Scaling API-first – The story of a global engineering organization
L'Internet des objets (IDO)
1. Johan Arens - Conseiller, ingénierie de réseaux //CCIE#29341, CCNP Voice, CCDP
7 décembre 2016
Cisco Connect Montréal 2016
L’Internet des objets (IDO) dans
le secteur manufacturier
2. Équipe CCiQ Cisco au Québec
Etienne Simard Sylvain Denoncourt Johan Arens
3. • Vision de Cisco
• Réalité du monde manufacturier
• Architecture et Sécurité
• Edge Computing
• Conclusion
• Questions / Réponses
Agenda
4. “L’Internet des objets est une façon
intelligente de connecter des
équipements physiques pour aller
extraire des améliorations substancielles
dans notre efficacité, croissance d’affaire
et amélioration de la qualité de vie.”
Qu’est-ce que l’Internet des objets ?
9. Opérations en silos
Pas de choix technologiques communs
Dépendance des OEM ou fabricants de lignes
Réalité du monde manufacturier
10. Musée des systèmes d’exploitation
Usines installées proche des matières premières
Centralisation des centres de données
Production sur demande
Faire plus avec moins
Réalité du monde manufacturier
11. Relations tendues entre IT et OT
Réalité du monde manufacturier
CIA AIC
Availability
Integrity
Confidentiality
Confidentiality
Integrity
Availability
12. Relations tendues entre IT et OT
Réalité du monde manufacturier
Marc, OT
Bernard, IT
Bernard, J’ai besoin d’un
adresse IP pour
remonter ma drive que
je viens de la remplacer.
Ma motion ne marche
plus !
Ah ! Il a des SAN lui
sur son plancher ?
Marc, donc pour bien
comprendre tu as
besoin de remonter ton
SAN pour pouvoir
bouger des VM d’un
SAN à un autre ?
14. Changing Industrial Automation Networks
Ethernet and IP Provide Foundation for Manufacturing 2.0 Initiatives
Robotics
Human
Machine
Interface PC-Based
Controllers
Motors,
Drives, and
Actuators
Programmable
Logic Controllers
Office Applications,
Internetworking,
Data Servers,
and Storage
Back-Office
Mainframes
and Servers
Sensors and Other Input/Output Devices
Corporate Network
Control Network
Gateway
Robotics
Human
Machine
Interface
PC-Based
Controllers
Motors,
Drives, and
Actuators
Programmable
Logic
Controllers
Office Applications,
Internetworking,
Data Servers,
and Storage
Back-Office
Mainframes
and Servers
Sensors
and Other
Input/Output
Devices
Corporate Network
Traditional Ethernet-Based
Control Network
Device-Level Network
Ethernet
Automation
Control
15. Logical Architecture
Built on Industry Standards
Enterprise Zone
DMZ
Manufacturing Zone
Cell/Area
Zone
Enterprise Network
Site Business Planning and
Logistics Network
Site Manufacturing Operations
and Control
Area Control
Basic Control
Process
Demilitarized Zone—
Shared Access
Level 5
Level 4
Level 3
Level 2
Level 1
Level 0
16. Converged Plantwide Ethernet
Network Architecture
Cell/Area Zone
Levels 0-2
Manufacturing
Zone
Level 3
Demilitarized
Zone
(DMZ)
Real-Time Control
<100ms Convergence
Multicast Traffic
Ease of Use
MFG Integration
Segmentation
Multi-Service Networks
Applications and Management
Security
Access Control
Threat Protection
Enterprise
Network
Levels 4-5
Gbps Link for
Failover
Detection
Firewall
(Active)
Firewall
(Standby)
FactoryTalk
Application
Servers
Cisco
ASA 5500
Cisco
Catalyst
Switch
Network Services
Cisco Catalyst
6800/4500
Cisco Cat. 3850
StackWise
Switch Stack
Patch Management
Terminal Services
Application Mirror
AV Server
Cell/Area #1
(Redundant Star Topology)
Drive
Controller
HMI Distributed I/O
Controller
DriveDrive
HMI
Distributed I/O
HMI
Cell/Area #2
(Ring Topology)
Cell/Area #3
(Bus/Star Topology)
Rockwell Automation
Stratix 8000
Layer 2 Access Switch
Controller
Enterprise/ IT Integration
Collaboration
Wireless
Application OptimizationWeb Apps DNS FTP
Internet
17. CPwE Industrial Network Security Framework
MCC
Enterprise Zone: Levels 4-5
Soft
Starter
I/O
Physical or Virtualized Servers
• Patch Management
• AV Server
• Application Mirror
• Remote Desktop Gateway Server
Level 0 - ProcessLevel 1 - Controller
Level 3 – Site Operations
Controller
Drive
Level 2 – Area Supervisory Control
FactoryTalk
Client
Controller
Industrial Demilitarized Zone (IDMZ)
Industrial Zone: Levels 0-3
Authentication, Authorization and Accounting (AAA)
LWAP
SSID
2.4 GHz
SSID
5 GHz
WGB
I/O
Active
Wireless LAN
Controller (WLC)
Standby
Core
Switches
Distribution
Switch Stack
Control System Engineers
Control System Engineers
in Collaboration with IT
Network Engineers
(Industrial IT)
IT Security Architects in
Collaboration with Control
Systems Engineers
Enterprise
Identity Services
External DMZ/
Firewall
Internet
IFW
Exemple de sécurisation niveau procédé
18. CPwE Industrial Network Security Framework
MCC
Enterprise Zone: Levels 4-5
Soft
Starter
I/O
Physical or Virtualized Servers
• Patch Management
• AV Server
• Application Mirror
• Remote Desktop Gateway Server
Level 0 - ProcessLevel 1 - Controller
Level 3 – Site Operations
Controller
Drive
Level 2 – Area Supervisory Control
FactoryTalk
Client
Controller
Industrial Demilitarized Zone (IDMZ)
Industrial Zone: Levels 0-3
Authentication, Authorization and Accounting (AAA)
LWAP
SSID
2.4 GHz
SSID
5 GHz
WGB
I/O
Active
Wireless LAN
Controller (WLC)
Standby
Core
Switches
Distribution
Switch Stack
Control System Engineers
Control System Engineers
in Collaboration with IT
Network Engineers
(Industrial IT)
IT Security Architects in
Collaboration with Control
Systems Engineers
Enterprise
Identity Services
External DMZ/
Firewall
Internet
IFW
Exemple d’acces à distance d’un entrepreneur
Martin T., Cossins Inc
Doit accéder usine Granby
19. CPwE Architectures
• Collection of Standalone Cisco Validated Design (CVD) Guides
CPwE
REP CVD
June 2014
CPwE
WLAN CVD
Nov. 2014
CPwE
IDMZ CVD
July 2015
CPwE
Resiliency
June 2016
CPwE CVD
Baseline
CPwE
NAT CVD
June 2015
CPwE
ISE CVD
July 2015
CPwE
Migration
Jan. 2016
CPwE
VPN CVD
March 2016
CPwE
Industrial
Firewall
August 2016
CPwE
Loc. Serv.
White paper
CPwE
Resiliency
Dec. 2015
Design Zone manufacturing – Modular CVD’s
http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-
manufacturing/landing_ettf.html
21. Most IoT data is not used currently. For
example, only
1 percent of data from an oil
rig with 30,000 sensors is examined. The
data that
is used today is mostly
for anomaly detection and
control, not optimization and prediction,
which provide
the greatest value.
22. Leveraging Machine Generated Data and Networking
for Business Benefit
IoT Environments Need to Process and Analyze Data
Locally
23. In Many Cases, Data Issues Must be Handled
“In the Network” to Meet the Requirements
Hence…
Distributed Data Processing [across the] Network Fabric
24. The Case for Edge and Fog Computing
1. There’s too much data, so it has to be filtered,
aggregated, batched, etc.
2. Some of the consumers of the data are distributed.
3. The data is in the wrong format.
4. You want to analyze the data as soon as possible.
5. The data needs to be time stamped for time series
analysis or for compliance reasons.
6. You have thousands of devices, and it’s too
complicated for a single application in the cloud
to talk to them individually.
25. General Patterns
Data CenterEdge Processing Aggregation NodeOil Rig
Data Data Data
Local Feedback Data CenterFactory Device
Data Data
CloudIoT Device
2 Tier
3 Tier
4 Tier
Data
26. IoT Requires Distributed Computing
ENDPOINT
DATACENTER/CLOUD
FOG
App
App App App App
IoT Compute Model
(Local control loops, Data Volume, Security, Resiliency, Latency, Scale)
BYOI: Bring Your Own Interface
(Legacy interfaces, Industry-specific interfaces,
Partner-proprietary interfaces)
WiHart Zigbee PLC 802.15.4 Other
Domain Specific
Interfaces
27. Architecture FOG - IoX
Routers / Switches at the edge
App
Hosting
App Lifecycle
Management
App
Monitoring
App
Monitoring
Local Manager
Customer-built
App
Cisco-built
App
Partner-built
App
App Packaging
SDK
App Lifecycle App Management
Fog Director
IOx Services
(Alpha*)
Applications
(LXC*, PaaS, VM)
Network
(IOS)
IOx
28. Why is this Unique?
Bring Analytics to the Data
DATA DATA
Fog NodeEdge Node
DATA
AnalyticsIoT Devices
IoT Devices Analytics
DATA
Distributed Analytics
(Distributed, High Volume, Time Critical, Regulated)
Cloud Based Analytics
(Centralized, Low Volume, Non Perishable, Non Regulated)
Analytics Analytics