Johan Arens - Conseiller, ingénierie de réseaux //CCIE#29341, CCNP Voice, CCDP 7 décembre 2016

Cisco Connect Montréal 2016

L’Internet des objets (IDO) dansle secteur manufacturier

Équipe CCiQ Cisco au Québec

Etienne Simard Sylvain Denoncourt Johan Arens

• Vision de Cisco • Réalité du monde manufacturier• Architecture et Sécurité• Edge Computing • Conclusion• Questions / Réponses

Agenda

“L’Internet des objets est une façonintelligente de connecter des équipements physiques pour allerextraire des améliorations substanciellesdans notre efficacité, croissance d’affaireet amélioration de la qualité de vie.”

Qu’est-ce que l’Internet des objets ?

Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Converging Digital Disruptions

The Nexus of Forces

IoT = $1.9 Trillionin 2020

The 3rd Platform

$462 Billion in 2013 (22% of total

ICT spending)

The Industrial Internet

$10 Trillion to $15 Trillion Over Next

20 Years

Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Calls It The Internet of Everything (IoE)

Interconnexion des personnes, procédés, données et des objets

PeopleConnecting People in More Relevant,

Valuable Ways

ProcessDelivering the Right Informationto the Right Person (or Machine) at the Right Time

DataLeveraging Data into

More Useful Information for Decision Making

ThingsPhysical Devices and Objects Connected to the Internet andEach Other for IntelligentDecision Making

IoE

Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.

7.26.8 7.6

IoT Is Here Now – and Growing!

Rapid Adoption Rate of Digital Infrastructure:5X Faster Than Electricity and Telephony

50 Billion“Smart Objects”

50

2010 2015 2020

0

40

30

20

10

BILL

ION

S O

F DE

VICE

S

25

12.5

InflectionPoint

TIMELINE

Source: Cisco IBSG, 2011

World Population

The New Essential Infrastructure

Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.The World Generates More Than 2 Exabytes of Data Every Day

Connected Objects Generate Big Data

3/4 millions smart meters in Quebec90 millions data points > 2 TB / month !

10TB of data for every 30 minutes of flightWith >25,000 flights per day, petabytes daily

A large offshore field produces 0.75TB of data weeklyA large refinery generates 1TB of raw data per day

A single consumer packaged good manufacturing machine generates 13Bdata samples per day

Opérations en silosPas de choix technologiques communsDépendance des OEM ou fabricants de lignes

Réalité du monde manufacturier

Musée des systèmes d’exploitationUsines installées proche des matières premièresCentralisation des centres de donnéesProduction sur demandeFaire plus avec moins

Réalité du monde manufacturier

Relations tendues entre IT et OT

Réalité du monde manufacturier

CIA AICAvailabilityIntegrityConfidentiality

ConfidentialityIntegrityAvailability

Relations tendues entre IT et OT

Réalité du monde manufacturier

Marc, OT Bernard, IT

Bernard, J’ai besoin d’un adresse IP pour remonter ma drive queje viens de la remplacer. Ma motion ne marcheplus !

Ah ! Il a des SAN lui

sur son plancher ?Marc, donc pour biencomprendre tu as besoin de remonter ton SAN pour pouvoirbouger des VM d’un SAN à un autre ?

Besoin d’un plan directeur et d’une architecture !

Changing Industrial Automation NetworksEthernet and IP Provide Foundation for Manufacturing 2.0 Initiatives

Robotics

Human MachineInterface PC-Based

Controllers

Motors, Drives, and Actuators

Programmable Logic Controllers

Office Applications, Internetworking, Data Servers, and Storage

Back-Office Mainframes and Servers

Sensors and Other Input/Output Devices

Corporate Network

Control NetworkGateway

RoboticsHuman Machine Interface

PC-BasedControllers

Motors, Drives, and Actuators

Programmable Logic Controllers

Office Applications, Internetworking, Data Servers, and Storage

Back-Office Mainframes and Servers

Sensors and Other Input/Output Devices

Corporate Network

Traditional Ethernet-Based

Control NetworkDevice-Level NetworkEthernet

Automation Control

Logical ArchitectureBuilt on Industry Standards

Enterprise Zone

DMZ

Manufacturing Zone

Cell/Area Zone

Enterprise Network

Site Business Planning and Logistics Network

Site Manufacturing Operations and Control

Area Control

Basic Control

Process

Demilitarized Zone—Shared Access

Level 5

Level 4

Level 3

Level 2

Level 1

Level 0

Converged Plantwide EthernetNetwork Architecture

Cell/Area ZoneLevels 0-2

Manufacturing ZoneLevel 3

DemilitarizedZone(DMZ)

Real-Time Control

<100ms Convergence

Multicast Traffic

Ease of Use

MFG Integration

Segmentation

Multi-Service Networks

Applications and Management Security

Access Control

Threat Protection

EnterpriseNetworkLevels 4-5

Gbps Link for Failover

DetectionFirewall(Active)

Firewall(Standby)

FactoryTalk Application

Servers

CiscoASA 5500

CiscoCatalyst Switch

Network Services

Cisco Catalyst6800/4500

Cisco Cat. 3850StackWiseSwitch Stack

Patch ManagementTerminal ServicesApplication MirrorAV Server

Cell/Area #1(Redundant Star Topology)

DriveController

HMI Distributed I/O

Controller

DriveDrive

HMI

Distributed I/O

HMI

Cell/Area #2(Ring Topology)

Cell/Area #3(Bus/Star Topology)

Rockwell AutomationStratix 8000

Layer 2 Access Switch

Controller

Enterprise/ IT IntegrationCollaborationWirelessApplication OptimizationWeb Apps DNS FTP

Internet

CPwE Industrial Network Security Framework

MCC

Enterprise Zone: Levels 4-5

Soft Starter

I/O

Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server

Level 0 - ProcessLevel 1 - Controller

Level 3 – Site Operations

Controller

Drive

Level 2 – Area Supervisory ControlFactoryTalk

Client

Controller

Industrial Demilitarized Zone (IDMZ)

Industrial Zone: Levels 0-3Authentication, Authorization and Accounting (AAA)

LWAP

SSID2.4 GHz

SSID5 GHz WGB

I/O

Active

Wireless LAN Controller (WLC)

Standby

CoreSwitches

DistributionSwitch Stack

Control System Engineers

Control System Engineers in Collaboration with IT

Network Engineers(Industrial IT)

IT Security Architects in Collaboration with Control

Systems Engineers

Enterprise

Identity Services

External DMZ/ Firewall

Internet

IFW

Exemple de sécurisation niveau procédé

CPwE Industrial Network Security Framework

MCC

Enterprise Zone: Levels 4-5

Soft Starter

I/O

Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server

Level 0 - ProcessLevel 1 - Controller

Level 3 – Site Operations

Controller

Drive

Level 2 – Area Supervisory ControlFactoryTalk

Client

Controller

Industrial Demilitarized Zone (IDMZ)

Industrial Zone: Levels 0-3Authentication, Authorization and Accounting (AAA)

LWAP

SSID2.4 GHz

SSID5 GHz WGB

I/O

Active

Wireless LAN Controller (WLC)

Standby

CoreSwitches

DistributionSwitch Stack

Control System Engineers

Control System Engineers in Collaboration with IT

Network Engineers(Industrial IT)

IT Security Architects in Collaboration with Control

Systems Engineers

Enterprise

Identity Services

External DMZ/ Firewall

Internet

IFW

Exemple d’acces à distance d’un entrepreneur

Martin T., Cossins IncDoit accéder usine Granby

CPwE Architectures• Collection of Standalone Cisco Validated Design (CVD) Guides

CPwEREP CVDJune 2014

CPwEWLAN CVDNov. 2014

CPwE IDMZ CVDJuly 2015

CPwE ResiliencyJune 2016

CPwE CVDBaseline

CPwE NAT CVDJune 2015

CPwE ISE CVDJuly 2015

CPwEMigrationJan. 2016

CPwEVPN CVDMarch 2016

CPwE Industrial FirewallAugust 2016

CPwE Loc. Serv.White paper

CPwEResiliencyDec. 2015

Design Zone manufacturing – Modular CVD’shttp://www.cisco.com/c/en/us/solutions/enterprise/design-zone-manufacturing/landing_ettf.html

Edge Computing

Most IoT data is not used currently. For example, only 1 percent of data from an oil rig with 30,000 sensors is examined. The data that is used today is mostly for anomaly detection and control, not optimization and prediction, which provide the greatest value.

Leveraging Machine Generated Data and Networkingfor Business Benefit

IoT Environments Need to Process and Analyze Data Locally

In Many Cases, Data Issues Must be Handled“In the Network” to Meet the Requirements

Hence…Distributed Data Processing [across the] Network Fabric

The Case for Edge and Fog Computing

1. There’s too much data, so it has to be filtered, aggregated, batched, etc.

2. Some of the consumers of the data are distributed.

3. The data is in the wrong format.

4. You want to analyze the data as soon as possible.

5. The data needs to be time stamped for time series analysis or for compliance reasons.

6. You have thousands of devices, and it’s too complicated for a single application in the cloud to talk to them individually.

General Patterns

Data CenterEdge Processing Aggregation NodeOil Rig

Data Data Data

Local Feedback Data CenterFactory Device

Data Data

CloudIoT Device

2 Tier

3 Tier

4 Tier

Data

IoT Requires Distributed Computing

ENDPOINT

DATACENTER/CLOUD

FOG

App

App App App App

IoT Compute Model(Local control loops, Data Volume, Security, Resiliency, Latency, Scale)

BYOI: Bring Your Own Interface(Legacy interfaces, Industry-specific interfaces,

Partner-proprietary interfaces)WiHart Zigbee PLC 802.15.4 Other

Domain Specific Interfaces

Architecture FOG - IoX

Routers / Switches at the edge

AppHosting

App Lifecycle Management

AppMonitoring

AppMonitoring

Local Manager

Customer-built App

Cisco-built App

Partner-built App

App Packaging

SDKApp Lifecycle App Management

Fog Director

IOx Services(Alpha*)

Applications(LXC*, PaaS, VM)

Net

wor

k (IO

S)

IOx

Why is this Unique? Bring Analytics to the Data

DATA DATA

Fog NodeEdge Node

DATA

AnalyticsIoT Devices

IoT Devices Analytics

DATA

Distributed Analytics (Distributed, High Volume, Time Critical, Regulated)

Cloud Based Analytics (Centralized, Low Volume, Non Perishable, Non Regulated)

Analytics Analytics

Pour résumer…

• Vision IoE de Cisco • Défis du monde manufacturier• Sécurité• Edge Computing (Fog)

Merci !