L'Internet des objets (IDO)

Johan Arens - Conseiller, ingénierie de réseaux //CCIE#29341, CCNP Voice, CCDP
7 décembre 2016
Cisco Connect Montréal 2016
L’Internet des objets (IDO) dans
le secteur manufacturier

Équipe CCiQ Cisco au Québec
Etienne Simard Sylvain Denoncourt Johan Arens

• Vision de Cisco
• Réalité du monde manufacturier
• Architecture et Sécurité
• Edge Computing
• Conclusion
• Questions / Réponses
Agenda

“L’Internet des objets est une façon
intelligente de connecter des
équipements physiques pour aller
extraire des améliorations substancielles
dans notre efficacité, croissance d’affaire
et amélioration de la qualité de vie.”
Qu’est-ce que l’Internet des objets ?

Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converging Digital Disruptions
The Nexus of Forces
IoT = $1.9 Trillion
in 2020
The 3rd Platform
$462 Billion in
2013 (22% of total
ICT spending)
The Industrial Internet
$10 Trillion to $15
Trillion Over Next
20 Years

Cisco Calls It The Internet of Everything (IoE)
Interconnexion des personnes, procédés, données et des objets
People
Connecting People in More Relevant,
Valuable Ways
Process
Delivering the Right Information
to the Right Person (or Machine)
at the Right Time
Data
Leveraging Data into
More Useful Information for Decision
Making
Things
Physical Devices and Objects Connected
to the Internet and
Each Other for Intelligent
Decision Making
IoE

7.26.8 7.6
IoT Is Here Now – and Growing!
Rapid Adoption
Rate of Digital
Infrastructure:
5X Faster Than
Electricity and
Telephony
50 Billion
“Smart Objects”
50
2010 2015 2020
0
40
30
20
10
BILLIONSOFDEVICES
25
12.5
Inflection
Point
TIMELINE
Source: Cisco IBSG, 2011
World
Population
The New Essential Infrastructure

The World Generates More Than 2 Exabytes of Data Every Day
Connected Objects Generate Big Data
3/4 millions smart meters in Quebec
90 millions data points > 2 TB / month !
10TB of data for every 30 minutes of flight
With >25,000 flights per day, petabytes daily
A large offshore field produces 0.75TB of data weekly
A large refinery generates 1TB of raw data per day
A single consumer packaged good manufacturing machine generates 13B
data samples per day

Opérations en silos
Pas de choix technologiques communs
Dépendance des OEM ou fabricants de lignes
Réalité du monde manufacturier

Musée des systèmes d’exploitation
Usines installées proche des matières premières
Centralisation des centres de données
Production sur demande
Faire plus avec moins

Relations tendues entre IT et OT
CIA AIC
Availability
Integrity
Confidentiality
Confidentiality
Integrity
Availability

Relations tendues entre IT et OT
Marc, OT
Bernard, IT
Bernard, J’ai besoin d’un
adresse IP pour
remonter ma drive que
je viens de la remplacer.
Ma motion ne marche
plus !
Ah ! Il a des SAN lui
sur son plancher ?
Marc, donc pour bien
comprendre tu as
besoin de remonter ton
SAN pour pouvoir
bouger des VM d’un
SAN à un autre ?

Besoin d’un plan directeur et
d’une architecture !

Changing Industrial Automation Networks
Ethernet and IP Provide Foundation for Manufacturing 2.0 Initiatives
Robotics
Human
Machine
Interface PC-Based
Controllers
Motors,
Drives, and
Actuators
Programmable
Logic Controllers
Office Applications,
Internetworking,
Data Servers,
and Storage
Back-Office
Mainframes
and Servers
Sensors and Other Input/Output Devices
Corporate Network
Control Network
Gateway
Robotics
Human
Machine
Interface
PC-Based
Controllers
Motors,
Drives, and
Actuators
Programmable
Logic
Controllers
Office Applications,
Internetworking,
Data Servers,
and Storage
Back-Office
Mainframes
and Servers
Sensors
and Other
Input/Output
Devices
Corporate Network
Traditional Ethernet-Based
Control Network
Device-Level Network
Ethernet
Automation
Control

Logical Architecture
Built on Industry Standards
Enterprise Zone
DMZ
Manufacturing Zone
Cell/Area
Zone
Enterprise Network
Site Business Planning and
Logistics Network
Site Manufacturing Operations
and Control
Area Control
Basic Control
Process
Demilitarized Zone—
Shared Access
Level 5
Level 4
Level 3
Level 2
Level 1
Level 0

Converged Plantwide Ethernet
Network Architecture
Cell/Area Zone
Levels 0-2
Manufacturing
Zone
Level 3
Demilitarized
Zone
(DMZ)
Real-Time Control
<100ms Convergence
Multicast Traffic
Ease of Use
MFG Integration
Segmentation
Multi-Service Networks
Applications and Management
Security
Access Control
Threat Protection
Enterprise
Network
Levels 4-5
Gbps Link for
Failover
Detection
Firewall
(Active)
Firewall
(Standby)
FactoryTalk
Application
Servers
Cisco
ASA 5500
Cisco
Catalyst
Switch
Network Services
Cisco Catalyst
6800/4500
Cisco Cat. 3850
StackWise
Switch Stack
Patch Management
Terminal Services
Application Mirror
AV Server
Cell/Area #1
(Redundant Star Topology)
Drive
Controller
HMI Distributed I/O
Controller
DriveDrive
HMI
Distributed I/O
HMI
Cell/Area #2
(Ring Topology)
Cell/Area #3
(Bus/Star Topology)
Rockwell Automation
Stratix 8000
Layer 2 Access Switch
Controller
Enterprise/ IT Integration
Collaboration
Wireless
Application OptimizationWeb Apps DNS FTP
Internet

CPwE Industrial Network Security Framework
MCC
Enterprise Zone: Levels 4-5
Soft
Starter
I/O
Physical or Virtualized Servers
• Patch Management
• AV Server
• Application Mirror
• Remote Desktop Gateway Server
Level 0 - ProcessLevel 1 - Controller
Level 3 – Site Operations
Controller
Drive
Level 2 – Area Supervisory Control
FactoryTalk
Client
Controller
Industrial Demilitarized Zone (IDMZ)
Industrial Zone: Levels 0-3
Authentication, Authorization and Accounting (AAA)
LWAP
SSID
2.4 GHz
SSID
5 GHz
WGB
I/O
Active
Wireless LAN
Controller (WLC)
Standby
Core
Switches
Distribution
Switch Stack
Control System Engineers
in Collaboration with IT
Network Engineers
(Industrial IT)
IT Security Architects in
Collaboration with Control
Systems Engineers
Enterprise
Identity Services
External DMZ/
Firewall
Internet
IFW
Exemple de sécurisation niveau procédé

CPwE Industrial Network Security Framework
MCC
Enterprise Zone: Levels 4-5
Soft
Starter
I/O
Physical or Virtualized Servers
• Patch Management
• AV Server
• Application Mirror
• Remote Desktop Gateway Server
Level 0 - ProcessLevel 1 - Controller
Level 3 – Site Operations
Controller
Drive
Level 2 – Area Supervisory Control
FactoryTalk
Client
Controller
Industrial Demilitarized Zone (IDMZ)
Industrial Zone: Levels 0-3
Authentication, Authorization and Accounting (AAA)
LWAP
SSID
2.4 GHz
SSID
5 GHz
WGB
I/O
Active
Wireless LAN
Controller (WLC)
Standby
Core
Switches
Distribution
Switch Stack
in Collaboration with IT
Network Engineers
(Industrial IT)
IT Security Architects in
Collaboration with Control
Systems Engineers
Enterprise
Identity Services
External DMZ/
Firewall
Internet
IFW
Exemple d’acces à distance d’un entrepreneur
Martin T., Cossins Inc
Doit accéder usine Granby

CPwE Architectures
• Collection of Standalone Cisco Validated Design (CVD) Guides
CPwE
REP CVD
June 2014
CPwE
WLAN CVD
Nov. 2014
CPwE
IDMZ CVD
July 2015
CPwE
Resiliency
June 2016
CPwE CVD
Baseline
CPwE
NAT CVD
June 2015
CPwE
ISE CVD
July 2015
CPwE
Migration
Jan. 2016
CPwE
VPN CVD
March 2016
CPwE
Industrial
Firewall
August 2016
CPwE
Loc. Serv.
White paper
CPwE
Resiliency
Dec. 2015
Design Zone manufacturing – Modular CVD’s
http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-
manufacturing/landing_ettf.html

Most IoT data is not used currently. For
example, only
1 percent of data from an oil
rig with 30,000 sensors is examined. The
data that
is used today is mostly
for anomaly detection and
control, not optimization and prediction,
which provide
the greatest value.

Leveraging Machine Generated Data and Networking
for Business Benefit
IoT Environments Need to Process and Analyze Data
Locally

In Many Cases, Data Issues Must be Handled
“In the Network” to Meet the Requirements
Hence…
Distributed Data Processing [across the] Network Fabric

The Case for Edge and Fog Computing
1. There’s too much data, so it has to be filtered,
aggregated, batched, etc.
2. Some of the consumers of the data are distributed.
3. The data is in the wrong format.
4. You want to analyze the data as soon as possible.
5. The data needs to be time stamped for time series
analysis or for compliance reasons.
6. You have thousands of devices, and it’s too
complicated for a single application in the cloud
to talk to them individually.

General Patterns
Data CenterEdge Processing Aggregation NodeOil Rig
Data Data Data
Local Feedback Data CenterFactory Device
Data Data
CloudIoT Device
2 Tier
3 Tier
4 Tier
Data

IoT Requires Distributed Computing
ENDPOINT
DATACENTER/CLOUD
FOG
App
App App App App
IoT Compute Model
(Local control loops, Data Volume, Security, Resiliency, Latency, Scale)
BYOI: Bring Your Own Interface
(Legacy interfaces, Industry-specific interfaces,
Partner-proprietary interfaces)
WiHart Zigbee PLC 802.15.4 Other
Domain Specific
Interfaces

Architecture FOG - IoX
Routers / Switches at the edge
App
Hosting
App Lifecycle
Management
App
Monitoring
App
Monitoring
Local Manager
Customer-built
App
Cisco-built
App
Partner-built
App
App Packaging
SDK
App Lifecycle App Management
Fog Director
IOx Services
(Alpha*)
Applications
(LXC*, PaaS, VM)
Network
(IOS)
IOx

Why is this Unique?
Bring Analytics to the Data
DATA DATA
Fog NodeEdge Node
DATA
AnalyticsIoT Devices
IoT Devices Analytics
DATA
Distributed Analytics
(Distributed, High Volume, Time Critical, Regulated)
Cloud Based Analytics
(Centralized, Low Volume, Non Perishable, Non Regulated)
Analytics Analytics

• Vision IoE de Cisco
• Défis du monde manufacturier
• Sécurité
• Edge Computing (Fog)

L'Internet des objets (IDO)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to L'Internet des objets (IDO)

Similar to L'Internet des objets (IDO) (20)

More from Cisco Canada

More from Cisco Canada (20)

Recently uploaded

Recently uploaded (20)

L'Internet des objets (IDO)