PROFINET IO
User manual 57106_hdb_en_13 60 / 94
11.2 PROFINET installation guidelines
General information
on the data safety
Data safety and access protection become more and more important even in
the industrial environment. The growing interconnectedness of entire industri-
al plants with the company levels and the functions of remote maintenance
place higher requirements regarding the protection of industrial plants.
Hazards may be caused by internal manipulation, such as technical errors, op-
erating and programming errors or external manipulation such as software vi-
ruses, worms, Trojans and password phishing.
Protective measures The most important protection measures against manipulation and loss of the
data safety in an industrial area are:
Certificates
Encryption of the data traffic by means of certificates.
VPN
Filtering and control of the data traffic by VPN - "Virtual Private Networks".
Authentication
Identification of the participants through an "authentication" via a secure
channel.
Segmentation
Segmentation in protected automation cells so that only devices in the
same group are allowed to exchange data.
Data and information
security
With the VDI guideline VDI/VDE 2182 Part 1 the VDI/VDE society for Mea-
surement and Automatic Control has issued a guideline on implementation of
security architecture in the industrial environment.
The guideline can be found under:
www.vdi.de
The PROFIBUS & PROFINET International (PI) supports you in the designing
process of security standards with a PROFINET Security Guideline.
More details on this topic can be found under:
www.profibus.com
Industrial Ethernet Due to openness of the PROFINET standard you can use the standard Ether-
net components. However, for use in industrial environments and due to high
transfer rate of 100 MBit/s you should design your PROFINET system using
Industrial Ethernet components.
All devices connected by means of switches are in the same network and can
communicate with each other directly.
A network is limited physically by a router. For communication beyond the net-
work limits you must program your routers in such a way that they allow such
communication.
Topology Line
For the line structure all communication nodes
are connected in series consecutively. The line
topology is implemented by means of switches
in the PROFINET devices.
If a communication node fails, communication over the failed participant is not
possible.
Star
To Next Page
Loading...
Need help?
General
