Regarding the network segmentation of factory workshops, many factory owners and workshop managers are actually worried about the big problems of network cards, data insecurity, and equipment disconnection! The factory workshop network is divided into segments. To put it bluntly, the messy machines, computer terminals, surveillance cameras in the workshop are divided into independent small networks according to the different work and the different importance of their work. It is like wearing "hard helmets" one by one, each going their own way and not disturbing each other – in this way, the network will be much more stable and the data will not run around casually! Provide global procurement services for weak current intelligent products!
First of all, we have to understand why we have to do this network segmentation? Think about it, there are so many equipment in the workshop, including old PLCs (that’s the kind), robotic robots that whirlwind all day long, code scanning guns, AGV cars, etc., and their requirements for the network are different! For example, if a robot sends a signal delay of more than one millisecond, the product may be ruined; if the code scanner gun transmits a wrong number, the inventory will be messed up! If they were crowded in a large network and a small machine made trouble, the entire workshop network might be paralyzed – this loss would be huge!
1. Divide blocks according to regional functions : For example, each area is divided into a small network segment, just like the community is divided into different buildings, you will get the key to visiting each other! Equipment in the area only needs to be checked by the "door guard" (firewall) when accessing across regions;
2. Encircle the territory by device type : Use all the equipment used to control the work of the machine, such as PLC and DCS modules (a kind), to build a "VIP area" network separately. Ordinary computers used for offices and employees’ mobile phones are not very important, so I throw them into another network segment. Want to see things in the VIP area? No way!
3. Set the level according to the importance of data : the data (core data!) collected in real time on the production line must use the special real-time Ethernet protocol, such as the fast mode in TCP/IP, so no one can seize their "fast lane"!
4. The "whitelist" tactical security guarantee : it is to clearly specify which IP address device can "talk" to which IP address device, and other "intruders" who do not know will be "blacked"! For example, it is stipulated that the computer on the A operation station can only send instructions to the B robot, and other computers want to come over? There is no door!
5. Regular "physical examination" is indispensable : use the network scanning tool to see if there are uninvited guests entering which network segment, or if there is a "traffic congestion" in a certain network segment, please adjust quickly! Can't be lazy!
Will someone ask: "My factory is small, and I only have a few equipment, and I still have to work hard to segment the pieces?" – That's wrong! There are few machines in small factories, but if there is a Taichung virus, the production data of the entire factory may be stolen and deleted. Besides, if there are too many devices connected to the Internet, it will sooner or later be in chaos! It’s better to plan early! Someone asked: "Will the division make it particularly troublesome for us workers to operate?" – Don't worry! As long as you plan which people and equipment need to access which network segment in the early stage, set the permissions, the operation is no different from before. Instead, the machine will no longer be stuck and the order data will not go wrong, and the workers will be in a good mood when working.
My personal opinion is that the network segmentation of the factory workshop is just like "structural restructuring" the factory's nervous system. You can do it early and benefit from it early. Don't wait until there is a big problem before you remember to "repair the problem" – at that time, the losses were not just about buying equipment and building the Internet. For a little money, you must find professional and technical personnel who understand the actual situation of the factory. Don't just find a primary school student who repairs computers in the computer city to deal with it!
Leave a Reply