Networks and Switches: Making the most out of your SCADA

Communication networks and associated network switches are key components in Supervisory Control and Data Acquisition (SCADA) systems. Communication networks can vary in complexity, size, the type and number of equipment being monitored, the level of security required, the network architecture, latency and bandwidth, along with data reporting requirements. In this article, we look at network architecture, redundancy, security, converged networks and switch technology, as well as the differences between industrial and corporate networks.

Networks and Switches: Making the most out of your SCADA

Architecture

Communication networks encompass both hardware and software, from a basic unmanaged switch with a small number of ports and basic configuration ability, to large-scale mission critical systems that require extensive knowledge of networks including protocols, layering, bandwidth, cabling (copper and/or fibre-optic), security, redundancy and reliability. The network arrangement and architecture requirements are typically covered off at the early design stages of a project to ensure the network system will function as intended, with consideration for integration into a wider network if required.

Basic network architecture may include a single or multiple switches, structured cabling, a connection to the field devices and, for smaller segregated systems, a PC or server. For larger systems it is not uncommon to have multiple switches connected via a ring, star and/or bus topologies, some of which may incorporate layer 3 functionality such as routing, combinations of fibre and copper segments, various protocol capability and even wireless segments to remote or difficult to reach devices.

Core and edge switches

There are two basic types of network switches ‒ core and edge ‒ both require careful consideration when it comes to the design and implementation, including the number and types of devices they will be connecting to, the amount and type of traffic and if management capabilities are required.

A core switch, or backbone switch, is used for connection to equipment such as servers, routers, firewalls and associated lower level network switches. Core switches are designed to be high capacity, have built in redundancy and should always have management capabilities, and they typically connect to equipment that cannot experience downtime.

Compared to an edge switch, core switches have greater features such as higher backplane speed, layer 3 with routing protocols and physical redundancy, and will typically have deeper buffers.

On the other hand, edge switches ‒ or an access node or service node ‒ are used to connect individual devices to a network segment that can access the main network core. Client devices including PLCs, RTUs, laptops, desktops, CCTV and wireless access points are typically connected to edge switches.

Edge switches can be routers, routing switches, integrated access devices (IADs), multiplexers or WAN devices. Edge switches are not usually as critical in operation as the core switches, however if downtime of these devices cannot be tolerated, then redundancy of the entire network can be achieved with managed switches and implementing ring topologies.

Redundancy

Critical systems typically require redundancy at some level in order to keep critical servers or devices online, and keep gathering information and data if a network failure were to occur.

Network redundancy is needed for critical operations where a loss of network connectivity can result in processes stopping or the control system not working as intended, or where the associated costs of such an event occurring are unacceptable. Adding network redundancy in a system can involve device wiring, various types of switches, a ring network or other network infrastructure, as well as network interface cards (NICs) in the computer, PLC, RTU or other devices.

Security

Network security is a growing concern with critical infrastructure becoming a potential target of cyber criminals. This makes it imperative that communication networks and control systems are designed by experienced engineers who are up-to-date with the latest in automation and cyber security technology, trends and standards. As well as a correctly implemented SCADA system, regular security checks, report monitoring and standard protocols need to be introduced and used by anyone with access to the network.

Users should take advantage of permission-based access to restrict who can access certain tools or process areas and ensure external access is authenticated. USB keys cannot be directly plugged into the SCADA PCs, foreign laptops cannot be plugged into spare ports, and email is not directly accessible on the control network.

Industrial network vs corporate network

There are two main types of networks: industrial and corporate.

Industrial networks are typically controller level communications and are usually only accessed occasionally for maintenance. These communications are critical as network failure can result in critical equipment damage, loss of power supply, process issues or damage to the environment or personnel.

Industrial networks are specified and designed specifically for the type of connected devices and are sophisticated and complex in nature. Deterministic network behavior is important in industrial networks to ensure reliable communications necessary for application redundancy.

On the other hand, corporate networks require some redundancy at their core to keep critical servers online if a network fails such as an Ethernet switch or router. Typically, redundancy takes place in a matter of seconds and is usually transparent to the end users. They usually use mesh arrangements and interconnecting switches with these topographies supported by protocols to provide loop-free redundant paths to devices.

Corporate networks are designed for the asynchronous exchange of files, email and business intelligence system access as they do not require deterministic message delivery and are not typically affected by network failure.

Networks and Switches: Making the most out of your SCADA

Converged networks

In the past, operational technology and information technology remained separate and distinct from each other, however this has been changing over recent decades as the disconnect between networks has generated unreliable outputs, and the benefits of enhanced security and performance have not been realised. This has led to an increase in converged networks.

In many industries there is an increased integration of wired and wireless communications between a growing number of intelligent devices with information technology entering the operational space through smart meters, automated asset distribution systems and self-monitoring transformers to name a few examples.

These converged networks are increasing asset owners’ ability to proactively manage their assets, optimise their systems, provide their workforce with greater insight and actionable information, and reduce service disruption frequency and duration.

In the second part of this article, we will look at fibre versus copper cabling and how to leverage your network.