by Brian Oulton, Belden Inc.
… in this brave, new, sort-of-recovering world
… where your company’s future rides solely on your ability to produce more product throughput in a less expensive machine,
… where the customer demands and challenges continue to mount,
… and where budget, resources, and time continue to shrink, is there possibly any way to do it all?
Maybe. Take heed of these “7 mistakes to avoid,” and carefully apply the advice here. You’ll leverage the most significant new industrial technologies to emerge in the last ten years, namely industrial Ethernet with security, and very possibly, you’ll meet your goals.
MISTAKE ONE – Don’t think like your customers
It can be too easy to let job pressures compromise your ability to delight your customers. At a macro level, those pressures tell you to stick to your standard, proven design and avoid deviating. Your experience tells you that any change is big, costly and time consuming.
Customers, on the other hand, have added to their list of wants above and beyond the high-throughput, lowest cost possible machine that you’ve designed. They are also looking for more agility to quickly change their production, the ability to update and upgrade their machines quickly and easily, and much more information that helps them to make better decisions.
The good news is that a machine designed with industrial Ethernet at the core helps you to meet those additional, unanticipated needs and delight your customers with only minimal design or programming changes. Since industrial Ethernet can be used for discrete and process control, motion, safety, machine to machine, enterprise connectivity and even remote access, you won’t need to change your network plan to add major options to your machine. And because today’s industrial Ethernet provides blazing throughput and bandwidth, your machine can likely support all of these functions and your customer’s need for more data on a single network without issue. You should be able to do many more and different things when normal speeds are 100 M or 1 G and networked devices can number in the thousands on a single network, especially when compared with the last generation of industrial networks running at 1 M or less and degrading significantly after about 20 to 30 networked devices. So dream a little and imagine what previously was impossible. It’s OK to think like your customer, and to help their vision become real.
MISTAKE TWO – Don’t listen to your sales and marketing team
A machine builder’s sales and marketing team can represent nearly perfect input for the design team. The key is that you’ll need to establish a conversation with them that lets them brainstorm and innovate based on the significant interaction they’ve had with your many customers. They are well tuned to their own wins and losses, and know what the competition is doing. When they bring up price, delivery, customization, through-put, uptime, better information, more responsive troubleshooting or newer, value-added services that either the customer is requesting or the competitors are providing, don’t dismiss any of them.
The challenge is to consider how you might provide each, successfully and better than the competition, even if you’ve previously dismissed them. While only a few years ago, remote access services were impractical, I’ve seen a number of industrial applications with people holding iPads, looking at machine status, accessing video-based documentation, capturing and streaming video to a remote troubleshooter, and requesting spare parts, all from a single commercial device with secure remote access. Those sales and marketing people are fielding these kinds of requests that were nearly impossible a few years ago, but represent a very real opportunity for you to move the needle today.
MISTAKE THREE – Don’t take advantage of Industrial Ethernet
Vendors have changed their products to support industrial Ethernet, and customers aren’t objecting. In a recent Aberdeen study, those end users with the very best business performance not only used Industrial Ethernet, they aggressively removed all other fieldbuses to standardize, simplify, and supercharge their production. Further studies from ARC, IMS and others show growth rates and volumes of industrial Ethernet devices far surpassing their fieldbus equivalents. The reasons apply to machine builders too. When I ask users, some of the most significant answers come back about how industrial Ethernet not only replaces fieldbuses, it does much more. They cite the multi-purpose uses I described earlier, along with the ability to create extremely large networks instead of using multiple fieldbuses. They also cite the ease of moving control and information throughout their enterprise, another limitation of fieldbuses. In addition, users describe the benefits of learning, applying, and supporting one technology instead of many. Finally, users recognize that industrial Ethernet has inherited its features and capabilities from commercial Ethernet, with more than 20 years of evolution and innovation racing at the speed of commercial technology. While machine builders’ scope and business model is significantly different than their end-user customers,’ these same advantages apply.
MISTAKE FOUR – Tell yourself security stops at protecting your IP
While your primary mission surrounding security is to protect your own company’s intellectual property by password protecting your PLC program, customers face bigger challenges. You may see some of it when they now ask for more than a spare Ethernet port and a specific IP address. In some places, you’ll get a security spec requiring specific vLAN configurations or requirements for a router or firewall, and in many cases, you’ve taken on the job of integrating several of your machines with several others. Each of these is calling you to help with your customer’s security challenge.
You have the opportunity to help your customers create a secure production environment by offering some flexible options and security know-how that can separate you from your competition. After a risk assessment to identify and prioritize security threats, they will need to combine physical, computer, network, and device security along with their own company policies and procedures to create layered security. They will appreciate your help and especially your flexibility in being a part of their security plan.
At a minimum, you’ll need to lock down any PC in your application, apply good security to any remote access you’re implementing, and securing your networks with the right security appliances and correct features running in your managed switches and routers.
If your customers’ risk assessment and security plan warrant it, they will also require you to maintain security for any computer and its applications your support people bring into the customer site, as well as ensure security for any patch management, USB, CD or remote updates you provide. If you already have a plan, procedure and policy for these, you’ll differentiate yourself significantly from your competitors, and gain much faster access to your customer site when needed.
MISTAKE FIVE – Stick with your fieldbuses since Ethernet has security issues
Nearly every conversation about applying industrial Ethernet includes a discussion about security. The conventional belief is that Ethernet brings with it many security issues, and many believe that older fieldbus networks don’t have the same. In reality, Ethernet did connect the industrial space to the world, giving access to a new class of security risks. However, Ethernet functionality has evolved significantly more than 20 years and has plenty of functionality to help make applications more secure.
The same cannot be said for fieldbuses, which have only a few, simple security mechanisms. Their best security is through their relative obscurity, but this kind of security plan is more a hope than anything else. While fieldbuses are effective for many applications, the benefits of moving to industrial Ethernet, for all of the reasons stated in this article and more, should give you ample reason to move. Don’t let the myth of fieldbuses hold you back.
MISTAKE SIX – Use one-size-fits-all security
I’ve seen plenty of machine builders and end users alike take the short route to security. Instead of running a risk assessment, and then prioritizing and addressing real security risks, they make the mistake of thinking that perimeter security in the form of a firewall or computer gateway will suffice. Unfortunately, history has demonstrated with recent real examples that perimeter security or even air-gap security doesn’t properly address security for many applications.
While these are a good start, if you take the time to better understand your customers’ security concerns and work with them to address them, you’ll quickly become a trusted partner instead of yet another vendor. Your flexibility and range of security options will go a long way toward winning your customer’s loyalty. While some will engage IT and provide remote access through their corporate infrastructure, others will specify a great security appliance and router with cellular wireless or guest account on your LAN for remote access. Others won’t allow any live remote access, and will prefer updates, status and patches to be implemented in other ways. Further, the best security is designed in from the start, so your designs should consider some security options rather than allowing security to be an afterthought. While you may need to adjust to each customer’s security plan a little differently from the next, having your own ideas and approaches to security and providing flexibility when needed is the recipe for success.
MISTAKE SEVEN – Don’t bother with remote access
In many markets today, customers are asking and sometimes begging to have more access to your company’s experts with a willingness to pay for it. While that may require customization and extra work to conform to your customer’s remote access policy, it is well worth it.
First, you’ll be able to provide much faster and better support while your machine is under warranty, and you’ll cut down on those last minute panic trips to the customer site. Further, you open the doors to an entire new world of valuable services that you can offer to your customers, including predictive maintenance, materials replenishment, easy updates and upgrades, and unparalleled machine performance optimization and reporting. Even customers who used to deny remote access from their machine suppliers are now open to this connection if it means better access to machine and domain experts that have become scarce in the last three years. If your customers don’t seem ready to provide access, ask what’s holding them back and work to address their concerns. They may not understand how the market has evolved for secure remote communications.
Filed Under: Factory automation, Design World articles, Networks • connectivity • fieldbuses