fiber ethernet question

agarb

Member
Join Date
May 2006
Location
USA
Posts
309
Consider two control panels 100 meters apart. Customer is to run fiber between them so the PLC can talk to the HMI. Each panel has an A/B Stratix 1783-US6T2H switch that has 2 FE singlemode preinstalled fiber SFP modules with dual LC connector type.

Customer is in another country with a weird looking alphabet so there is a language barrier. They seem to think that I also need to provide “Fiber Patch Cords and Fiber Ports as well as Fiber Optic Patch Panels (OJ)”.

I’m not sure what they are asking for. I figured they would get 100m of fiber and have somebody install an LC connector on each end and plug them in. What am I missing? I know next to nothing about fiber. Tried to do a web search but came up empty.[FONT=&quot]
[/FONT]
[FONT=&quot]Picture of switch is attached.[/FONT][FONT=&quot]
[/FONT]
[FONT=&quot]Thanks for the help.[/FONT][FONT=&quot]
[/FONT]

switch.jpg
 
you need to confirm that single mode connection is what you have
and if you need both connections used. single mode has been an issue in the plants I worked at.
if they are dual mode connections, I would use multimode fiber.

the next question is how will you get the information out of the plant to the customer?

the BIG QUESTION is how will you secure this connection? giving them access will allow them to modify the program, timers, setpoints, any thing they want. in my opinion, this is bad.
you also open the door to hackers. you need a firewall between the plant and them, like kerio control (what we use), you can assign users and access rights to get in.
james
 
Last edited:
the BIG QUESTION is how will you secure this connection? giving them access will allow them to modify the program, timers, setpoints, any thing they want. in my opinion, this is bad.
you also open the door to hackers. you need a firewall between the plant and them, like kerio control (what we use), you can assign users and access rights to get in.
james


Why is it bad to let the customer have access to their own PLC?


Do you normally put a firewall on every Ethernet cable between cabinets? Every single plant I've been in treats the control network between the PLC and HMI as trusted.



I feel like I'm missing something, or you are?
 
you need to confirm that single mode connection is what you have
and if you need both connections used. single mode has been an issue in the plants I worked at.
if they are dual mode connections, I would use multimode fiber.

the next question is how will you get the information out of the plant to the customer?

the BIG QUESTION is how will you secure this connection? giving them access will allow them to modify the program, timers, setpoints, any thing they want. in my opinion, this is bad.
you also open the door to hackers. you need a firewall between the plant and them, like kerio control (what we use), you can assign users and access rights to get in.
james


They specified single mode.




Security is of no concern here as we also have to include a laptop with a registered copy of software when we ship the machine.




I'm mainly trying to understand what they are asking for when they want me to provide “Fiber Patch Cords and Fiber Ports as well as Fiber Optic Patch Panels (OJ)”.
 
Also, attached is a portion of my original drawing that they marked up to to include the "OJ" as well as the foreign test and blue translation by our rep.

network.gif
 
Usually you will terminate the fiber to a fiber patch panels. Then you run fiber patch cables to plug in the devices. Usually the cable ran between the devices are not a cable you want to have to work with, patch cables are flexible and designed to be disturbed.
 
MK42,

in regards to the customer having access.
first off, they are in a different country, no issue there.
What I am referring to is having access to is the plc code, hmi code, scada code and making changes. Even if it is their machine, who knows what the customer will do to the code while it is running, what about when maintenance is working on the machine? that's a big issue.

secondly, if the customer is in another country, they have to get internet access, that means putting up security measures to prevent hackers from getting access to the machine and other plc's / computers in the plant. there are also computer viruses that will replicate themselves throughout the network. first it's 1 hour, then every 30 minutes, then every 15 minutes, then every 5 minutes, then every minute.
Laugh all you want, we spent (4) 18 hour days getting rid of a virus that did just that. almost shut the entire plant communications down. I do NOT wish that on anyone.
james
 
I would guess that they want the 100m fiber cable terminated on each end in a patch panel and then use a patch cord between the panel and the switch. In your screenshot, the OJs would be the patch panels I believe.
 
MK42,

in regards to the customer having access.
first off, they are in a different country, no issue there.
What I am referring to is having access to is the plc code, hmi code, scada code and making changes. Even if it is their machine, who knows what the customer will do to the code while it is running, what about when maintenance is working on the machine? that's a big issue.

secondly, if the customer is in another country, they have to get internet access, that means putting up security measures to prevent hackers from getting access to the machine and other plc's / computers in the plant. there are also computer viruses that will replicate themselves throughout the network. first it's 1 hour, then every 30 minutes, then every 15 minutes, then every 5 minutes, then every minute.
Laugh all you want, we spent (4) 18 hour days getting rid of a virus that did just that. almost shut the entire plant communications down. I do NOT wish that on anyone.
james

I think we're getting OT here, but I think we're making some different assumptions about his setup. I was assuming that he was building a machine, shipping it to another country, and working through the details of installing it over there. At that point, I assumed he'd be hands-off. I'm not quite sure what you're assuming, that he's giving his customer access to a machine in his facility?

From my perspective, if I build a machine, sell it to someone and ship it to them, why wouldn't I want them to be able to change the program or setpoints? Could they mess it up, sure, but it's their problem at that point, not mine. Unless they want to pay me to fix it. In my industry, there are no black boxes; everything is delivered with all source code or it is refused.

I agree that any internet facing comms absolutely need to be protected, and it's a good idea to do it to comms leaving the control level as well. Cybersecurity is no joke. I've only ever seen a firewall between a PLC and an HMI in a network vendor's brochure, though.

I heard there were a couple plants in my area brought to their knees by wannacry a few years ago. It isn't just you.
 
you need to confirm that single mode connection is what you have
and if you need both connections used. single mode has been an issue in the plants I worked at.
if they are dual mode connections, I would use multimode fiber.

the next question is how will you get the information out of the plant to the customer?

the BIG QUESTION is how will you secure this connection? giving them access will allow them to modify the program, timers, setpoints, any thing they want. in my opinion, this is bad.
you also open the door to hackers. you need a firewall between the plant and them, like kerio control (what we use), you can assign users and access rights to get in.
james


I don't know why you'd assume that a fiber optic link between the PLC and HMI would somehow expose the network to the Internet.
 
Wow! some folk go right off topic here.....

Same as I have here...we have two panels on the one site that are too far apart to use CAT6, so we use fibre.

If you only have the one fibre between panels, then terminate the fibre in something like a Panduit Fibre Optic Connector, then patch cable to the switch at both ends.
If you go into multiple connections, then you look at other options for fibre terminations, but nothing complicated.

I would also check what the SFP ports actually are, as there are different models with multimode, singlemode and different speeds. (just checked - they are preinstalled 100BaseLX)
 
Last edited:

Similar Topics

I am starting a project to upgrade our building utility system. The actual swap out will be done by outside contractor. The new system is IP...
Replies
17
Views
4,483
Is there a difference using ethernet or fiber in GE Proficy 9.0 using profinet? We have an issue where a panel has been moved and ethernet can't...
Replies
5
Views
2,714
Hi All, I have done communication of Clx L63 ad Micrologix1400 through fiber optic media(Msg),but I have encounter problem. When I recycle power...
Replies
5
Views
7,995
I need to convert Ethernet to Fiber-Optic. Can anyone suggest me something that is robust? The type of the fiber Cable used is 62.5/125 µm.
Replies
5
Views
2,525
Hello, I want to compare Fiber optic and ethernet communication in automation field.Please tell me the differences regarding...
Replies
2
Views
4,013
Back
Top Bottom