Watch the Recording: https://info.safetychain.com/untangle-digitization-knots
In this presentation, you will see examples of how even the smallest wrong decision about connecting your facility could morph into compounding issues for a digitization initiative. You will also see what steps to take upfront to ensure a successful project – and prevent you from spending tens of thousands of dollars in fixes later on.
Plant Leaders, Operations, and Engineering Professionals will learn:
• What to plan for before working with an OEM, Integrator, MSP, or internal resources to help future-proof your manufacturing network
• Best practices for clearly communicating expectations with project stakeholders, and implementation teams
• Simple steps to save you from costly scope creep and an unsuccessful implementation
Presented by Arthur Laszczewski, VP of Operations at Mode40
Capitol Tech U Doctoral Presentation - April 2024.pptx
Untangling the Knots in Your Digitization Implementation
1. BEYOND COMPLIANCE
Beyond Compliance
Webinar & Podcast Series for Process Manufacturers
Untangling the Knots in
Your Digitization Implementation
Arthur Laszczewski
VP, Operations
2. BEYOND COMPLIANCE
Ensure Quality and
Compliance
Maximize Throughput
and Yield
Optimize Labor and
Productivity
DIGITAL PLANT MANAGEMENT
PLATFORM
hello!
This session is brought to you by
3. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Meet Today’s Speaker
Arthur Laszczewski
VP, Operations
Arthur has held leadership roles in engineering,
client success, and smart manufacturing solutions
for over 12 years.
In 2022, he was named to Control Engineering’s
"Engineering Leader Under 40" List, and today Arthur
is helping manufacturers see realistic ROI and
predictable outcomes through automation, secure
connectivity, and machine safety.
5. BEYOND COMPLIANCE
BEYOND COMPLIANCE
So What We’re Talking About Today?
How do I connect these things?
What do I need to think about?
How do I future proof this?
What are the pitfalls?
7. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Common phrases and misconceptions around networking that lead to big
problems later:
• I don’t have a manufacturing network
• We don’t have an IT person
• It’s not a problem for us yet
• We don’t have budget to spend on networking
• We have “a guy” that handles it
• I don’t know anything about networking, but it all seems to work fine
This presentation focuses on extremely simple things you can do to ensure you
future proof your systems and save $100k+ in the future.
– OK!
– perfect!
– exactly!
– it’s free! (mostly)
– awesome!
– it’s easy!
Automation
9. BEYOND COMPLIANCE
What does a typical
manufacturing network
consist of?
Electrical cabinet for
a machine on the
manufacturing floor
PLC HMI
Networked Devices
Network Switch
Secondary electrical
cabinet for a machine
on the manufacturing
floor
Networked Devices
HMI
Network Switch
SCADA Computer
Cloud
11. BEYOND COMPLIANCE
How can a manufacturing
network be architected?
Network
Segment
Network
Segment
Network
Segment
Network
Segment
Packaging
Line 1
Process
Line 1
Process
Line 2
Utilities or
BMS
Cloud
12. BEYOND COMPLIANCE
How can a manufacturing
network be architected?
Network
Segment
Network
Segment
Network
Segment
Network
Segment
Cloud
Assuming you don’t have this yet – or maybe any networks
Packaging
Line 1
Process
Line 1
Process
Line 2
Utilities or
BMS
14. BEYOND COMPLIANCE
BEYOND COMPLIANCE
What are some common digital initiatives?
OEE
Production
Planning
Quality
Tracking
MES
ERP
Integration
IoT Data Analytics
Many
others
16. BEYOND COMPLIANCE
BEYOND COMPLIANCE
RECAP: What we have established and some assumptions
● Already digitizing, or will want to digitize manufacturing in the future
● We have no networks, or maybe some networks that communicate
between machines
● We will want to exchange data with machines
● We don’t have an OT network team (maybe we have an IT team or IT MSP)
Automation
18. BEYOND COMPLIANCE
BEYOND COMPLIANCE
If the systems area is already installed:
● Don’t make the problem worse when making changes
● Gather existing documentation now and store it
If you’re going to turn on a digital initiative, making changes to your
systems, or install new systems
● Start following the good practices outlined ahead…
What do we need to future-proof our systems?
19. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Set Internal and External Requirements
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
20. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Requirements: Network Architecture
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
1. No point to point runs between control panels & field devices on
Primary OT Network
2. PLC Panel to I/O Panel is okay on I/O Sub-Networks
3. No point to point runs between I/O panels on Sub-Network, always
back to PLC panel (no daisy chaining)
4. Pull ethernet cabling to central switches (star network topology)
Do This:
Why?
1. Reduce network hops between devices communicating (daisy chains)
2. Laying physical cabling that conforms with future good practices
when upgrading network (such us Purdue)
3. Less infrastructure to change when upgrading network (central
switches vs distributed across all panels)
21. BEYOND COMPLIANCE
PLC
PLC Panel
Cloud
PLC
PLC Panel
I/O Panel
SCADA Computer
Central OT or IT Cabinet
No point-to-point runs between control panels
& field devices on Primary OT Network
22. BEYOND COMPLIANCE
PLC
PLC Panel
Cloud
PLC
PLC Panel
I/O Panel
SCADA Computer
Central OT or IT Cabinet
No point-to-point runs between control panels
& field devices on Primary OT Network
PLC Panel to I/O Panel is good No PLC in Panel
24. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Requirements: Segmentation
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
1. Nice to have (some will argue)
2. I/O belonging to PLC is segmented from the main network
3. Install PLCs with 2 network adapters
Do This:
Why?
1. Reduces network traffic (IO traffic only communicates with PLC)
2. I/O is usually programmed through the PLC anyways
3. Even if it’s programmed directly, it’s usually only programmed when
the machine is installed
4. I/O is usually not a direct data source (data is usually pulled from PLC)
25. BEYOND COMPLIANCE
PLC
PLC Panel
Cloud
I/O Panel
Central OT or IT Cabinet
I/O belonging to PLC is segmented from the main network.
No PLC in Panel
PLC
PLC Panel SCADA Computer
Remote OT Panel
Install PLCs with 2 network adapters.
26. BEYOND COMPLIANCE
PLC x2 adapters
Cloud
Central OT or IT Cabinet
I/O belonging to PLC is segmented from the main network.
No PLC in Panel
Remote OT Panel
Install PLCs with 2 network adapters.
27. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Requirements: IP Addressing
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
1. Create a standard for OT Network IP addressing within the facility
2. Basically a Master Excel spreadsheet that gets filled in
3. All installed devices are assigned an IP Addresses from this sheet
NO EXCEPTIONS
4. Create Primary OT Network, and unique Subnets for IO networks
(Segment)
Do This:
Why?
1. Provides a master log for all IP addressing
2. IP address is requirement to communicate with devices
(troubleshooting, making changes, adding to network, etc.)
3. Reduces risk of duplicate IP addresses and potential downtime
4. Future proofs network so that everything can communicate
28. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Requirements: IP Addressing
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
● Designate a Primary OT Network IP Subnet that all data sources
(such as PLCs, HMIs, etc.) communicate across
High level overview of setting IP Addressing
● Private subnets as defined by IETF & IANA
○ 10.x.x.y (if you’re unsure, use this)
○ 192.168.x.y
○ 172.16.x.y (slightly more complicated)
○ Where x is between 0-255
● Easy example = 10.0.0.y (for Primary OT Network IP Subnet)
○ Where y is the unique address for a device, between 2-254
● Example for other I/O subnets:
○ 10.0.1.y
○ 10.1.1.y
○ 10.30.0.y
○ Etc.
29. BEYOND COMPLIANCE
Central OT or IT Cabinet
No PLC in Panel
Remote OT Panel
PLC
PLC Panel
SCADA Computer
PLC Network
Adapter #1
IP Addressing Convention
PLC Network
Adapter #2
Primary OT Network 10.0.0.x
30. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Track it in a spreadsheet
All IP Addresses in subnet 10.0.0.y – where y is between 2-254
IP Addressing Standard
Note: y=1 is always reserved for default gateway, more on this later
38. BEYOND COMPLIANCE
Central OT or IT Cabinet
No PLC in Panel
Remote OT Panel
PLC
PLC Panel
SCADA Computer
PLC Network
Adapter #1
IP Addressing Convention
PLC Network
Adapter #2
Primary OT Network 10.0.0.x Line #1 Process PLC IO 10.0.5.x
39. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Create new tab for new IO subnets (example below, 10.0.5.y)
All IP Addresses in subnet 10.0.5.y – where y is between 2-254
IP Addressing Standard
Ask installer if they have “I/O Subnets” on system, if yes, assign them a new range
40. BEYOND COMPLIANCE
Central OT or IT Cabinet
No PLC in Panel
Remote OT Panel
PLC
PLC Panel
SCADA Computer
PLC Network
Adapter #1
IP Addressing Convention
PLC Network
Adapter #2
Primary OT Network 10.0.0.x Line #1 Process PLC IO 10.0.5.x
41. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Requirements: Device Configuration
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
1. Simple: All installed devices are configured with their assigned IP
address from the spreadsheet, and use the reserved default
gateway subnet they’re on (even if the gateway doesn’t exist)
Do This:
Why?
1. Future proofing for expanded and more complicated network
architectures as your facility grows
2. Allows for routing across different subnets
42. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Tell the installer to setup the default gateway to x.x.x.1 on the subnet
Device Configuration
For example: Device at 10.0.0.3 is assigned a Default Gateway of 10.0.0.1
43. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Requirements: Physical Location
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
1. Super Simple: Update existing / new plant layout drawings with
panel numbers → make sure spreadsheet uses the same panel
numbering scheme in “Location” column
Do This:
Why?
1. Knowing where your assets are that contain valuable data is
important
2. Inverse: Knowing how to find information about your asset when
you see it physically on the floor is also important
45. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Requirements: Machine Reqs
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
1. Interface Requirements (when ordering equipment)
○ Machine has interface to access data via Ethernet (converters okay)
○ Data is open and accessible through common industrial protocols
without proprietary software
Do This:
Why?
1. Ethernet interfaces are required to pull data and integrate with other systems
2. Code is required to access the data from the machines you paid for
3. Getting code later is sometimes impossible
2. Code Backups
○ Not exactly networking, but important to access data
○ Installers, OEMs, Integrators must provide as-built backups for all
machines and device (PLCs, HMIs, servers, applications, etc.)
○ Must provide new backups anytime a change is made
47. BEYOND COMPLIANCE
One Page Cheat-Sheet
Item Standard Requirement Cost
Network Architecture
Create an internal and external requirement for projects:
• All panels (e.g. PLC panels) and standalone devices (e.g. computers) on Primary OT
network need to be wired back to OT or IT cabinet, no daisy chaining between panels
• All I/O panels need to be wired back to a PLC panel, no daisy chaining between I/O
Panels
New network cabinet / panel
with switch + wiring
Segmentation Segment I/O onto separate networks outside of Primary OT network
Potentially an extra
communication card
IP Addressing Create spreadsheet and mandate all devices are logged Free
Device Configuration Configure devices as per spreadsheet and set default gateway to x.x.x.1 of the subnet Free
Physical Location Add Panel Names to layout drawings and IP Address spreadsheet Updating site layout drawing
Machine Requirements
Interface – should have some way to pull data through common industrial protocol Usually Free (Sometimes Option)
Get latest code changes before installers leave site Free
49. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Common Request
OEE
Production
Planning
Quality
Tracking
MES
ERP
Integration
IoT Data Analytics
Many
others
● I have machines and want to do a digitization initiative
● There are 5 pieces of equipment I want data from
● I’m going to ask someone internal, or a contractor, to get this for me
51. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Standard Exists:
● Can identify devices from layout drawing to master spreadsheet
● Can find all information about the device
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
Standard Doesn’t Exist:
● Need to physically inspect panels on-site
● Don’t know what network it’s a part of
● Part Number not always visible – may need to shut off system and take things apart
● May need to talk to installer or OEM to get more information
● Can delay project by weeks and require additional on-site investigation
Step 1: Identify machines and find PLC controllers of the machines
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
52. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Standard Exists:
● PLC code is available and can be reviewed
● Machine was ordered with common industrial interface, data can be
collected, and accessible through any industrial software
Standard Doesn’t Exist:
● May find out that machine was not installed with data interface
● May be impossible to retrofit interface – may need new sensors and data
collection methods –> expense
● Need to physically go to panel and attempt to pull code from PLC
● Code may not be commented and impossible to interpret
● May need to talk to installer or OEM to get more information
● May need to buy special software from OEM/vendor
● Can delay project by weeks, require additional on-site investigation, and
additional sensors / hardware / software to collect data
Step 2: Need to establish feasibility of pulling the required data
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
53. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Standard Exists:
● All PLC are connected to singular Primary OT network
● Server is installed and connected to Primary OT network cabinet
Standard Doesn’t Exist:
● Many possibilities on next steps:
● Need to map out facility to understand interconnections
● May need to install new conduit and network hardware
● May not be feasible from a financial standpoint
● May need to install and refit wireless solutions
● Solution will likely require someone extremely knowledgeable with networking to
architect a solution
● Potential timeline delay: weeks to months
Step 3: Need to deploy server to collect data and connect to machinery
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
54. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Standard Exists:
● PLC IP address are known and can be easily setup
● Can avoid duplicating IP addresses and potential downtime
● Default gateway is configured on PLC and more complex network
routing can be enabled (if required)
Standard Doesn’t Exist:
● Network scans need to be performed to identify IP addresses or need to get
information from installer/OEM
● May not have any idea how to connect to existing networks to start scanning process
● Potential duplicate IP address risks
● Default gateways need to be configured or changed - downtime
● May need NAT devices to translate IP address subnets
● May need to redo IP addressing schema – large amount of work
Step 4: Need to connect server to machinery from a software standpoint
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
55. BEYOND COMPLIANCE
BEYOND COMPLIANCE
Standard Exists:
● Existing I/O IP address are known and can be easily setup
● Can avoid duplicating IP addresses and potential downtime
● Adding device to I/O network is trivial – network traffic is segmented –
isolated network that won’t affect other systems
Standard Doesn’t Exist:
● Network scans need to be performed to identify IP addresses or need to get
information from installer/OEM
● Adding process level devices to unknown network – network stability can be low,
unknown troubleshooting steps, may exacerbate underlying issues
● Potential duplicate IP address risks
Step 5 (hypothetical): Need additional I/O for key performance data
Network Architecture
Segmentation
IP Addressing
Device Configuration
Physical Location
Machine Reqs
57. BEYOND COMPLIANCE
BEYOND COMPLIANCE
• This is not an exhaustive list of all good practices
• Goal is to layout steps for a company without an OT expert to set
themselves up for the future
• Taking these steps sets up foundational components of your physical
network infrastructure – conduits / physical topology
• Taking these steps sets up your logical topology for edge devices – IP
addresses, interconnection, etc.
• More steps are required to get to the “perfect” setup (whatever that means
for you) – but this can reduce up to 90% of costs associated with
retrofitting and overall cost of ownership.
Conclusion