×
Siemens Industry Online Support
Siemens AG
Entry type: Application example Entry ID: 109775490, Entry date: 05/27/2020
(5)
Rate

Structure of a large production network based on ARUBA and SCALANCE products

  • Entry
  • Associated product(s)
Many large and mid-size companies face the challenge of building a standardized network for their production plants that developed over time. This article demonstrates a combined SCALANCE/HPE ARUBA/Palo Alto solution which is based on a logical separation of IT and OT using segmentation and a central firewall.

Principal requirements for large production networks are: 

  • Separation of the enterprise network (IT) from the production network (OT) by segmenting the network into logically separated zones. 
  • All communication between the two networks has to pass through a central firewall. 
  • A redundant datacenter, based on a modern virtualization solution, is installed in the production network. 
  • The infrastructure in the backbone of the production network requires a high data rate and a high port density. 
  • Highly flexible communication must be possible between the individual production cells and the industrial datacenter. It must meet current standards with respect to availability, security, scalability, flexibility and network management. 

Solution
Due to a high bandwidth requirement in the backbone of the production network, which also contains an industrial datacenter, transfer rates over 10 Gbit/s may be necessary. The central firewall has to secure the communication between the cells as well as the IT-OT communication. Therefore, this application example will use a Palo Alto Networks firewall which offers the appropriate bandwidth and protocols for communication between IT and OT. HPE Aruba switches are used in the backbone. At the aggregation and production cell level, SCALANCE X network components are utilized. 

Owing to a high bandwidth requirement in the backbone of the production network, which also contains an industrial datacenter, transfer rates of over 10 Gbit/s may be expected here. Because the central firewall secures not only the communication between the cells but also the IT-OT communication, this application example will use a Palo Alto firewall which possesses the appropriate bandwidths and the necessary protocols for communication between IT and OT. All central switches in the backbone are used in conjunction with components from HPE Aruba. For the aggregation and production cell level, this solution approach uses SCALANCE network components throughout.

The following graphic shows the complete structure of the network used in this application example.



Documentation

The document describes the structure in detail, compares various solutions on a general level and presents you with all tested communications and failure scenarios in this network.


  Documentation (1,6 MB)



Additional information

The following links to application examples address some of the principles applied in this solution with SCALANCE components.

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.
Rate entry
no rating
Requests and feedback
What do you want to do?
Note: The feedback always relates to the current entry / product. Your message will be forwarded to our technical editors working in the Online Support. In a few days, you will receive a response if your feedback requires one. If we have no further questions, you will not hear from us.