Our “Ask the Expert” series taps into the experience and expertise of key thought leaders and subject matter experts from the more than 500 global suppliers we work closely with to bring customers solutions for their most challenging problems (and the daily ones, too).
We spoke with Moxa, which generously offered its vast experience and insight to help us better understand the myriad of considerations needed to create a secure, future-proof Ethernet network, plus product recommendations from its expansive catalog of switches.
What are some of the most common causes of Ethernet connectivity issues today? Which elements of a network are susceptible to the most risk?
Anything with an IP address on an open network can be susceptible to unauthorized access. To minimize this, you’ll need quality network design using managed network switches with enhanced security features, as well as a layered approach between each connection to mitigate the potential for a breach. This concept known as defense-in-depth — which includes segmenting the network, creating secure tunnels for secure remote access by adding firewalls between each network segment — is a great way to filter out any unwanted traffic, create rules to tightly control communication, and essentially ensure that nothing outside the network is talking to the device that is not supposed to. Following defense-in-depth security measures is a great way to not only secure your network but also enhance its performance, provide visibility, and minimize downtime. Let’s be honest — the time for basic connectivity is long gone; it’s no longer enough to simply plug your device into the network. Remote access, asset visibility, and access to data are driving the need for more security.
Then there’s the risk of the human element. As your network grows, you need a way to manage it. Let’s say you select the right switches with the right features and put the necessary firewalls between each segment for good VPN encryption for remote access. What’s going to happen six months or a year from now? How do you monitor whether your policies are being followed or if newly added devices are properly configured? Using tools like MxView, which is a piece of network monitoring software, is a great way to provide centralized network management. This tool is very valuable because you can monitor and manage your entire OT network (or even multiple sites) from one place.
If you have remote network sites, or large facilities that have hundreds or thousands of nodes to manage, this tool will save you countless troubleshooting hours, reduce downtime, and alert you to security events. Its biggest benefit? It lets you spot issues before they become problems.
How do Ethernet connectivity needs vary across different sectors? And what considerations need to be made when selecting appropriate network equipment?
There are quite a few considerations when selecting the right network switch. Reliability is an extremely important consideration for our customers who cannot rely on enterprise-level equipment to work in extreme environments day in and day out. Considerations are also going to drastically differ between, say, a traffic light and a safety system in an oil and gas processing plant. If a switch goes out at a traffic light, you can dispatch a truck and drive to the location, but in a refinery or substation, a switch might be surrounded by flammable vapors and gasses. Depending on the situation, safety can be a real concern. In that case, you’ll need equipment that can reliably operate at all times despite the environment. Certain equipment pieces will be certified for these kinds of environments, and if you have a standard you need to meet, such as Class C1D2 for explosive environments, you’re going to be required to show that your design complies with the standard.
The next thing to consider is future-proofing your investment. It’s vital to ask yourself questions like: Will this be good enough for a couple of years, or will you need to add more devices down the line? Do you foresee having to add a camera for security or process monitoring? Although this network is currently for an isolated remote system, will you one day need to connect to a SCADA system or control center that’s miles away? What about remote access to an isolated network — how secure is your access? We have never seen a network shrink; when the time comes to grow, you want to make sure your network has the ability and is optimized and secure.
Finally, no one should select networking equipment without considering the level of support it has behind it. This is a huge thing! Many people have a switch that probably does what we’re able to provide from a feature set standpoint, but they may not have the proper support. There could be a lot of reasons for this — maybe they pay exorbitant contracts on a yearly basis, or maybe the folks they talk to just don’t understand their unique situation. Regardless of the cause, this can be incredibly frustrating. Make sure you have expert support that walks you through the situation at hand.
What are some of the most common switch types? What characteristics separate them from one another?
The most basic switch is called an unmanaged switch, which is essentially “plug and play” for connecting devices in your panel to the network. The pros are cost and ease of use — they are great for basic device connectivity. The cons are a lack of visibility, so troubleshooting network issues is almost impossible and very time-consuming. Also, there’s no redundancy, so if you lose your connection, there’s no backup. This isn’t ideal if you’re trying to reduce downtime.
At the next level, we have managed switches that need configuring, but they do so much more than any unmanaged switch. Managed switches offer visibility, performance enhancement, data management, and security. Unfortunately, the biggest obstacle to the adoption of managed switches for OT engineers is lack of expertise. They struggle with questions like, “what features do I need?”, “what price points should I look at?”, or “is this overkill for me?”
Beyond these options, there are also modular switches, which are like backplanes with network and power modules that can slide in and out of a system. These are great for applications where you need flexibility and want to connect a lot of PoE or fiber. There are also rack mount switches.
To select the best switch for any application, you must be clear on what you’re trying to do.
The ongoing partnership between RS and Moxa includes the creation of more than 1,000 industrial communications products, including Ethernet switches, protocol converters, and routers. What has RS brought to the table in this partnership?
RS helps us in a lot of ways. When you’re talking about reach and the customer base, RS and its distribution network from a vendor standpoint provides exposure and helps us find customers (like you) and markets who might benefit from the technologies we offer, ranging from device connectivity solutions to computer management solutions. It’s a fantastic mutual relationship; RS brings the experience it has with its customers, and Moxa, through our information and support capabilities, brings the connectivity piece needed to guide you in your purchasing journey.
And what’s most exciting is that this partnership is still relatively young. We are both still growing and learning each other’s capabilities, but the potential of what we can accomplish together is incredible.
Some of the new products available through RS include Moxa’s EDS-2000-EL Series of Ethernet switches. What makes this new line unique?
Moxa’s EDS-2005-EL switch
We’re really excited about these. One of my favorite offerings in this line is the EDS-2005-EL switch. It’s pocket size, no taller than a business card, which is perfect for somebody who has a very small panel like one you’d find at a kiosk in a terminal station. It’s going to increase your connectivity; it’s cost-effective; it has one of the smallest footprints of anything available in the market right now; and it even runs on very low power, which is perfect for locations that may run on solar or battery power. Plus, it’s super reliable and can handle harsh conditions with no problem. If you’re trying to save money, this option will be cheaper than most enterprise-level switches and still offer you all the connectivity you need for compact applications. And like all of Moxa’s products, it comes with our free five-year warranty that covers all RMA and replacement costs, as well as completely free technical support.
Are there any other new offerings Moxa is excited to introduce through RS? What are some future developments in Moxa’s catalogue that we could look forward to?
Moxa’s SDS-3008 switch
There are! As an example, we have another new switch called the SDS-3008, which is an eight-port switch. It’s super slim and is specifically tailored for industrial customers who don’t feel comfortable configuring a switch. It has a simple dashboard, so you don’t need to navigate any tabs. It also has industrial protocol support for Modbus, Ethernet/IP, and PROFINET, which can be enabled with a single click. IGMP snooping, which is necessary for multicast traffic, is built into that profile, which, alone, will solve most of your problems with communication over an unmanaged switch if you’re using Allen Bradley equipment.
We also made a 16-port version that features gigabit uplinks. This means it has more throughput for fatter pipes to send more data back to the controller. For anyone who’s scared of managed switches, this — and the eight-port version — are exactly what you should look at if you want to dip your toes.
Moxa is also continually offering more free resources for our customers through our website, especially resources related to cybersecurity and network protection. We have webinars, videos, eBooks, infographics, white papers, and much more to ensure we keep you as educated as possible in this rapidly evolving world. One resource we recommend is a detailed checklist designed to walk you through an analysis of your defense-in-depth security measures. We highly recommend checking it out!