Manufacturing Plant Network Design: Connecting OT and IT Safely

Manufacturing networks are different from office networks in three important ways: the consequences of downtime are measured in production output, not just inconvenience; operational technology (OT) devices like PLCs and SCADA systems were designed for reliability, not security; and the physical environments — EMI, vibration, temperature extremes, industrial-grade requirements — challenge standard commercial IT equipment.

## IT vs. OT: The Fundamental Difference

The IT/OT network convergence — driven by Industry 4.0, IIoT, and enterprise integration needs — creates real security risks when the boundary between them is not carefully managed.

## The Purdue Model for Industrial Network Segmentation

The Purdue Model (IEC 62443) defines levels of industrial network architecture:

The DMZ at Level 3.5 is critical. Direct connections between Level 2/3 OT systems and Level 4 IT systems should not exist — all communication passes through the DMZ, which enforces data diodes or firewalling.

## Network Infrastructure for Industrial Environments

### Industrial vs. Commercial Switches Standard commercial switches are not rated for manufacturing environments. Industrial Ethernet switches (IES) offer: - Extended temperature range: -40°C to +85°C (vs. 0°C to 40°C for commercial) - DIN rail mounting for control cabinets - Conformal coating for dust and humidity resistance - Vibration and shock ratings (IEC 61850) - Redundant power inputs (dual PSU on a single device) - Ring topology support (MRP, ERPS) for sub-50ms failover

### Fiber Backbone in Industrial Environments Industrial facilities have significant EMI from motors and high-voltage equipment. Copper Ethernet is susceptible — use fiber for all horizontal runs longer than 15 meters in production areas.

Armored fiber provides physical protection from forklifts, heavy foot traffic, and machinery vibration.

### Wireless in Manufacturing Wi-Fi in manufacturing uses the same protocols but has specialized requirements: - Wi-Fi 6 access points rated for industrial environments (IP54+ enclosure, extended temperature) - 802.11r fast roaming for AGV (Automated Guided Vehicle) fleets — vehicles moving between AP cells need seamless handoff - Dedicated SSID and VLAN for AGVs, separate from human device access - Interference survey required in RF-challenging environments (metal structures, motors)

## Security for OT Networks

OT security is evolving rapidly after high-profile attacks on industrial systems (Colonial Pipeline, Oldsmar water plant, manufacturing ransomware incidents).

Core OT security principles:

## Converged Infrastructure: Cameras + VoIP + OT

Modern manufacturing facilities run multiple technology systems over the same physical infrastructure:

• **IP security cameras:** PoE cameras on a separate surveillance VLAN, NVR on same VLAN
• **VoIP:** Plant floor phones, overhead paging, emergency notification systems — voice VLAN with QoS
• **OT equipment:** On isolated OT VLANs per zone (assembly, paint, shipping)
• **IT workstations:** Quality, ERP, administrative — corporate IT VLANs

The key is proper VLAN segmentation on industrial-grade switching infrastructure that can handle the physical demands of the environment.

Summit DNC designs and deploys IT/OT network infrastructure for manufacturing, warehousing, and industrial facilities across California, Nevada, and Arizona. We specialize in converged networks that meet both production reliability and IT security requirements.