Profinet Installation Guidelines - YASKAWA VIPA System MICRO Manual

VIPA System MICRO
Addressing
Transfer medium

7.2 PROFINET installation guidelines

Generals to data security
Precautions
Guidelines for information
security
Industrial Ethernet
HB400 | CPU | M13-CCF0000 | en | 18-50
n More information about installing the GSDML file may be found at the manual of the
according engineering tool.
n Structure and content of the GSDML file are defined by IEC 61158.
In contrast to the PROFIBUS address, in PROFINET each device may be definitely iden-
tified with its PROFINET interface:
Device name
n
n IP address respectively MAC address
PROFINET is compatible to Ethernet in accordance with the IEEE standards. The con-
nection of the PROFINET IO field devices is exclusively established via switches as net-
work components. This is made either as star via multi-port switches or as line by means
of switches, integrated to the field devices.
The topic of data security and access protection have become increasingly important in
the industrial environment. The increased networking of entire industrial systems to the
network levels within the company together with the functions of remote maintenance
have all served to increase vulnerability. Threats can arise from internal manipulation like
technical errors, operator and program errors respectively from external manipulation like
software viruses and worms, trojans and password phishing.
The most important precautions to prevent manipulation and loss of data security in the
industrial environment are:
Encrypting the data traffic by means of certificates.
n
n Filtering and inspection of the traffic by means of VPN - "Virtual Private Networks".
n Identification of the nodes by "Authentication" via save channels.
n Segmenting in protected automation cells, so that only devices in the same group can
exchange data.
With the "VDI/VDE 2182 sheet 1", Information Security in the Industrial Automation - Gen-
eral procedural model, VDI guidelines, the VDI/VDE society for measuring and automa-
tion engineering has published a guide for implementing a security architecture in the
industrial environment. The guideline can be found at www.vdi.de PROFIBUS &
PROFINET International (PI) can support you in setting up security standards by means
of the "PROFINET Security Guideline". More concerning this can be found at the corre-
sponding web site e.g. www.profibus.com
n Due to the open standard of PROFINET standard Ethernet components may be used.
n For industrial environment and due to the high transfer rate of 100MBit/s your
PROFINET system should consist of Industrial Ethernet components.
n All the devices interconnected by switches are located in one and the same network.
All the devices in a network can communicate directly with each other.
n A network is physically limited by a router.
n If devices need to communicate beyond the limits of a network, you have to configure
the router so that it allows this communication to take place.
Deployment PG/OP communication - PROFINET
PROFINET installation guidelines
181