The "BIG" Difference Between IT and OT Networks

Рет қаралды 14,952

2 жыл бұрын

It’s in every article you read, IT/OT convergence. The popular idea is that it’s possible to run all your IT applications and OT control applications on the same network. I think that’s silly and dangerous and in this video I tell you three way that it’s different. I expect to be pressured to take this down soon - there are big companies that have invested millions in IT/OT convergence and they aren’t going to be happy with me but my job is to deliver the information that you need to keep your manufacturing networks running, not please some corporation.
You can get more unusual information from my books on EtherNet/IP, OPC UA or Modbus TCP by clicking on John’s books. And soon, I’ll have my book on how to architect an EtherNet/IP network released. That book will have a lot more about recommendations on building properly engineered EtherNet/IP networks.
You can also get a wealth of information on automation protocols by signing up for our quick read, byte size information emails on all sorts of important factory floor automation protocols. Click here to start your education like hundreds and hundreds of other automation professionals already have.
I monitor the comments here from time to time. If I can help you in any way, get in touch. Leave a comment here or you can email me at www.rtautomation.com/contact/.
John

Пікірлер: 19

@eksadiss 2 жыл бұрын

IT uses VLANS to segment, it's their entire purpose. Not sure where you got the idea from that it's for monitoring switches.

@brihal7499 2 жыл бұрын

I would add that I think that the IT vs OT networks is more about kingdom building than it is about functionality. Vlans and Firewalls will help do all of this. What is not mentioned here are all the systems and services which OT relies upon, that sits on the IT network. Maybe I am missing something but I don't see the benefit of two completely different networks mostly because OT relies upon IT apps/services...

@adamgresh5148 Жыл бұрын

For a small scale operation with limited IT needs this might not be an unusual setup. It's not unusual to use a separate VPC for your monitoring, it's actually a good practice IMO. In a small enough environment it would make sense to have a "flat" network for your corporate IT environment and then a separate VPC for the network security and performance monitoring tools. Say your factory had 10-15 workstations and one or two printers plus your OT needs. Multiple VPCs in that context is probably overkill. You might have a VPC for your corp. IT, a VPC for your corp IT monitoring and then multiple air gapped networks for your OT environment, HVAC, Security Systems, etc. Hope that makes sense.

@edwardpate6128 Жыл бұрын

Well in some environments having a dedicated Vlan for network monitoring makes sense.

@jackkraken3888 10 ай бұрын

@@brihal7499Well I think I understand some reasoning. There was a Reddit post not too long ago and it seems to from that post that OT systems are 'stupid' in that to help maintain the speed of such systems the devices in them don't have a ton of intelligence that we would expect from normal IT devices for example if you send a malformed network packet to a traditional it device it's more likely to simple drop the packet but OT systems may not have that intelligence as it might slow down their operation and therefore it can cause the OT devices to misbehave.

@edwardpate6128 Жыл бұрын

Plant floor OT networks have very different requirements than IT networks. Things like very low latency, safety communications and the fact that they tend to have much larger sections that are flat layer 2 networks connecting end devices like robots, PLCs, programing terminals etc; Great video though. I came from many years in IT into OT and it was really eye opening for me! I will say that IT networks also use VLANs to segregate traffic, not just for network monitoring.

@asrithalekha4522 10 ай бұрын

is it good for starting career in OT as a fresher?.... please tell us your experience in OT

@jackkraken3888 10 ай бұрын

Im not so sure about the VLAN difference. In IT its a very important tool to segment the network for example you can have a VLaN only for VoIp system and a vlan for accoutning or sales. That way they can't interfere with one another and even bad guys will have a hard time attacking other vlans.

@BenAAlawi 4 ай бұрын

Good stuff; a question or remark! Addressing: in OT we cant say that addresses can be or are duplicated as well. They differ either by PLC address or by function codes or final Labels distinguish them from each other.

@QueLastima 10 ай бұрын

Interesting video. Good comments, too, if you ignore the haters. Thx.

@NicholasLeader0 8 ай бұрын

Network segmentation / microsegmentation / zero trust are all (security) things on an 'IT' network. Maybe if you do an updated video you could talk about security / implicit trust.

@minuterain 10 ай бұрын

In the context of your good discussion, what is meant by cyclic message?

@NicholasLeader0 8 ай бұрын

e.g. PLC en.wikipedia.org/wiki/Programmable_logic_controller

@user-lq5zk4vh9x 5 ай бұрын

IT is not whenever! DoD and Government applications have Real Time and Near Real Time requirements also.

@msukickbutt 7 ай бұрын

Ignore the haters? haha. I didn't see any haters...I see many people pointing out that he is very wrong about Vlans. Honestly...these type of videos are what create greater gaps between IT and OT departments....its the same network....OT people have a few different requirements but they have to work together. If you have a guy like this telling IT why their network is different and he is incorrect...well that just shows you why IT people don't trust OT people and are usually the bottle neck for OT projects.

@osirisptah 9 күн бұрын

Not sure where this guy gets his information from, but he's misinformed and plain wrong on most of what he says here. Just because that's how it was done 30 years ago, doesn't mean that's how it should continue today. Ask Tesla or any other majorly automated manufacturer and almost all or going to some sort of IT/OT convergence.