The Allen-Bradley Stratix 5900 services router is the first in the Rockwell Automation network product portfolio to deliver virtual private network (VPN) and firewall capabilities simultaneously. These capabilities make the router well-suited for securing cell/area zones, as well as connecting to a cell/area zone from a remote location over an untrusted network.
The Stratix 5900 services router expands a portfolio of jointly developed industrial products from Rockwell Automation and Cisco that are helping manufacturers build a unified, secure environment from the enterprise to end devices in an industrial automation control system. With VPN and firewall capabilities, the router restricts and regulates communication to help ensure a security perimeter is maintained and information exchange crossing the security boundary is not tampered with or interrupted. VPNs can also create a secure tunnel for server-machine communications to help protect cell/area zones from other machines in the facility. Firewall capabilities can monitor and block an input or an output that does not meet the firewall’s configured policy. When combined, VPN and firewalling create a more robust, more secure network.
“Rockwell Automation is helping industrial control system customers address both IT and industrial automation security challenges by collaborating with Cisco and other industry leaders to drive network infrastructure convergence and help integrate technical and business systems,” said Doug Wylie, CISSP, director, Product Security Risk Management, Rockwell Automation. “Through their collaboration, manufacturers have products – like the Stratix 5900 services router, along with the educational resources and global services they need to bridge the technical and cultural gaps between plant-floor equipment and IT systems.”
The router also enables manufacturing locations to connect to and communicate with remote locations and substations. For example, a remote machine – whether 100 feet or 1,000 miles away – can connect to a plant-based machine using the services router. This is a common application for the oil and gas and water wastewater industries where equipment dispersed across vast distances needs to communicate with each other to operate a common process.
The ruggedized Stratix 5900 services router runs on Cisco IOS, and includes a wide area network (WAN) port and four Fast Ethernet-ports. The hardware includes embedded features such as: Network Address Translation (NAT), NBAR protocol filtering, Access Control Lists (ACL) and Quality of Service (QoS) for prioritization. It has extended shock and vibration capability, comes with a DIN rail mount, and operates in a temperature range of minus 25 C to 60 C making it suitable for industrial applications.
The Stratix 5900 services router is currently available and complements the full portfolio of Stratix switches and the Allen-Bradley ControlLogix EtherNet/IP secure communication module (1756-EN2TSC) from Rockwell Automation.
About Rockwell Automation
Rockwell Automation Inc. (NYSE: ROK), the world’s largest company dedicated to industrial automation and information, makes its customers more productive and the world more sustainable. Headquartered in Milwaukee, Wis., Rockwell Automation employs over 22,000 people serving customers in more than 80 countries.
For more information: •Best Practices for Security and Defense Strategies: Design considerations for securing industrial automation networks.
•Stratix 5900 services router graphic: http://flic.kr/p/hvVsG4
Allen-Bradley, ControlLogix, LISTEN. THINK. SOLVE., Stratix and Stratix 5900 are trademarks of Rockwell Automation Inc.
Cisco and Cisco IOS are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries.
EtherNet/IP is a trademark of ODVA