The Power of Managed Ethernet Switches

Over the past two decades, many industrial operations began building digital backbones into their production platforms. Like their counterparts in office environments, they wanted more data to enhance control and management of their systems. In industrial settings, that meant sensor, PLC and servo drive data. 

 

While some manufacturers went the proprietary route, many built their networks around unmanaged Ethernet switches.

 

Now, as industrial companies embrace Industry 4.0, operations are being upgraded again with smart devices. Isolated and standalone systems are being connected to Ethernet-based networks and exposed to the Internet. As these industrial Ethernet networks grow in size and complexity, network visibility, control and security need renewed attention. Unmanaged switches can do the job, however, the better choice to manage today’s control and risk demands is the managed Ethernet switch.  

 

The drive to connect makes sense. Networking isolated systems ushers in valuable new data that was previously unattainable. However, gaining access to that data in real time requires a significant investment. Many organizations chose to manage costs by opting for unmanaged Ethernet switches.

 

What’s lost in the balance is technical sophistication. Adapted from Ethernet technology in office networks, unmanaged switches lack security defenses and network visibility, as well as the traffic control needed for industrial networking.

 

Industrial Ethernet networks are constantly transacting time-sensitive data and vital input/output (I/O) signals. Responsive I/O and interlock signaling play a crucial role in preventing equipment failure, wasted product and data loss.

 

Managed switches are suited to the task as they are engineered for rugged industrial environments to tolerate high vibration along with their ESD (electrostatic discharge) and surge protection.

 

As production operations become increasingly automated and more devices join the network or virtual local area network (VLAN), engineers need full control to authorize device connections and data transactions. Unmanaged switches lack the software layers that enable this control. Anyone can plug a PC into an unmanaged switch and access that network segment. That user could then potentially find a pathway into other parts of the manufacturer’s OT (operations technology) or IT platforms.

 

Managed industrial Ethernet switches are built with multiple overlapping layers of electronic security to maximize protection against specific risk factors. They’re designed for defense in depth to comply with industrial standards. This approach is formalized in the ISA/IEC 62443 series of standards, which details best practices for implementing and maintaining electronically secure industrial automation and control systems and assessing security performance. 

 

If someone plugs their PC into a managed network switch, they’ll confront multiple security layers that are commonly used in IT departments. This includes advanced password encryption, MAC security, configurable password length and multi-level user access control.

 

Cyber attackers are known to target industrial systems to access corporate networks upstream. Unmanaged Ethernet switches give them exploitable entry points. With defense in depth, managed Ethernet switches strengthen cybersecurity for the industrial network and the overall organization.

 

Another advantage of managed switches involves controlling and optimizing network traffic. As industrial Ethernet networks expand, engineers need to improve the level of determinism on the network to minimize network delays. When data packets are transmitted unnecessarily, resources and bandwidth are wasted and communication can be delayed. Managed switches give automation engineers exceptional control to bypass these shortcomings. 

 

A large machining department, for instance, may have multiple tools networked together, each with its own variable frequency drive (VFD) generating lots of network traffic. While VFD data is useful for preventive maintenance and performance tracking locally, it might not need to be transferred to the work cell PLC.

 

Managed Ethernet switches let automation engineers carefully define which data transfers from which addresses to allow. This feature can also be used to limit connections to particular uplink ports to help manage traffic on a given work cell or automation network segment, while also securing it.

 

The leading managed switches are also easy to install and configure. Text-based files make it easy to copy the configuration to any new switches added to the network.

 

When controls engineers lack technical network training, user-friendliness is a major plus. All that’s necessary is powering up the switch, adding the device IP address and configuring the password and security protocols for that portion of the network. Newer switches include pre-configured protocols, simple interfaces displaying switch status and diagnostic tools that help identify and solve issues before they cause production downtime.