076. Industrial Networks Series – Network Assessments


Joe: 00:00

You got to have a smooth flowing network and it needs to be designed correctly too. But again, it’s, it’s very critical to understand all that. Otherwise you’re not going to have any operational success. 

Chris: 00:14

Welcome to EECO Ask Why. The podcast that dives into industrial manufacturing topics and spotlights to heroes to keep America running. I’m your host, Chris Grainger, and on this podcast, we do not cover the latest features of benefits on products that come to market instead. We’ve focused on advice and insight from the top minds of industry because people and ideas will be how America remains number one in manufacturing in the world.

Welcome to EECO Asks Why. Today we have a fun idea episode where we’re going to be talking about understanding network assessments. So to help us walk through this, we have Joe Frank, who was an Industrial Networking Engineer at EECO. So how are you doing Joe? 

Joe: 00:55

Good morning, Chris, how are you doing today?

Chris: 00:57

Oh brother. I am excited to walk through this. Nothing gets me pumped up in the morning, like industrial networks, man. How about you?

Joe: 01:03

Not too bad? So it’s a good day. 

Chris: 01:05

I’m not sure if that’s, it makes me weird or not, but hopefully my man K is out there listening to this one. He got a little chuckle out of that.

So anyway, get our listeners started Joe, when we talk about industrial network assessments, what is typically covered in that man? 

Joe: 01:20

So a network assessment really is basically an assessment of what switches that you have on the floor, but it also includes the physical layer. So you’re talking grounding. You’re talking cabling. And you know that there’s different types of cabling out there. You’ve got fiber, you’ve got copper. You, you even have some coaxial, but nowadays we try to stay to ethernet cable and we try to stay to fiber. So we would go through an assessment and collect switch data, unmanaged and managed switches, both.

We also would look at the cabling, the type of cabling, whether it be cat5-E cat5, cat 6. Just the different types of cabling that they have there, the different types of fiber that are involved. And we also look at excessive wiring. So that’s a big thing that’s in the assessment is looking at how much coils do they have bundled up into a cabinet that definitely has an effect on the latency with your communication between switches and other devices. 

And then the other thing, the last thing we really look at is environmental conditions. So is the cabinet full of dust. Is it getting the proper air conditioning it needs to be ventilated good and, and keep the quality of air inside of the cabinet excellent as well. So that’s kind of the typical things that you would cover in a network assessment. 

Chris: 02:44

Okay. Now from an assessment and kind of sounds like you’re walking through, I’m correlating it a little bit to this, to an IBE, like an installed base evaluation. Is it, is it like that or is it really, and assessment separate from that?

Joe: 02:59

So it is very close to an IBE, which is yeah an install-based evaluation. The network one obviously solely concentrates on the network equipment and what’s involved. So, yeah. 

Chris: 03:11

Okay, man. Thanks for clearing that up. So looking at the cables, looking at the switches. The excessive wiring and the environmental concerns. So 

Joe: 03:20

Yeah. And one other thing too, is we look at security as well. It’s where we look at is the cabinet locked or is the door locked to the room that these cabinets are actually located in? Do they have little port locks and all the open ports that aren’t being used? Things like that, of that nature. Right. So security is also a a minor part of what we’re actually collecting in the network assessment, but I think it’s solely focuses on the switches. 

Chris: 03:46

Gotcha. Okay. So by the security being more on the physical side for security? 

Joe: 03:51

Yeah, it’s more of a visual, right? Like more of a, Hey, getting into this room, we have locks on it or, this cabinet, Oh, I can just open this cabinet right up and I can just plug right into this switch. It’s that kind of thing. Just a, just a physical looking at seeing what, obviously I’m not going to be able to see the security side of a switch, unless I actually get into the switch to see if like ports are turned off and that kind of thing. So this network assessment is very non-intrusive. So you don’t really get into the switch. You’re not really plugging into the network. It’s basically just a visual of what’s there 

Chris: 04:25

Got you. Okay. Well that really helps. Thank you for walking that through for our listeners. So, so inside of a an industrial facility, who typically is involved with doing these assessments? 

Joe: 04:36

The typical people that would get involved as obviously myself, a network engineer. Also you would probably get someone from the IT department and you might even get somebody from maintenance, either be head of maintenance or a very experienced maintenance guy. That’s been there for a long period of time.

Whoever really is going to go out there and manage these switches, right? Replace them. Keep them up to date, adding devices to them, that kind of thing. So those are the people that are really going to be involved. 

Chris: 05:06

Got you. Okay. So we’ve had several conversations, Joe, just so you know where we’re talking about IT and OT that convergence there to how things are starting to really get crossed in plants and come together, which is good, but it also presents its challenges. So how do those two worlds intertwine? When you’re talking about network assessments. 

Joe: 05:26

So this is a very, very important question, and it’s a very good answer to why we have to have this convergence. And the one thing you need to understand first is there is a level in the plant that is called the demilitarized zone, which is where you would draw the line between IT and OT. 

Below the DMZ, that’s what it’s abbreviated as, would be your operating side where that would be all of your switches and communication on the plant floor. Above the DMZ would be your IT department. Your switches for enterprise, like everybody’s desks and that kind of thing. Right? So. What you really need to understand is, is that nowadays what we’re trying to do is they’re trying to get a lot of the information from the OT side, the operating side, up into that enterprise infrastructure so that more people can see this data so they can analyze it and interpret it.

And then that way they can find better ways to increase the performance of these machines in the future. So it’s very important. It’s getting to be a very common thing. And I think it’s, it’s definitely going to be the way of the future. And everybody really needs to understand that there is going to be this convergence of IT/OT for I’m going to say the least, at least the next like 25 years. It’s going to be a very big topic because there needs to be a very strong relationship between IT and OT.

And a lot of the I T if you would understand this, a lot of the it guys really focus on fixing things that are broken or communication issues on the enterprise side. But when they start moving down to the OT side, they also need to understand that there is a very strong sense of time concern, where they need to be on this stuff a lot faster then when they work on things in the IT enterprise side, because they really do have some time on the IT side, as opposed to the OT side, it needs to be running 24/7. So it’s a very important topic with IT and OT, this has to work in the future going forward for a lot of process.

Chris: 07:40

So, how are the priorities different between IT and OT? You mentioned the speed. Making things a priority from an IT standpoint. Sometimes it’s, I guess speed is, is not the priority for them. 

Joe: 07:53

Well, so. Speed is going to be a priority for them. If they’re working on something on the OT side, right? I mean, you, you you’ve been in the field, I’ve been in the field, we’ve all seen it where if a machine goes down the customer, we got to get this up, we gotta get this going because we’re losing money. But it’s very important that they get that fixed right away. And I don’t, I don’t think it has that mindset yet because they’re still in that world of, Oh, well this printer’s down over here. Well, I’ll get to it tomorrow. Do you know what I’m saying? 

So they need to understand that they got a printer down. Yeah. That’s one thing you can work on that tomorrow, but you need to make sure that you prioritize and whenever there is something wrong with the factory floor that makes your company money, you need to get that done. And that’s where IT lacks their type of experience. You know what I’m saying? 

Chris: 08:42

Right. And in previous episodes, Joe, we talked about, I, I think it’s called the CIA triad where they’re talking about it, what the priorities are in OT, what the priorities are. And it, if I remember correctly, it was confidentiality, integrity and availability. Where OT it’s availability, integrity, and confidentiality. You kind of kind of flip it. So you 

Joe: 09:08

flip it. That’s right. That’s exactly right. Yep. Yep. 

Chris: 09:10

Gotcha. Yeah. Okay. Just trying to pull back from the memories, man, you had to forgive me, but I felt like that’s where you were talking about right there.

Joe: 09:18

Yep. 

Chris: 09:19

Cool. Very cool. Well, thanks man. And you mentioned earlier when you were talking about machine performance, right? And lots of times people think about output. How much more can I get out of my process, but what about network performance? So what are some ways that the end users, if you’re listening out there and you’re a plant, what could they focus on to enhance their network performance that at the machine level?

Joe: 09:42

So one thing that I’ve noticed in the field a lot is at a machine level, there are a lot of unmanaged switches being used, which is not a terrible thing, but at the same time, you have a lot of traffic that’s going to places where it doesn’t need to go. And it’s, it’s going to bog down the network and it’s going to affect the communication between like a PLC and drives or whatever devices you’re talking to.

With managed switches, you are able to filter out that traffic, or you can logically set up what’s called a V LAN, which is a virtual LAN. So what you would do is you set up this virtual LAN and what it would do is it would keep all those devices in that specific little LAN. And it would just have those guys talk to each other and that’s first priority.

So that has first priority over anything else in the switch. So those guys are going to solely talk to each other and ignore anything that’s coming in and out of the data, unless you want it to. So you could actually set it up so that you could talk to a specific device. So utilizing a managed switch to segregate traffic is very important at a machine level to keep the performance of the machine. I guess it’s integrity really is what you’re doing. 

Chris: 11:04

You said you’re seeing a lot of unmanaged switches used. 

Joe: 11:08

Yeah. 

Chris: 11:08

Why is that? Cause, I mean, to me, you just walked through three or four great reasons why I may switch to be the only type of switch you should have in an industrial environment. And it made all the sense in the world. So why do you see the unmanaged out there? 

Joe: 11:23

I think number one, people don’t understand managed switches, which is a big, big problem. Number two cost of a managed switch is a lot more expensive than an unmanaged switch. And that’s probably the two biggest reasons I would say.

And I guess they just, they just don’t understand it. And I’ve, I’ve actually had to sit down with customers before and just train them and say, Hey, look, this is what our managed switch will do for you. And then the light bulb goes off. Oh yeah, that’s great. Like we, now we completely get it. We understand why we should be using managed switches, but there’s a lot of customers that I, and I would say it’s a cost thing, but again, they don’t understand how it works. So they really need to come up to speed on that. 

Chris: 12:05

So when you’re sitting down and let’s say, you’re sitting down with somebody who maybe they’re not super technical like me, so you can just say, you’re talking to me all right. When it comes to network switches and you want to walk through the, those key areas of why I should consider a managed network swhich in my industrial plant what are you talking about in those situations?

Joe: 12:29

So what it is is they need to understand that the one thing that, that a maintenance person gets very confused about is the fact that they don’t like the plant LAN or the it side is going to be plugged into like one of these switches that’s on their machine.

They don’t really like that because they understand that plugging this thing in could be a problem in the future, which nine times out of 10 it happens. I mean, I don’t know how many times I’ve been woken up at three o’clock in the morning saying, Oh, you know our machine’s down.

Can you help us? What’s going on? Well, What changed? Oh, well we plugged the plant LAN into the switch. Well unplug it.. Like, did it fix the problem? Oh yeah, we’re up. And we’re up and running again. So there’s a lot of problems with that in particular, where it thinks they can just go in and tap right into an unmanaged switch and say, okay, well this is on the network now.

We’re good. When really it’s flooding that switch. And now you’re going to have all sorts of performance problems on the machine. So to get them to understand that, Hey, if I put in a managed switch here. That kind of keeps the plant LAN from being connected into your devices and your machine. So we can segregate those two.

So it’s basically like he’s not even there. So that’s, that’s very important, especially to maintenance people and to people that don’t understand that because they know that a network can get overloaded and they know that a machine can be taken down from it, but they just. Don’t understand that they can put a switch, something else in there that will actually say they can still have that connection and everything will run perfectly fine, just like it used to.

So, yeah, understanding that is a, is a big concept. And I think a lot of people misunderstand that. 

Chris: 14:12

Gotcha. Okay. Now, also that there’s so much data moving in these plants now. how does that data traffic factor into these decisions, Joe? 

Joe: 14:21

Yeah, so data traffic, that’s, that’s a big thing too. And again, I’m going to go back to the V LANs. If you can possibly get individual machines on these separated networks where they’re logically separated in their V LANs, it will keep the performance where it needs to be. And basically the it side or the plant side. Is going to be just listening. So they’re just going to be gathering that data, not as opposed to flooding the network with the data, you know what I’m saying?

Chris: 14:51

Right. Absolutely. Okay. I mean, that, that, that helped a lot. And then I guess just having those managed switches, this is that much more of an enhancement to that network to handle that problem. 

Joe: 15:01

Yes. And it also keeps the traffic. When you set up a V LAN, it keeps that traffic within that V LAN. So if you have, let’s just say four or five drives and a PLC on one managed switch, and you’ve got them all on one V LAN. That’s keeping all that traffic right there in that one switch. It’s not going anywhere else. It doesn’t go from that switch to the next switch up. It stays right there unless you set it up so that you can listen to that V LAN. So it keeps it segregated from blasting all that information out throughout the plant. You know what I’m saying? 

Chris: 15:32

Right, right. Okay. So I guess that comes down to like network design and architecture. So people like network engineers, and I’m assuming this is kind of it’s stuff you get involved with. Right? You, you find these problems where the data’s colliding and why and understanding how the data needs to move and then design the system to facilitate that.

Joe: 15:52

Yep. 

Chris: 15:53

Perfect. You make it sound so easy, Joe. 

Joe: 15:57

Oh, I’ve been here for a long time, so it’s, it just comes natural after a while. 

Chris: 16:01

I hear you, buddy. Well, you’re doing a great job. I mean, and you, you mentioned earlier when you were talking about the key areas that really an assessment covers, you talked about security and that’s a big topic, particularly for a lot of our listeners. We’ve covered security in several different areas of EECO Asks Why. So what can someone do to understand the security risks that they may have right now as their networks sits today?

Joe: 16:26

Again, they can look for those small items things like keeping those cabinets locked, where you have access to plugging into those ports.

They do sell these little port locks. You can plug into the front. So the physical ports, right? So that you can keep people out of them. You can also, when you’re in the switch, configuring the switch, you can turn those ports off when they’re not being used in that way. If somebody does come in and plug in.

That they’re not going to affect that network and have they plug in with the same IP addresses one of the devices. Obviously you don’t want a crash. Right. Which you will crash. 

Chris: 17:01

I haven’t heard that one, Joe. So you’re saying I’ve heard about the physical one where you, like, you literally can’t plug anything in because it’s a block there. So you’re saying inside of the managed switch, you can configure it. Well, that’s basically a dead port. 

Joe: 17:15

Yes. You can enable it and disable it. You can actually turn the port on and off. Yep. 

Chris: 17:19

Awesome. What else? 

 Joe: 17:22

As far as security goes you could also do, I know we actually offer another service and I know this doesn’t apply for everyone, but and the state of Virginia, as EECO is a Rockwell distributor. We also do what’s called a security posture survey. Which is another service that we offer that you would actually go in. And as long as they have managed switches, in certain locations of the plant, on the operating side, we are able to go in, be non-intrusive and collect that traffic data for like 20 minutes per switch.

And then we gather all the data we give it to Rockwell and then Rockwell actually gives us a nice little report, actually two reports. One basically saying at what kind of risk your network is. And then the other one would be like a report printout of like your traffic, like all your packets of data, like actually printed out on a sheet. Then that way you could actually go through and sort them by which one’s highest risk and which ones lowest risk and that kind of thing.

So it’s a very, very nice service, but there’s stuff like that. That’s out there. There’s I know there’s other companies that offer that as well. So security is a very new field for, especially for networking, but I think it needs to be done in the future, just because everything’s being connected nowadays, so that’s, that’s gonna be a big issue. 

Chris: 18:44

Yeah. We were talking to a guest the other day, Joe, and they were talking, I think the stat he gave out was like 3 billion smart devices out there now. I mean, it’s just ludicrous when you think about that number, but so much data and then as we start to learn how to utilize this data better and plants and make better decisions, more and more people are going to want to, what can you get this from that? Can you get this from that? So next these networks won’t get full quick and the amount of data we’re moving is unbelievable.

So yeah, you’re all over it. Man. Security is important. It sounds like a really cool service from Rockwell. Cause it sounds like that gives you somewhat of a game plan that you can move forward to attack the problems or the risk areas in your plant versus just having to start with a blank sheet of paper that can be intimidating.

Joe: 19:30

Yup. Yup, absolutely. 

Chris: 19:32

Cool, man. So you’ve been doing this for awhile. What do you see out there? Any common themes from a network assessment standpoint that you see as low hanging fruit from a security standpoint? 

Joe: 19:42

From security standpoint, a lot of unmanaged switches, a lot of unlocked cabinets, a lot of easy access to switches in the field next to machines. That’s a very common problem with a lot of industry. It doesn’t matter what the industry is. It’s pretty much across the platform. 

Chris: 20:00

What about just regular stuff, Joe? You’re talking about excessive wiring and cables and just, it’s just switches. What do you, what are, what about those areas?

Joe: 20:09

Physical cabling is, is a huge issue. I know a lot of people, they think that well, we’ve got enough cable here. Let’s just coil up a few coils and leave it in the cabinet. And then they got extra cable in case they need to move something somewhere or whatever. Right. And sometimes that’s a good idea, but sometimes it’s really not because with any kind of cable type, like fiber or even copper, it only has a certain distance that it can go, right? Like copper is limited to 333 feet. I think it’s a hundred meters, something like that. So you can only go so far with copper. So that’s, that’s things you need to consider when these guys are running these cables and stuff and coiling them up like that, like, is that too much cable?

And the longer your run is you’re going to lose a little bit, right? You’re going to have a little bit of increased latency, the more feet you add onto that cable. Right? So it’s things like that, that they need to really pay attention to and then connector ends like the little connectors you actually put on.

Some of them are the cheap plastic crimp on connectors that are pretty bad. And then I’ve seen some people go way overboard where they buy those like $30 real nice cat five, cat six crimped on ends where they actually liked screw terminal in there really nice metal. You know what I mean?

The ground real well. So it just depends on your application obviously, but you really need a strong physical layout before you can continue with, okay. Now I’ve got it physically mapped out. Now I’ve got I’m perfect. On the physical side. Now I’m going to move on to the logical side, right? So you need to understand that you have to have a strong backbone and, and that’s very important. To have the proper network and industry. 

Chris: 21:53

Right. And I know too, Joe, I’ve seen, in some cases I’ve been in plants where you see the best buy switches out on the floor or sometimes the network area or rooms or closet. It’s, there’s, there’s no heater and there’s no cooling in there. Just, just there’s cakes of dust, just standing on top of these devices. So, I mean, just understanding that this is important to you you’re moving your data with these devices and not just letting any, anything enter that system then. 

Joe: 22:23

Yep. Absolutely. 

Chris: 22:25

Great stuff. What about wireless, man? When you’re talking about assessments more and more customers and or end users are starting to use wireless technology, how does that play into a network assessment? 

Joe: 22:38

So on the network assessment side it’s going to be different for other people.

I don’t really do much with wireless now. Have I? Yes. I’ve done some wireless in the past. Industrial. Not a lot of it. I guess I want to say I’m an amateur when it comes to wireless and the industry home stuff. I’m very good with, I do know that. You’re really going to use wireless when there’s really no way to use wired connections, right?

Like if you’re outside and let’s just say like a, a wood yard of a paper mill, that’s really a good application for wireless. You can put a wireless antenna way up high somewhere, and you’d be able to communicate to your cranes or whatever you’re using to move things around or that kind of a scenario.

But that also can be locked down and secured where only certain devices where they use like access control lists, where a certain device can only talk to another certain device right. Where they actually keep it so that you can’t really flood that network or piggyback off that wireless using security like on your home routers and stuff like that, you would use certain types of security protocols to keep people from getting into your wireless network. Right. Same idea for industry. 

So, yeah, it’s, it’s a very big thing. This network assessment really concentrates on the physical side of wired networks and I see a little bit of it here and there, but for the most part, within a lot of the places that I go to with all the plants that I go to, I don’t see them using wireless very often. It’s it’s again, it’s, it’s a specific application. So you would only use it in certain types of 

Chris: 24:13

Right, right. Okay. I mean that, that helps man, I mean, we do see a lot more wireless devices being developed. At some point they’re going to enter industry and they’re trying to break through and some already have, I’m just curious is that part of a standard assessment now, but it makes perfect sense on how you want to focus on the physical media.

What’s there. I understand that the inherent risk in it and address that and then address the wireless as a complete separate entity. So at some point the two, I think we’ll probably start getting closer and closer to each other and maybe more from a security side. Definitely they would because the risks are the same.

So man, this has been awesome, Joe, you really impact a ton of information for our listeners today. And we call it EECO Asks Why for a reason brother, and we have to get to the Why. We usually do that at the end. So why is understanding your network so crucial for successful operation of a business, man in the future?

Joe: 25:10

Like I said before, you got to have a smooth flowing network. And it, it, it needs to be designed correctly too. You need to follow like the CPWE standards. What it is is it’s a standard that was developed to allow you to help you lay out your network in industry.

And again, it goes into that demilitarized zone and then shifts all the way down to the different levels. So that you understand how it should flow properly and you can build in redundancy and all that kind of thing. But again, it’s, it’s very critical to understand all that otherwise you’re not going to have any operational success, so not overloading your network and making sure the architecture is good.

That’s the key to really making sure you have a strong backbone. That’s always important. And to make sure you have it segregated as well. Right? So like, again, I’ve been to certain customers where they actually have their plant LAN and they’re operating LAN on the same switches. Like everything is on the same network.

It’s like, no, you don’t want to do that. You actually want to keep the separated, then that way there’s, it’s more secure. So. It’s, it’s very important to just understand all that as a whole. And laying it out properly is a very, very big key to success. 

Chris: 26:29

No doubt. You have to understand where you’re at, so that you can know how to improve moving forward. So this is great. This was a wonderful information that you shared today, Joe. I think everybody has a better understanding of network assessments. Why they’re important and definitely hopefully they you’ve convinced a few people to move forward, my friend to taking action, because if you get ahead of it now, you’re only setting yourself up for success in the future.

So thank you for taking so much time with us today, Joe, and the wisdom, the insight. It was wonderful, man. 

Joe: 27:02

Yeah, absolutely. Chris, I appreciate it, man.