Wasser Intrnational Berlin, Stand Siemens and Aruba, a Hewlett Packard Enterprise company, bridge the OT/IT divide
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Joint Background
Information
by Siemens and Aruba Munich and Santa Clara,
November 12, 2018
Wasser Intrnational Berlin, Stand
Siemens and Aruba, a Hewlett Packard
Enterprise company, bridge the
OT/IT divide
Siemens and Aruba, a Hewlett Packard Enterprise company have entered into a
strategic partnership. Operational Technology (OT) specialist Siemens and
Information Technology (IT) professional Aruba are meeting the new challenges
thrown up by digitalization, Industrie 4.0 and the Industrial Internet of Things.
Industrial productivity and plant availability depend heavily on the exchange of data
in real-time, and the partners are focusing on achieving faster, more secure data
transfer. Doing so requires reliable, high-speed OT and IT communications and
network infrastructure. Siemens and Aruba bridge this divide based on their deep
and complementary expertise in OT and IT spanning from the OT cell level all the
way up to business applications in the carpeted C-suite. The breadth of expertise
brought to the table by Siemens and Aruba enables the partners to address
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 1/11Joint Background Information
by Siemens and Aruba
requirements across industries ranging from discrete manufacturing and process
industries through utilities, oil and gas, to transportation.
Separate and yet connected
OT and IT networks have historically been physically separated from each other
because OT and IT requirements differ considerably. While cybersecurity is
paramount in IT systems, primary concerns for industrial applications include plant
availability, hardware robustness, and deterministic operation. Based on their
complementary areas of expertise, Siemens and Aruba can allow secure data flows
between OT and IT systems, delivering new insights and capabilities while ensuring
high plant and network availability.
According to Klaus Helmrich, Member of the Management Board at Siemens AG,
“The cooperation between Siemens and Aruba is an important step to
complement our industrial networks offering, which is one of the pillars of the
Digital Enterprise, with the additional IT offering from Aruba. Customers will
benefit from futureproof, integrated communication networks ensuring availability
and security.”
Keerti Melkote, President and Co-Founder at Aruba, a Hewlett Packard
Enterprise company, further notes that “Working together for nearly three years,
Siemens and Aruba have addressed the OT/IT divide through technology
integration, backed by validated reference designs. The resulting solutions are
ideal for a variety of industrial applications and are backed by both Siemens’ and
Aruba’s support teams.”
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 2/11Joint Background Information
by Siemens and Aruba
Shared expertise for customized solutions
The divide between the OT and IT worlds, and the fact that industrial networks are
frequently tailored to specific application requirements, have impeded the use of
common architectures and shared partners. Aruba and Siemens – together with
their shared partners – can address customer requirements spanning pre-sales
consulting and engineering, professional services (including project management,
commissioning, factory acceptance testing, and design engineering), managed
operations and maintenance services, and after-sales support.
Decades of experience
Based on over 30 years of automation and communications experience, Siemens
can deliver customized network infrastructure of any scale tailored to the needs of
different industrial verticals. Not only does Siemens offer an extensive portfolio of
network components and services, as a solution provider it also has at its fingertips
the expertise needed to design, plan and implement industrial networks.
Siemens is concerned not only with meeting current challenges, but also addressing
future needs that require Industrial Ethernet, Profinet (an open Industrial Ethernet
standard), and Time-Sensitive Networking (TSN). Siemens’ Profinet product
portfolio includes automation, drives, field devices, identification systems, and
network components. Profinet and Industrial Ethernet enable field through cell level
integration, an industrial backbone up to the enterprise level, and secure connection
to cloud systems such as MindSphere, the cloud-based open IoT operating system
from Siemens.
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 3/11Joint Background Information
by Siemens and Aruba
Siemens network components for every application
Communication networks in industrial environments are faced by particular
challenges. To meet these challenges Siemens offers an industrial networking
portfolio that is integrated into its Totally Integrated Automation Portal (TIA Portal)
and Simatic PCS 7 distributed control system. With Simatic PCS 7,
customersbenefit from Siemens’ digitalized automation services including digital
planning, integrated engineering, and system operations.
The Scalance product portfolio is comprised of four product families: Scalance X
Industrial Ethernet switches; Scalance M industrial routers; Scalance S industrial
security appliances; and Scalance W access points and client modules for industrial
wireless LAN applications. The copper or glass fiber port versions of the Scalance X
switch range feature data rates of up to 10 Gbit/s and are ideally suited for
applications spanning from control cabinets to harsh environments.
The Scalance M mobile wireless routers and routers for wired communication can
be used for telecontrol, teleservice, and any other industrial application requiring
remote communications.
Scalance S industrial security appliances support the “defense in depth” industrial
security concept and are ideal for safeguarding automation networks and connecting
seamlessly into both IT and OT security infrastructure.
Reliable wireless communication over different automation levels is enabled by the
leading Scalance W Industrial Wireless LAN (IWLAN) products. In accordance with
the proven IEEE standard and equipped with specific Industry-Features (e.g. iPCF,
iPRP) the Scalance W access points can be used in wireless applications with
critical requirements such as emergency stops in safety applications.
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 4/11Joint Background Information
by Siemens and Aruba
The Siemens Ruggedcom portfolio was specially developed for use in mission-
critical networks such as electric power, transportation, and oil and gas applications.
The products offer an extremely wide operating temperature range, Zero-Packet-
Loss technology for immunity against high levels of electromagnetic interference
and enhanced Rapid Spanning Tree Protocol (eRSTP) for ultra-high-speed network
fault recovery. The Ruggedcom portfolio includes a private wireless WAN solution
(PMN – Private Mobile Network) that enables secure long-range connectivity to
extend IP networks over long distances to fixed and mobile users.
Simatic Net Communication Processors are used to connect Simatic controllers or
industrial PCs with Industrial Ethernet, Virtual Private Networks (VPN), and cloud
applications.
Siemens’ “defense in depth” security concept complies with the leading industrial
automation security standards (ISA99 / IEC 62443). Security at Siemens starts right
from the PLM process and continues through plant security, network security and
system integrity.
Siemens’ remote access systems run over IP-based networks protected using
advanced security measures like firewalls and VPNs. The Sinema Remote Connect
server application is a management platform for remote networks. This enables
remote plants or machines to be conveniently and securely accessed and
maintained – even if they are integrated into other vendors’ networks.
Powerful industrial network management
A powerful, future-proof network management system enables users to master the
growing demands placed upon industrial communication networks, such as the
increasing degree of networking, larger quantities of data, and the complexity of
network structures. This facilitates forward-looking planning and a quick response
time to prevent possible failures and so increase productivity.
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 5/11Joint Background Information
by Siemens and Aruba
Extended portfolio elements for digitalization solutions
The ability to gather and process strategically important contextual data is crucial for
long-term business success. Industrial identification (Simatic Ident: radio frequency
and optical identification) and Real-Time Locating Systems (Simatic RTLS) play an
important role in the Digital Enterprise by collecting business-critical contextual data
about location, asset type, and throughput.
Aruba - redefining the intelligent edge experience
Aruba’s solution platform is built around seven building blocks, which together form
its architecture for building trust-based IT and IoT networks for business-critical
applications and digital experiences. The building blocks include connectivity and
data collection, security, edge computing, location services, performance analytics,
application assurance, and network management, diagnostics, and visibility.
Connectivity and data collection
Aruba’s switch portfolio includes edge, aggregation, core, and data center switches,
including high availability options for non-stop operation. Zero-touch provisioning
speeds installation, while rules-based monitoring and automatic correlation of
network activities - combined with programmable scripting - lets customers monitor
and control specific IoT security, network, system, and application-related activities.
Remote access solutions provide secure communications to off-site machines,
users, and sites, over WANs or cellular. FIPS 140-2 and Common Criteria validated
options extend secure connectivity into fixed or mobile high security applications.
Aruba’s VIA VPN clients can run on selected Siemens products, providing a smooth
integration of OT and IT systems in secure industrial applications.
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 6/11Joint Background Information
by Siemens and Aruba
Aruba offers a broad range of indoor, outdoor, and hazardous area Wi-Fi access
points. Hitless-updates allow software patches and security fixes to be added
without losing data, an essential feature in high availability industrial applications.
Aruba’s Multizone feature allows wireless networks to be segmented into multiple
virtual networks – each with its own security and access rules – so one common
infrastructure can service up to five owners with no cross-access, i.e. factory
network, machine-as-a-service network, supplier network, auditor network and so
on.
SD Branch solutions combine Wi-Fi, LAN, and remote access together with
infrastructure and management orchestration, zero-touch provisioning, remote
operations analytics, and end-to-end security. The result: lower SD-WAN costs,
optimized traffic flows, improved application experiences, and higher security.
Security
Aruba’s end-to-end security solutions extend from IoT devices and machines to IT
infrastructure and clients, and include:
ClearPass policy management, network access control, authentication, guest
access, and IoT device profiling;
Commercial and high security FIPS 140-2 and Common Criteria validated
encryption options;
Per user, device, and machine tunneling - also called dynamic segmentation
- ensure integrity of the source, destination, and transport pathway;
Role-based policy enforcement firewall and context-based policies, modeled
after the expected mode of operation, enforce compliance and prevent
wayward behavior;
Integration with >120 next-generation firewalls, MDM, MAM, EMS, SIEM,
and malware detection systems;
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 7/11Joint Background Information
by Siemens and Aruba
IntroSpect User and Entity Behavior Analytics (UEBA) for user, device, and
machine security anomaly detection, predictive threat modeling, and attack
heuristics.
Edge computing
Aruba’s portfolio of edge compute gateways and servers can locally ingest, process,
and respond to IoT data flows. The platforms can be remotely managed without
providing access to the data being processed.
Location services
The Meridian and Analytics and Location Engine (ALE) product families deliver
wayfinding, geofencing, and personnel and asset tracking services over Aruba’s
wireless infrastructure, for instance guiding an engineer directly to a machine in
need of service.
Performance analytics
Aruba’s NetInsight uses machine learning algorithms to detect problems and
automatically eliminate false positives when the network is not performing as
expected. NetInsight also issues prescriptive recommendations on network changes
to prevent future incidents.
Service assurance
Aruba’s User-Centric Service Assurance (UCSA) monitors how a system is running
from the application’s perspective. It does this by sending synthetic transactions
over Wi-Fi and Ethernet that continuously test Azure, SAP, and other applications.
UCSA can detect and identify the source of performance degradation before critical
processes are threatened.
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 8/11Joint Background Information
by Siemens and Aruba
Network management, diagnostics, and visibility
Aruba’s AirWave and Central network management solutions offer single pane of
glass visibility into network operations. On-premise, hosted, and public/private cloud
options are available.
Optimum connection through defined interfaces
Customers benefit from integrated networks with proven interoperability from
factory floors to corporate offices by leveraging Siemens’ expertise as a leading
provider of Industrial Ethernet network components and Aruba’s as a leader in
wired and wireless LAN infrastructure.
Bridging the OT / IT divide
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 9/11Joint Background Information
by Siemens and Aruba
The practical implication of bridging the IT-OT divide is that IT and OT data must
be securely exchanged at the logical level for improved visibility, operational
excellence, and system security. By way of example, Siemens and Aruba have
enabled the termination of Scalance SC-600 industrial security appliance VPN
tunnels at Aruba 7200 series Mobility Controllers, which act as VPN
concentrators. Implementation of these secure bridges is documented in a
validated reference design to simplify the process for both integrators and
customers.
Additional Siemens-Aruba validated reference designs include:
Monitoring of Scalance and Ruggedcom devices using network management
systems like Airwave or Sinema server;
Managing of devices like Scalance W1750D with Aruba mobility controllers
and Airwave;
Interconnecting the Siemens management platform for remote networks with
additional IT owned VPN and Firewall mechanisms to create integrated
solutions like a secure jump-host to ensure secure and clean remote access;
Convey OSPF, DSCP, and other IP-backbone communications via Aruba,
Scalance, and Ruggedcom switches;
Forward Ethernet traffic via Aruba, Scalance, and Ruggedcom switches to
address performance and environment requirements spanning from the
factory floor to up to the data center;
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 10/11Joint Background Information
by Siemens and Aruba
Proof point
Heineken, one of the biggest brewing companies in the world, relies on an
integrated IT/OT solution from Aruba and Siemens for its HEINEKEN Nederland
Supply Brewery's-Hertogenbosch. “To run efficiently and stave off cybersecurity
threats we need uniform visibility and security across our OT and IT,” said
Heineken Henk van den Scheun, Manager Engineering. “Working with Siemens
and Aruba we have achieved our objective with a solution that went in very
smoothly and has been highly reliable ever since.”
For further information:
www.siemens.com/industrial-networks
www.arubanetworks.com
Contact for journalists
For Siemens AG
Dr. David Petry
Phone: +49 9131 726616; E-mail: david.petry@siemens.com
For Aruba, a Hewlett Packard Enterprise Company
Pavel Radda
Phone: +1-408-419-0294; E-mail: pavel.radda@hpe.com
OR
Lori Hultin
Phone: +1-818-879-4651; E-mail: lori.hultin@hpe.com
Aruba, a Hewlett Packard Enterprise company
Siemens AG
3333 Scott Boulevard
Werner-von-Siemens-Str. 1 Santa Clara, California 95054
80333 Munich USA
Germany
Page 11/11You can also read
