Machine networks

SMOKE · Feb 17, 2009

Wish I knew new more about the subject.
How do you protect your machine from the network.
Do you use 2 Ethernet cards on the rack or processor and rack?
Or do you have a configurable switch with the PLC behind... If I even know what I am saying.

RussB · Feb 17, 2009

SMOKE · Feb 17, 2009

I hate you. learn me.

SMOKE · Feb 17, 2009

sorta old funny thing from old days. Can you expound. I am in need of an education here. Not on the 2 PLC ethernet thing but on the switch.

jvdcande · Feb 18, 2009

The best way to protect the machine from the network is to keep it away from it completely.

Second best thing is to use a separate network for automation.

If you need to connect the automation network to the outside world (IT and further), place a tightly controlled firewall in between and make sure YOU control it, not the IT guys. Usually they don't have a clue what automation needs and mostly they don't even bother to give a damn about it.

Kind regards,

elitheei · Feb 18, 2009

Dont let IT guys do PLC work and dont let PLC guys do IT work and it works out ... LOL that ways the roads dont cross paths. Its like railroads and DOT guys .... keep em seperate to put it simple. In some plants people like to dabble in every thing but like the man said keep information on one highway and automation on another highway. Only exchange data when necessary. As a PLC guy you decide what is necessary and you will keep YOUR stuff safe

Ken Moore · Feb 18, 2009

My arrangement uses two firewalls, with a "DMZ" in the middle, the DMZ contains machines that need access to both networks, typical DMZ applications are data historians, configuration apps., and perhaps backup devices (tape, data storage units etc...)

Business LAN (BLAN)-|firewall| historian |firewall|---Process control network

surferb · Feb 18, 2009

Yes - this arrangement is good. Keeping the networks separate is better (from a security perspective), but not usually possible. If you have the resources, you can expand on this idea with separate subnets and VLANs and routers in between.

Elitheei's comment has a little practical merit, but is way off base. Most PLC guys are pretty clueless about networking and security, which is where IT can help. Just use discretion when working with them - they need to know to do things differently like not automatically patching workstations, or installing anything for that matter. Similarly, IT guys won't know a thing about PLCs and process control - that's your realm as the PLC guy. It's a matter of communication, policy/procedure, and where the line is drawn.

Ken Moore said:
My arrangement uses two firewalls, with a "DMZ" in the middle, the DMZ contains machines that need access to both networks, typical DMZ applications are data historians, configuration apps., and perhaps backup devices (tape, data storage units etc...)

Business LAN (BLAN)-|firewall| historian |firewall|---Process control network

SMOKE · Feb 18, 2009

Thanks for replies.
I got a second EBNT card I think even with a router between the switch my system needs it. I am using some Enet/IP for I/O. I have 6 gateways on the system each can handle 64 inputs and 64 outputs. A 2 axes RMC and a VersaView. Then there is a SQL server on the other side.

mandel1291 · Mar 6, 2009

So what firewall products are people using? Do you like them?

Machine networks

SMOKE

Member

RussB

Lifetime Supporting Member

SMOKE

Member

SMOKE

Member

jvdcande

Member

elitheei

Member

Ken Moore

Lifetime Supporting Member

surferb

Lifetime Supporting Member

SMOKE

Member

mandel1291

Member

Similar Topics