Efficiently Designing a Process Automation Network
In the current age of technology, businesses need to ensure their networks are secure, efficient, and capable of handling the ever-growing demand for automation. The Process Automation Network (PAN) is an essential component of any organization that wants to integrate auxiliary systems and centralize engineering and maintenance activities. To ensure optimal performance of the PAN, it is important to understand the best practices for designing and implementing the network.
In this article, we will discuss the design and implementation of PANs, including physical and logical separation, remote access, plant historian, and other important considerations.
IEEE 802.3 CSMA/CD
The PAN should be based on the IEEE 802.3 CSMA/CD (Ethernet) standard. This ensures that the network is compliant with industry standards, and provides the necessary bandwidth and latency for efficient data transfer. The backbone should also be based on Layer 3 multi-protocol switches or routers.
Physical and Logical Separation
The network design should provide physical and logical separation between PAN and all other networks, such as the Saudi Aramco Corporate Network. This can be accomplished through the use of VLANs or Layer 3 network subnets. Additionally, physical separation utilizing dedicated fiber strands is permitted outside of the plant fence and should include a service level agreement defining areas of responsibility for support and maintenance.
Integrating Auxiliary Systems
PAN can also be used to integrate auxiliary systems such as emergency shutdown systems, compressor control systems, vibration monitoring systems, etc. onto a single network. This allows for centralized engineering and maintenance activities.
Remote Access
Remote control from the corporate network or internet is not permitted. However, remote maintenance and engineering activities by Saudi Aramco personnel through the firewall are permitted. To ensure security, the engineering stations must be in a room with controlled physical access, and the user IDs must be authenticated by the Saudi Aramco Information Technology (IT) active directory services. Additionally, two-factor authentication should be used to verify vendor identity, and a virtual private network should be used for communication between remote access nodes.
For remote vendor troubleshooting, manager approval is required and should adhere to the IT corporate policy.
Internet Access
PAN should not be permitted to access the internet.
TCP/IP Addressing
All nodes on the PAN should be assigned static IP addresses, and dynamic host configuration protocol (DHCP) should not be used.
Plant Historian
A plant historian is a plant-wide data repository that collects, archives, and disseminates real-time plant information. The architecture consists of three components: the corporate PI server, local PI server, and local PI scan node. The corporate PI server is located on the corporate network, while the local PI server is located in the DMZ. The local PI scan node is located in PAN and is interfaced to the process automation systems to get real-time data.
The corporate Plant Historian should be accessed within the plant using the corporate network, and all data sources should be configured by industry standard OPC interface to avoid vendor specific interfaces. Additionally, TCP port 5450 should be enabled at the firewall to open the communication between the corporate Plant Historian Server and local Plant Historian Server/PI-to-PI Interface Server.
Conclusion
Designing and implementing a Process Automation Network is a complex process, but following the best practices outlined above can help ensure optimal performance. By understanding the importance of physical and logical separation, remote access, plant historian, and other considerations, businesses can build networks that are secure, efficient, and capable of meeting the demands of automation.