The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Converged Plantwide Ethernet (CPwE) is a collection of architected, tested, and validated designs. The testing and validation follow the Cisco Validated Design (CVD) and Cisco Reference Design (CRD) methodologies. The content of CPwE, which is relevant to both operational technology (OT) and informational technology (IT) disciplines, consists of documented architectures, best practices, guidance, and configuration settings to help industrial operations and OEMs achieve the design and deployment of a scalable, reliable, secure, and future-ready plant-wide or site-wide industrial network infrastructure. CPwE can also help industrial operations and OEMs achieve cost reduction benefits by using proven designs that can facilitate quicker deployment while helping to minimize risk in deploying new technology. CPwE is brought to market through an ecosystem consisting of Cisco, Panduit, and Rockwell Automation emergent from the strategic alliance between Cisco Systems and Rockwell Automation.
Deploying CIP Security within a Converged Plantwide Ethernet Architecture (CPwE CIP Security ™), which is documented in this Design Guide outlines several security architecture use cases for designing and deploying CIP Security technology across plant-wide or site-wide Industrial Automation and Control System (IACS) applications. CPwE CIP Security was architected, tested, and validated by Rockwell Automation with assistance by Cisco Systems and Panduit.
CPwE CIP Security provides a comprehensive explanation of the CIP Security application design. It includes information about key requirements, possible deployment models, potential challenges, technology considerations, and guidelines for implementation and configuration of these specific use security cases within the CPwE framework.
This document contains the following chapters and appendices:
|
|
---|---|
CPwE Overview, CPwE Industrial Security Framework Overview, CPwE CIP Security in alignment with ISA/IEC 62443, and CIP Security Solution Use Cases |
|
System Components, IACS Security Policy Considerations, Technology Considerations, and Architectural Considerations |
|
Describes how to configure CPwE CIP Security within the CPwE architecture based on the design considerations and recommendations of the previous chapter. This includes deploying, changing, and removing CIP Security properties using FactoryTalk® Policy Manager. |
|
Information on verifying and troubleshooting CPwE CIP Security. |
|
Links to documents and websites that are relevant to Deploying CIP Security within a Converged Plantwide Ethernet Architecture Design Guide. |
|
Appendix C, “About the Cisco Validated Design (CVD) Program” |
Describes the Cisco Validated Design (CVD) process and the distinction between CVDs and Cisco Reference Designs (CRDs). |
More information on CPwE Design and Implementation Guides can be found at the following URLs:
– http://www.rockwellautomation.com/global/products-technologies/network-technology/architectures.page?
– http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-manufacturing/landing_ettf.html
Note This release of the CPwE architecture focuses on EtherNet/IP™, which uses the ODVA, Inc. Common Industrial Protocol (CIP™) and is ready for the Industrial Internet of Things (IIoT). For more information on EtherNet/IP, CIP, CIP Safety™, CIP Security, or CIP Sync™, see the following URL:
http://www.odva.org/Technology-Standards/EtherNet-IP/Overview