You are on page 1of 17

Secure Industrial Networks for Critical Applications

September 2011

The RAD Group


The Access Company Hi-end Adapters for Servers Network Test Solutions Video Conference Solutions over IP Wireless Mobile Backhaul

2010 Sales = $1 Billion


Group Distributor

Main applications: Telecom - Fixed & Mobile Utilities & Transportation Government & Enterprise About 4,000 Employees

Integrated Application Delivery

Secure Industrial Communication Solutions

Sub-6GHz Wireless Backhaul

Mobile TV Transmitters

Wireless USB Chipset Solutions

CWDM and DWDM Solutions

iSCSI SAN Solutions

-2-

Copyright 2011, RADiFlow Ltd.

Industrial Ethernet
Infrastructure utilities migrate to Ethernet networks On-line monitoring and control Remote access for operation and maintenance Dedicated Industrial switches are required Harsh environmental conditions Strict network resiliency and high reliability Cyber security aspects are also critical Legacy devices and protocols lack security mechanisms Network widely distributed in unmanned sites
Open Connectivity Critical Applications

Non-Secure Applications

-3-

Copyright 2011, RADiFlow Ltd.

The RADiFlow value proposition


Service Management Secure Access Multiservice Service Validation Ruggedized System

Operational Simplicity

Defense-in-depth solution

Resilient Network

Solid infrastructure

Enabling the introduction of Ethernet as the Secure infrastructure for Critical Industrial applications
-4 Copyright 2011, RADiFlow Ltd.

Portfolio Overview
Industrial design Modular DIN rail switches (3/7 I/O slots) or Compact system Harsh environment - IP30, - 40 +75C, IEC 61850-3 EM I ETH or RS-232/RS-485 serial interface modules Networking Advanced Ethernet switching and IP routing functionality Serial Tunneling or Service translation Multi-Service network modems xDSL, Cellular Integrated security mechanisms MAC/IP filtering per port Distributed app-aware firewall Remote access and Inter-site connectivity iSIM An intuitive Network management tool Topology planning and Service provisioning Network diagnostics Integration with the RADView EMS
-5 Copyright 2011, RADiFlow Ltd.

3080

3300

3700

iSIM Service-aware Network Management


End-to-End provisioning
Network topology map Service provisioning Security matrix & App-aware rules

O&M tools
Fault reports & Logs Network-wide maintenance operations Network utilization monitoring

General
Client/Server License per switch RADView integration

-6-

Copyright 2011, RADiFlow Ltd.

Applications Utility
Smart-Grid distribution Sub-station LAN Green energy control

Transportation
Metro Subway network Large-scale Railway Highway traffic control
Copyright 2011, RADiFlow Ltd.

Power Networks
Primary sub-stations migrate to packet backbone
Transmission sub-stations migrate to MPLS over fiber Distribution sub-stations migrate to MPLS or ETH over various physical links Sub-station LANs are built using IEC61850 concept SDH/PDH networks are still used for Tele-Protection services

New secondary sub-station in MV/LV transformation sites


Requires setup of a new network

-8-

Copyright 2011, RADiFlow Ltd.

Migration to IP-based SCADA to sub-stationsSmart Grid applications


Control Center Sub-Station

Connectivity of sub-station devices to new IP-based SCADA


Serial to ETH protocol gateway Per-site firewall for industrial automation protocols (IEC104, IEC61850, Modbus) Secure terminal server for maintenance sessions Encrypted tunnels when using wireless links
-9 Copyright 2011, RADiFlow Ltd.

Electricity Transmission Network


Sub-station LAN with IEC61850 services Variety of services for WAN connectivity Sub-station control over IEC104 IEC61850 station bus Serial and Ethernet IEDs Auxiliary serial devices Critical services remain over SDH Tele-Protection Hot line Critical WAN services require security Legacy device require migration gateway RADiFlow switch ideal for sub-station LAN with secure WAN connectivity
-10Tele-protection IEDs Hot Line Serial Data

RTUs

C37.94 64 kbps

SDH Mux

Sub-Station

SDH or MPLS

Copyright 2011, RADiFlow Ltd.

Metro subway control network


Metro subway control applications require communication with smart devices in each station Ethernet access switches connected to IP/MPLS backbone using VLANs as service ID Mixture of Ethernet, Serial & Discrete devices with secure access using a distributed ModBus firewall Secure mobile access from trains to control center using distributed device authentication methods

IP/MPLS backbone

RADiFlow switches build a secure subway network


-11 Copyright 2011, RADiFlow Ltd.

Large scale transportation control network


Large-scale transportation control applications require communication with smart devices along the route Variety of inter-site links Ethernet access sub-nets with IP/MPLS backbone Mixture of Ethernet, Serial & Discrete devices Secure access to the critical services using mainly ModbBus protocol
ETH Ring (over Fiber & Copper)

IP/MPLS backbone

ETH Ring

RADiFlow switches ideal for transportation access rings


-12 Copyright 2011, RADiFlow Ltd.

Multiservice transport
Utility networks often dont have an all-fiber coverage RADiFlow switches support alternative transport technologies:
GPRS/UMTS Cellular coverage via 2 operators SHDSL over private copper lines

Used with integrated security mechanisms


Internet
Fiber Fiber Ethernet Ring over Mixed medias

Private ETH Network

Private ETH Network

SHDSL

-13-

Copyright 2011, RADiFlow Ltd.

Legacy migration RADiFlow value-add


Integrated serial interfaces in switches with 2 operation modes
Tunneling between serial segments Multipoint support Controlled assembly buffering latency Service-aware security for serial tunnels Gateway connecting serial devices to matching Ethernet devices Currently supports Modbus, IEC101/104

RS-232/RS-485 link Ethernet link Serial Tunnel Gateway service

-14-

Copyright 2011, RADiFlow Ltd.

Resilient cellular connection to remote sites


GPRS/UMTS support Link resiliency using 2 SIM cards with continuous check of operator link quality Remote site connection using Hub & Spoke GRE tunnels NHRP used for resolution of dynamic IP addresses assigned to cellular clients Link security using integrated security mechanisms
Primary SIM
ACTIVE

INTERNET

Cell site ISP #1


OFF

NAT router Cell site ISP #2

Secondary SIM

-15-

Copyright 2011, RADiFlow Ltd.

Distributed firewall integrated in network switches


RADiFlow offers an industrial Ethernet switch with integrated serviceaware firewall applied at each interface
Distributed service-aware firewall deployment Efficient deployment as part of the Ethernet network Easy provisioning using dedicated service-management tool
Control Center HMI Engineering Station

Controller1 Dev1.1 Dev1.2 Facility1


Ethernet & IP Header Protocol Header Function Code

Controller2 Dev2.1 Dev2.2 Facility2


Function Parameters

-16-

Copyright 2011, RADiFlow Ltd.

Summary
Modern critical infrastructure deployments use Ethernet Intra-network security is mandatory RADiFlow Service-aware Industrial Ethernet solution Unique distributed service-aware firewall by the network Integrated defense-in-depth tool-set Optimize CapEx and OpEx For more details: info@radiflow.com www.radiflow.com
-17 Copyright 2011, RADiFlow Ltd.

You might also like