l'internet des objets (ido)
Post on 08-Jan-2017
55 Views
Preview:
TRANSCRIPT
Johan Arens - Conseiller, ingénierie de réseaux //CCIE#29341, CCNP Voice, CCDP 7 décembre 2016
Cisco Connect Montréal 2016
L’Internet des objets (IDO) dansle secteur manufacturier
Équipe CCiQ Cisco au Québec
Etienne Simard Sylvain Denoncourt Johan Arens
• Vision de Cisco • Réalité du monde manufacturier• Architecture et Sécurité• Edge Computing • Conclusion• Questions / Réponses
Agenda
“L’Internet des objets est une façonintelligente de connecter des équipements physiques pour allerextraire des améliorations substanciellesdans notre efficacité, croissance d’affaireet amélioration de la qualité de vie.”
Qu’est-ce que l’Internet des objets ?
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converging Digital Disruptions
The Nexus of Forces
IoT = $1.9 Trillionin 2020
The 3rd Platform
$462 Billion in 2013 (22% of total
ICT spending)
The Industrial Internet
$10 Trillion to $15 Trillion Over Next
20 Years
Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Calls It The Internet of Everything (IoE)
Interconnexion des personnes, procédés, données et des objets
PeopleConnecting People in More Relevant,
Valuable Ways
ProcessDelivering the Right Informationto the Right Person (or Machine) at the Right Time
DataLeveraging Data into
More Useful Information for Decision Making
ThingsPhysical Devices and Objects Connected to the Internet andEach Other for IntelligentDecision Making
IoE
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
7.26.8 7.6
IoT Is Here Now – and Growing!
Rapid Adoption Rate of Digital Infrastructure:5X Faster Than Electricity and Telephony
50 Billion“Smart Objects”
50
2010 2015 2020
0
40
30
20
10
BILL
ION
S O
F DE
VICE
S
25
12.5
InflectionPoint
TIMELINE
Source: Cisco IBSG, 2011
World Population
The New Essential Infrastructure
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.The World Generates More Than 2 Exabytes of Data Every Day
Connected Objects Generate Big Data
3/4 millions smart meters in Quebec90 millions data points > 2 TB / month !
10TB of data for every 30 minutes of flightWith >25,000 flights per day, petabytes daily
A large offshore field produces 0.75TB of data weeklyA large refinery generates 1TB of raw data per day
A single consumer packaged good manufacturing machine generates 13Bdata samples per day
Opérations en silosPas de choix technologiques communsDépendance des OEM ou fabricants de lignes
Réalité du monde manufacturier
Musée des systèmes d’exploitationUsines installées proche des matières premièresCentralisation des centres de donnéesProduction sur demandeFaire plus avec moins
Réalité du monde manufacturier
Relations tendues entre IT et OT
Réalité du monde manufacturier
CIA AICAvailabilityIntegrityConfidentiality
ConfidentialityIntegrityAvailability
Relations tendues entre IT et OT
Réalité du monde manufacturier
Marc, OT Bernard, IT
Bernard, J’ai besoin d’un adresse IP pour remonter ma drive queje viens de la remplacer. Ma motion ne marcheplus !
Ah ! Il a des SAN lui
sur son plancher ?Marc, donc pour biencomprendre tu as besoin de remonter ton SAN pour pouvoirbouger des VM d’un SAN à un autre ?
Besoin d’un plan directeur et d’une architecture !
Changing Industrial Automation NetworksEthernet and IP Provide Foundation for Manufacturing 2.0 Initiatives
Robotics
Human MachineInterface PC-Based
Controllers
Motors, Drives, and Actuators
Programmable Logic Controllers
Office Applications, Internetworking, Data Servers, and Storage
Back-Office Mainframes and Servers
Sensors and Other Input/Output Devices
Corporate Network
Control NetworkGateway
RoboticsHuman Machine Interface
PC-BasedControllers
Motors, Drives, and Actuators
Programmable Logic Controllers
Office Applications, Internetworking, Data Servers, and Storage
Back-Office Mainframes and Servers
Sensors and Other Input/Output Devices
Corporate Network
Traditional Ethernet-Based
Control NetworkDevice-Level NetworkEthernet
Automation Control
Logical ArchitectureBuilt on Industry Standards
Enterprise Zone
DMZ
Manufacturing Zone
Cell/Area Zone
Enterprise Network
Site Business Planning and Logistics Network
Site Manufacturing Operations and Control
Area Control
Basic Control
Process
Demilitarized Zone—Shared Access
Level 5
Level 4
Level 3
Level 2
Level 1
Level 0
Converged Plantwide EthernetNetwork Architecture
Cell/Area ZoneLevels 0-2
Manufacturing ZoneLevel 3
DemilitarizedZone(DMZ)
Real-Time Control
<100ms Convergence
Multicast Traffic
Ease of Use
MFG Integration
Segmentation
Multi-Service Networks
Applications and Management Security
Access Control
Threat Protection
EnterpriseNetworkLevels 4-5
Gbps Link for Failover
DetectionFirewall(Active)
Firewall(Standby)
FactoryTalk Application
Servers
CiscoASA 5500
CiscoCatalyst Switch
Network Services
Cisco Catalyst6800/4500
Cisco Cat. 3850StackWiseSwitch Stack
Patch ManagementTerminal ServicesApplication MirrorAV Server
Cell/Area #1(Redundant Star Topology)
DriveController
HMI Distributed I/O
Controller
DriveDrive
HMI
Distributed I/O
HMI
Cell/Area #2(Ring Topology)
Cell/Area #3(Bus/Star Topology)
Rockwell AutomationStratix 8000
Layer 2 Access Switch
Controller
Enterprise/ IT IntegrationCollaborationWirelessApplication OptimizationWeb Apps DNS FTP
Internet
CPwE Industrial Network Security Framework
MCC
Enterprise Zone: Levels 4-5
Soft Starter
I/O
Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server
Level 0 - ProcessLevel 1 - Controller
Level 3 – Site Operations
Controller
Drive
Level 2 – Area Supervisory ControlFactoryTalk
Client
Controller
Industrial Demilitarized Zone (IDMZ)
Industrial Zone: Levels 0-3Authentication, Authorization and Accounting (AAA)
LWAP
SSID2.4 GHz
SSID5 GHz WGB
I/O
Active
Wireless LAN Controller (WLC)
Standby
CoreSwitches
DistributionSwitch Stack
Control System Engineers
Control System Engineers in Collaboration with IT
Network Engineers(Industrial IT)
IT Security Architects in Collaboration with Control
Systems Engineers
Enterprise
Identity Services
External DMZ/ Firewall
Internet
IFW
Exemple de sécurisation niveau procédé
CPwE Industrial Network Security Framework
MCC
Enterprise Zone: Levels 4-5
Soft Starter
I/O
Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server
Level 0 - ProcessLevel 1 - Controller
Level 3 – Site Operations
Controller
Drive
Level 2 – Area Supervisory ControlFactoryTalk
Client
Controller
Industrial Demilitarized Zone (IDMZ)
Industrial Zone: Levels 0-3Authentication, Authorization and Accounting (AAA)
LWAP
SSID2.4 GHz
SSID5 GHz WGB
I/O
Active
Wireless LAN Controller (WLC)
Standby
CoreSwitches
DistributionSwitch Stack
Control System Engineers
Control System Engineers in Collaboration with IT
Network Engineers(Industrial IT)
IT Security Architects in Collaboration with Control
Systems Engineers
Enterprise
Identity Services
External DMZ/ Firewall
Internet
IFW
Exemple d’acces à distance d’un entrepreneur
Martin T., Cossins IncDoit accéder usine Granby
CPwE Architectures• Collection of Standalone Cisco Validated Design (CVD) Guides
CPwEREP CVDJune 2014
CPwEWLAN CVDNov. 2014
CPwE IDMZ CVDJuly 2015
CPwE ResiliencyJune 2016
CPwE CVDBaseline
CPwE NAT CVDJune 2015
CPwE ISE CVDJuly 2015
CPwEMigrationJan. 2016
CPwEVPN CVDMarch 2016
CPwE Industrial FirewallAugust 2016
CPwE Loc. Serv.White paper
CPwEResiliencyDec. 2015
Design Zone manufacturing – Modular CVD’shttp://www.cisco.com/c/en/us/solutions/enterprise/design-zone-manufacturing/landing_ettf.html
Edge Computing
Most IoT data is not used currently. For example, only 1 percent of data from an oil rig with 30,000 sensors is examined. The data that is used today is mostly for anomaly detection and control, not optimization and prediction, which provide the greatest value.
Leveraging Machine Generated Data and Networkingfor Business Benefit
IoT Environments Need to Process and Analyze Data Locally
In Many Cases, Data Issues Must be Handled“In the Network” to Meet the Requirements
Hence…Distributed Data Processing [across the] Network Fabric
The Case for Edge and Fog Computing
1. There’s too much data, so it has to be filtered, aggregated, batched, etc.
2. Some of the consumers of the data are distributed.
3. The data is in the wrong format.
4. You want to analyze the data as soon as possible.
5. The data needs to be time stamped for time series analysis or for compliance reasons.
6. You have thousands of devices, and it’s too complicated for a single application in the cloud to talk to them individually.
General Patterns
Data CenterEdge Processing Aggregation NodeOil Rig
Data Data Data
Local Feedback Data CenterFactory Device
Data Data
CloudIoT Device
2 Tier
3 Tier
4 Tier
Data
IoT Requires Distributed Computing
ENDPOINT
DATACENTER/CLOUD
FOG
App
App App App App
IoT Compute Model(Local control loops, Data Volume, Security, Resiliency, Latency, Scale)
BYOI: Bring Your Own Interface(Legacy interfaces, Industry-specific interfaces,
Partner-proprietary interfaces)WiHart Zigbee PLC 802.15.4 Other
Domain Specific Interfaces
Architecture FOG - IoX
Routers / Switches at the edge
AppHosting
App Lifecycle Management
AppMonitoring
AppMonitoring
Local Manager
Customer-built App
Cisco-built App
Partner-built App
App Packaging
SDKApp Lifecycle App Management
Fog Director
IOx Services(Alpha*)
Applications(LXC*, PaaS, VM)
Net
wor
k (IO
S)
IOx
Why is this Unique? Bring Analytics to the Data
DATA DATA
Fog NodeEdge Node
DATA
AnalyticsIoT Devices
IoT Devices Analytics
DATA
Distributed Analytics (Distributed, High Volume, Time Critical, Regulated)
Cloud Based Analytics (Centralized, Low Volume, Non Perishable, Non Regulated)
Analytics Analytics
Pour résumer…
• Vision IoE de Cisco • Défis du monde manufacturier• Sécurité• Edge Computing (Fog)
Merci !
top related