does get we’re using a lot of times when we’re talking about OT and IT, and so thanks for breaking that line, for us to, to explain it further for our listeners. And we all, lot of times when we hear OT, we hear things like switches, routers, V lans. These can be confusing terms. Maybe can you break some of those down for our listeners?

Bill: 02:14

I’ll, I’ll try, let’s see what we come up with. So basically, switches and routers are the devices that manage the exchange of data.

So as, the PLC talks to IO and the field, or the HMI is giving or receiving data from the PLC, typically that goes through a switch. And the switch has the capability of managing either what they call a LAN or local area network, or it can be part of the mill wide network. A lot of times we hear things like network segmentation and things like that, and switches give us that ability to do that.

Typically in a managed switch, we will break down into these local area networks and that typically falls down to process areas within the facility. And so you think of the hundreds of thousands of devices that are in a single plant by going to a local area network method, we’re breaking those up into logical chunks so that they’re smaller. They’re easy to manage.

If we think about manufacturing, timing is critical. If it’s something that is, complex as monitoring, fuel, boiler or steam pressures, or maybe it’s the robots, the way that they interact with the conveyor and loading and stacking boxes, things like that. A matter of a second or two in delay as a problem.

So typically in an industrial network, time is everything. And so speed is of the essence in these. And so by breaking them down into these smaller groups or these local area networks, that gives us the ability to just focus on that local communications.

And when we do that, so now we’ve got all these little local area networks or these separate process areas, if you will, that are all running together. Router basically bridges those all into a single network. And so that can be used for supplying data to the business unit. Or maybe exchanging data from one process area to the other.

So if you think about the switches that collection or that local communications within the process area, and then anything that has to leave that process area, there’s typically a router that sits there that facilitates moving data from one local area to another, or up to the wide area network.

Does that make sense?

Chris: 04:39

It does. That helps a lot. So you mentioned a bridge for the router. That’s a, is that a good analogy for our listeners to think of when they hear that term?

Bill: 04:49

Yeah, so bridge is maybe a little older term. Routers now typically run based off of TCP IP. Where bridge is more at the layer two level the network, without getting too deep into it.

A bridge is more of a hardware platform to exchange data from one area to the other. Most all of your current networks use a router that uses TCP IP to manage that communications from one network to the other.

Chris: 05:22

Okay. No, that definitely helps. Now a lot of times inside industrial plants, we see different types of cables and connectors. So what are different types of media that you would typically see in an OT network?

Bill: 05:35

Okay. So the OT network, depending on the systems you have, a lot of the OT network didn’t start out natively as ethernet. So there may be proprietary protocols. There may be things like PROFIBUS, data highway plus, MNS.

Some of these are serial protocols. Some of them use special cabling and things like that. Most of your more modern control systems now are moving to ethernet. And so there, you’ve got the typical cat six cable that you see at your house now has looks like a telephone connector on each end. You may have fiber optic cable when you’re going long distances.

Fiber optics is better for that. Usually copper cables limited to 300 meters. Fiber optic cable can go a mile and a half without losing integrity of their data. You’ve got the standard ether nets and then you’ll have proprietary. Cables that you may see out there on the plant floor.

Like I say, usually the proprietary cables are maybe a little older protocol. I think just about all of the OEMs or either have completely adapted or in the process of adapting, at least their new lines. They may keep some backwards compatibility. But I think for the most part, folks are moving to the standard cat five cat six, and there are some industrial ethernet cables that are shielded.

They have a little different connector on them, but they’re also ethernet.

Chris: 07:06

Now are those types of cables and connectors for the industrial? Would they, is that what you recommend, particularly in a process type environment?

Bill: 07:14

Yeah. So when we think about OT, there’s different environments within the OT. If you think about in a control room, in an MCC where there’s a lot of electrical noise, you may need to go with a shielded cable or more of an industrial type of ethernet cable.

If you are talking to you about maybe, the control rooms, or if you gone to the data center model where you’ve got a area that is designated for all of your servers are being run, you may not need to do as much on that shielded environment. And I also have customers who have corrosive environments, and so there are specific connectors and specific cable that could be used in those corrosive environments to keep that copper from corroding and giving you an intermittent problems, things like that.

Chris: 08:04

So I guess you really need to take in consideration the environment that the media is going to be in connectors and things like that and make the best educated decision of off of that environment itself.

Bill: 08:15

Absolutely. Absolutely.

Chris: 08:17

Okay. Now we’ve had a couple guests and we’ve talked about this a few times. I felt like I’ve been on some calls recently to just, outside of EECO Asks Why and the topic of managed versus unmanaged switches comes up and it often is confused. So maybe you can give a good overview of this for our listeners, because I know this is something that’s tripped me up in the past.

And, I think it just a good explanation would really help here, Bill.

Bill: 08:45

Okay. hopefully I can give you a good explanation. At the very high level, it’s just what it seems. So managed switches are just that. They give you the ability to manage on a port by port in the switch who talks to whom and you can actually run multiple networks.

We talked earlier about local area network versus the wide area network and a managed switch gives you that ability to adjust your ports and adjust your configurations to match what your facility needs. An unmanaged switch is just that. It is just a flat switch that you can plug devices in and they will communicate. Kind of one of the limitations that is if we think about that mixed network, where we have the wide area network and the local area network, in the same switch you think about the work that switch has to do.

If it’s just local area traffic, it’s managing that. If it’s wide area traffic, you’re dealing with the whole mill, everybody trying to communicate and the switch trying to keep up with that. So in the case of an unmanaged switch, you probably do not want to put it in that mixed environment.

You probably want to stay with a managed switch there so that you can separate the, those networks and have some isolation there. Where an unmanaged switch is the perfect fit is if you think, we said a lot of the manufacturers are moving to ethernet, industrial ethernet for IO and things like that.

If it is a localized, isolated network and everybody that is on that network should be able to talk to everybody else. And it’s isolated away from all of the traffic, that is going on, plant wide. That’s that ideal fit or ideal situation for putting in that unmanaged switch.

Chris: 10:40

Okay. And then is cost ever factor into these decisions, Bill? It sounds like to me, the manager would be the typically the way to go, but I’m just curious on some other factors here in call. Some may be one, but just like your take.

Bill: 10:55

Yeah, definitely cost is a consideration to take. Typically the unmanaged switches are maybe half the cost of a managed switch you’re depending on which ones you pick them number of ports and everything.

So the unmanaged switch is more cost-effective. There are again, specific situations where that unmanaged switch makes sense. One of the things that I really like about managed switches outside of the ability to be able to granularly control my network traffic, is the managed switch also usually has diagnostics built into them.

And so there’s logging and there’s a ton of troubleshooting and diagnostics information that’s available on a managed switch that’s not in an unmanaged switch. Again, you know, I’m more of the techie guy, like to dig down into that, probably realistically speaking, the average user is not doing that. So if you’ve got those small little isolated silos of networking, save the money and go with an unmanaged switch.

Chris: 12:00

No doubt. Thank you so much, Bill. You definitely cleared air from me, and I’m sure you did it for a lot of our listeners too. And we oftentimes, you brought it up earlier, you when you’re talking about ethernet and PROFIBUS, we hear things about industrial protocols. For our new listeners who are maybe new to OT. What should they know about those protocols to give them a good foundation?

Bill: 12:26

There’s a lot of things know about industrial protocols. Probably the biggest concern and when I’m having conversations with customers, the first thing they go to is usually industrial protocols are not very secure.

So if we think about securing our networks and we think about cyber security around the OT environment, typically industrial protocols are not encrypted. They’re not password protected. They say that the priorities, if you’re developing a OT application, it’s designed for speed over confidentiality. Where if we’re talking about a protocol that works in the business environment, it’s designed to be secured. It’s designed to run in that corporate enterprise environment.

So from a security standpoint, industrial protocols are designed for speed over confidentiality. Also a lot of the times the industrial protocols, there’s a lot more flexibility around redundancy. You think about the business need if the network going to the plant managers office goes down, it’s probably a bad day for the IT guy that’s got to go out and fix it. But at the end of the day, the plant’s still running and they’re still making product.

Where we go, we think about a switch, that’s running a production line. If it goes down, the company’s losing literally thousands of dollars, hundreds of thousands of dollars for that downtime event.

So there’s a lot of specific industrial redundancy protocols and everyone’s a little different. Everyone has specific advantages, disadvantages, configuration requirements, that kind of thing. Typically, if you’re not familiar with these, you need to go to your supplier and explain to them what your needs, what your concerns are or an integrator and have them walk you through what those pluses and minuses are. But, other than that, a lot of it is common sense if you will.

Chris: 14:29

Absolutely. Now, when you were mentioning that the, between the IT and OT a, a bad day for the plant manager impacts the IT guy more than the OT guy. I’ve heard, I’ve heard of this in the past, and I think maybe this place here to the CIA triad. It is that factor in for decision-making or maybe just understanding the priorities between IT and OT.

Bill: 14:52

Here, you’re going to trip me up on something, aren’t you?

Chris: 14:56

Yeah, typically the way I would, the way I learned, and it was given to me was for the IT world, it’s the CIA, which has confidentiality, integrity and availability where OT availability is the lead availability. And, safety’s mixed in there and then integrity, then confidentiality.

Bill: 15:16

Unfortunately with all of this stuff, everything is acronyms, right? Sometimes it’s easy to get your acronyms confused. I always, I always relate that triangle actually there’s, Sans Institute has this infographic. Of that. And that’s how I keep it straight, if you will.

Chris: 15:39

That’s great research that, and this will we’ll have that as a link for our listeners to be able to go check that out. We hear about topology too. And I know this could go anywhere, but from a, just a high level, the 101, can you explain a network topology for our listeners?

Bill: 15:59

Yeah. So topologies, one of these conversations that any network guy, he’s, he’s gonna focus in on that. And at the very high level topology is the way that switches and systems, it’s the infrastructure, it’s how the switches tie together. Yeah. And then you can get down into detail about different ways to segment traffic, to deal with workloads and things like that.

Oftentimes, we look at network topology. If we’re thinking about redundancy and fault tolerance systems is understanding how each switch talks to the next switch. And I know typically, like if we’re doing a assessment or evaluation, we’d like to even represent in our topology the past that the inner connecting cables go. Usually in an industrial environment, you’ll have a series of control rooms and then there’ll be fiber optic cable that runs between the control rooms.

And we can use that topology diagram to make sure that we don’t have that single point of failure type of thing. So it’s, so it’s a way to diagram out or graphically represent how things are physically connected, out in the real world.

Chris: 17:12

There you go. That was a great explanation. Thank you so much for that, Bill. And another thing we hear and we see, and then the OT networks are things like patch, panels, hubs, repeaters. There are a few more terms. Could, can you break those down?

Bill: 17:29

Okay. usually, um,  sometimes I tend to cringe a little bit when I hear of hubs and repeaters and patch panels, but let’s take a look at each one of them.

So hub is the, the forerunner of the switch. So it works or looks very similar. It’s got a series of ports and you plug your devices in and the devices communicate. In a hub, I guess the best way to describe it is it’s like communicating with the Bullhorn. So if somebody’s talking through that hub on the network, everybody listens, even if they’re not part of the conversation. In a switch, switches is more of a point to point type of scenario, where if computer A is talking to computer B, the switch kind of keeps that traffic between computer A computer B and the rest of the connected devices don’t necessarily have to listen to that conversation. In the hub everybody hears everything, sees everything that goes out on the network.

So typically hubs are legacy. At this point, I don’t even know if you can go out and buy hub anymore. I’m sure. There’s probably somebody out there that offers them. But typically if you’re going to buy one, you want to buy a switch so that you can be more direct with your communications.

If we look at the term for repeaters, repeaters again is a throwback if you will. Back in the day, we know like with copper table, we can go 300 meters. That’s kind that physical limit. If we have to extend beyond that, we can add a repeater into a line to basically boost the signal, to carry it further.

In today’s technology, advances in fiber optics and things like that, nobody really uses repeaters anymore. It’s just as easy to run a fiber and plug it into a switch. Or, if they do the media converter , usually if you’re going distance is a much better solution than the repeater.

And then patch panels are, it’s like the good, the bad and the ugly, right? So patch panels are this awesome tool to manage your cables and cabinets and things like that in and of itself is awesome. And if you’re in environments like the data center and things like that’s a perfect use case. If you get into patch panels out in like MCCs and things like that, where temperatures maybe not regulated. And that kind of thing. If you look at the way the cable connects into a patch panel, on the backside of the panel, basically there are little metal V’s that the wire gets pressed down into. So it strips the wire and it’s just a friction type of connection.

And so if you’re in these non-regulated temperature environments things like that, as the heat and they cool and they heat and they cool, those joints tend to expand and contract. If you’re running a pulp mill or a paper mill or something like that, where maybe it’s a little corrosive in there, you start getting corrosion in there and you start having intermittent problems, you know, disconnects or delayed data errors, that kind of thing.

So patch panels, in the right environment, are an awesome tool for cable management. Realistically speaking, if you’re in a, in an area where you’re going to have a lot of temperature fluctuations, it’s potentially a corrosive environment, that kind of thing. There are much better connectors that just go straight on the cable and then the cable would go directly into your end device. So like I said, on the patch panels, I always recommend stay away from those in unregulated areas.

Chris: 21:28

Very good. Thank you so much, Bill. That was great, great points and all that stuff. You really broke down. You not saying repeaters. The, I liked the analogy of the, uh, hub being a bull horn, and just being careful where you use those patch panels at in industry and, we call it EECO Asks Why for a reason. We like to get to the why. So why would having a general understanding of OT networks be important for any level of personnel that works inside of industrial manufacturing plant?

Bill: 21:58

I think having at least a brief foundation of what’s going on, again, a lot of these networks, it’s the foundation. It is the infrastructure. On the way that your manufacturing process works. So if nothing else to be able to understand, troubleshoot. If I have a problem, being able to at least know where the network lies, what components of data flow, the network effects, as opposed to the field wiring out to a specific transmit or something like that.

So having even a basic understanding helps you in troubleshooting. As more and more companies are going to, training for things like cybersecurity and things like that. Understanding how devices are connected together. And you couple that with like awareness training and things like that, you start seeing where, if I’m maybe accessing the internet from an HMI, how that could impact on a controller or, some Ethernet IO in the field. So at least understanding what your environment is and how it all works and talks together.

Chris: 23:05

Absolutely. No doubt. And thank you so much, Bill. You’ve really helped tie together so many of these different variables inside of OT network. I know you brought a lot of value and I really appreciate you taking the time to break this down for us to the level that you did. So really enjoyed this conversation, Bill.

Bill: 23:22

Thank you. I always try to say, when it comes to OT environments, some of it’s black box, it’s magic. And the only way that we’re going to understand it and improve on it is ask a question and have a discussion. And I think it’s great that you guys are doing this series and doing just that, you’re asking questions, you’re having a conversation about the different components within OT. I think as a whole, as a community, it’s only going to help us do better in the future.

Chris: 23:54

No doubt. And for us too, it’s connecting the world, that we, that we engage with to the experts like yourself. That’s the value and mean it’s so important, just so they know that, you guys, this is your world. This is what you live in. If I want to get better at it, I may want to listen to guys like that. uh, I, I can’t express enough how grateful I am. and thank you so much for your time today.