industrial iot network journey to an intelligent...pino de candia openiot summit, portland, 2017...
TRANSCRIPT
![Page 1: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/1.jpg)
Pino de CandiaOpenIoT Summit, Portland, 2017
Journey to an intelligentIndustrial IoT Network
![Page 2: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/2.jpg)
About me: Pino de Candia
● Midokura CTO● Expertise in SDN for Data Center
virtual workloads
● Previous work on NoSQL databases and caching systems
● Software developer, architect and team manager
![Page 3: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/3.jpg)
About Midokura
● Founded in 2010
● Created and maintains MidoNet
● Open Source SDN for OpenStack, Kubernetes, vSphere, Eucalyptus
● OEMs with Dell and Fujitsu
● Working on virtual networking for Fog and IIoT (SmartFactory)
![Page 4: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/4.jpg)
About this talk
● Industrial network challenges (factory/plant focus)● Compare/contrast to Data Center
● What is an intelligent network
● Why virtualization is essential
![Page 5: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/5.jpg)
What I mean by “Industrial IoT”
● Extract more information from OT● Add sensors and devices for data
acquisition
● Process the data in the cloud
● Systematic optimization of the whole production pipeline
● Acceleration of innovation cycle
![Page 6: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/6.jpg)
General Challenges● Explosion of smart IP-enabled
devices (not traditionally connected)
● Vertical end-to-end solutions that don’t integrate
● Technology fragmentation
● Dynamically changing set of people, services, solutions, sensors, and cells/locations.
● Changing team dynamics
![Page 7: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/7.jpg)
Security ChallengesHeavily targetedOT natively has few defenses
IT ≠ OT security
Need OT-specific Firewalls
Remote access
Auto-updates
Fragmented community
Domain-specific certifications
![Page 8: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/8.jpg)
The air gap has long been a fantasy
![Page 9: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/9.jpg)
Defense in Depth
● Layers of defense, like in a fortress.
● Includes company policies and procedures, physical, and digital protections.
● Further layering within each area.
● Segment network into zones and conduits (ISA99).
![Page 10: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/10.jpg)
Operational 1
Zones and Conduits
Process 1Safety 1
Control 1
Supervisory 1
Operational 2
Process 2Safety 2
Control 2
Supervisory 2
Process Information Network
Enterprise Network
DMZ
Internet
![Page 11: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/11.jpg)
VLANs alone don’t solve the problem
● Are you using spreadsheets?● Zone/conduit design is spread
across network switches
● No distinction between intent and current state
● Hard to audit
● Hard to change
● Hard to place Firewalls
![Page 12: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/12.jpg)
Virtualization and cloud stressed the network infra and team.The network was in the way.
East-West security was an after-thought.
So network evolved to be application-centric.
What happened in data center networks
![Page 13: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/13.jpg)
We virtualized the data center networkDecouple the physical from the logical network topologyNot just L2 and L3
Self-serviceSelf-troubleshooting
Place any network service anywhere
Micro-segmentation
Intent-based policy
![Page 14: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/14.jpg)
Differences between DC and Factory/Plant networks
● Hardware refresh cycle● Devops
● Priorities
● Speed of deployment
● Number of applications vs. IoT solutions
● Static vs. dynamic
![Page 15: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/15.jpg)
What is an intelligent industrial network?
Allows layering policy from different teams.Allows scoped visibility, audit and troubleshooting based on role.Encrypted links.Protects devices from each other, even within a zone.Audit trail - traffic and state
SD-WAN over multiple channels
SPOF (single pane of glass)
![Page 16: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/16.jpg)
What is an intelligent industrial network?
Can be very prescriptive about what to allow - only white-listed traffic allowed.
Learns traffic patterns and detects deviation.
Allows dry-run of new policies
Easy roll-back to previous policy or config
Context-based traffic prioritization
Identity and context-based provisioning
![Page 17: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/17.jpg)
What is an intelligent industrial network?
Policy based on meta-data, not addresses
Per-flow redirection to FW or DPI, IPS/IDS, whatever topology (NFV)
Integration with domain-specific (OT) Firewalls
Layered remote access management
![Page 18: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/18.jpg)
Virtualization, and SDN more broadly, is a key ingredient to achieve this kind of intelligent network.
Overlay networks or not?Implement at edge or in the fabric?
Virtualization, the key ingredient for intelligence
![Page 19: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/19.jpg)
Some thoughts on Fog and Industrial Ethernet
![Page 20: Industrial IoT Network Journey to an intelligent...Pino de Candia OpenIoT Summit, Portland, 2017 Journey to an intelligent Industrial IoT Network About me: Pino de Candia Midokura](https://reader036.vdocument.in/reader036/viewer/2022071110/5fe50955d9d97314941e9c6d/html5/thumbnails/20.jpg)
What role for Open Source?OpenFogKuraomapd - open IF-MAP server (by TCG)OpenICS
● Can gateways provide network virtualization?● Should the gateways or the network provide the databus?● Can we separate GW functionality (data pipelines) from network
and security concerns?● Can we standardize device and patch management?