![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0062.jpg)
4
Files called MIBs (Management Information Bases) can be provided by
manufacturers, and are effectively a dictionary for SNMP to understand
manufacturer specific information about a device. Once again cost
must be considered, as an NMS and its attached license will generally
not come cheap. In almost any mission critical network, the benefits
gained from having an NMS on site far outweigh the initial CAPEX
(capital expenditure) and OPEX (operational expenditure) involved,
especially when troubleshooting issues on the network. An NMS will
give information in a couple of minutes that could take hours or even
days to trace down and collect manually. Just by this an NMS will pay
for itself after a couple of small issues, simply due to not calling a third
party to troubleshoot the network.
An NMS uses SNMP to gather information from devices period-
ically (called polling), and also for devices to send information to the
NMS in the case of a critical change such as a port failure on a switch
(this process is known as trapping). Along with this, the NMS will also
use protocols such as ICMP (Internet Control Message Protocol, i.e.
ping) to test uptime of devices, and will test services such as HTTP
(for web access to a device), FTP (for file transfers) etc. The NMS
will then provide all this information in a summarised format and will
provide a visual map of the network. Various alarms can be marked
on the visual map to provide a quick and easy way to view the overall
status of the network. An NMS allows network administrators to be
proactive rather than reactive by pointing out potential issues before
they become serious problems. An NMS can be closely compared
to a SCADA system in that it provides a visual representation of the
network, and monitors and possibly controls functionality.
Remote access
Remote access is another hot topic when dealing with a communica-
tions network and, as long as it is properly implemented and secure,
remote access can lead to huge savings of time and effort when trou-
bleshooting or maintaining a network and its attached devices. Remote
access refers to a user gaining access to the network and its attached
devices from a location not directly attached to the network. This will
normally use the internet as the intermediate network via which the
user gains access to the site, but can also use a private WAN (Wide
Area Network) such as a privately owned cellular network covering
the locations in question.
Using one of many VPN (Virtual Private Network) protocols availa-
ble, the user will then create a secure tunnel through the intermediate
network to the site. This tunnel will be encrypted and authorise any
users/data attempting to traverse it, so data travelling along this tunnel
will not be readable by potentially 3-4 times as long as when compared
to the actual troubleshooting process. When an issue is discovered,
this means that malicious users are in the intermediate network (which
is obviously a concern when using the internet as the intermediate
network). Users are therefore able to troubleshoot, configure or col-
lect data off devices from the comfort of their home or office, rather
than having to travel out to site or to a central control room to do so.
This can prove invaluable, especially in cases where travelling to and
from site can take a long time. In some cases in the time travel takes,
technicians and engineers can address the issue. This adds up to
reduced travel time, quicker troubleshooting response and increased
productivity in the long run. It is critical to make sure that the security
offered by the VPN router is high enough that the remote access can
be properly secured. A few years ago security for VPNs was not as
advanced as it is today, so remote access was generally never used
on mission critical networks. With improvements in the authorisation
and encryption protocols in use, a VPN can be set up that provides
stable, reliable, remote access with the peace of mind that comes from
properly implemented security. Finally, when implementing security
it is critical that internal company policies are created to support the
security system. For instance, securing your remote access with a VPN
is a waste of time if the username/password and relevant certificates
are spread around the company (and possibly outside of the company)
in an uncontrolled fashion.
Case in point
In a recent case, an unspecified mission critical network in South
Africa was providing VPN access to various third party companies
for monitoring and control purposes. After a few months, the list
of allowed VPN users was in the double digits, and suddenly it was
discovered that unknown users were using the VPN to gain access
to the network and interfering with PCs on the network that they had
no business logging into. At this stage most of the VPN connections
were cancelled and new policies were put in place to better control
the VPN access.
Fortunately, no malicious damage was caused by the unwanted
remote access, but this could have turned into a serious problem. The
cause of the issue was determined to be the fact that many of the
third party companies started sharing the VPN login details amongst
various members of the company, and eventually this became un-
controllable. Whether the unknown users had malicious intents or
not was (fortunately) not discovered before the VPN access could be
better controlled.
Conclusion
In this article we have discussed some of the most salient points that
must be covered when designing and planning an Ethernet network.
Some sites may require other protocols and features that have not
been discussed, while others may not require all the points in this
article. Every application is unique and should be planned for with
this in mind. Some set-ups that work perfectly for Application A may
not work for Application B. IP ranges and VLANs will depend on the
number of devices, their purpose and their physical locations, as well
as the overall topology of the network and the requirements. For this
reason it is important to spend time on the planning phase and invite
specialists to provide information and insight where required, in order
to arrive at the best possible network design that caters not only for
the network at hand, but also for any future upgrades or changes
to that network. Skimping on the planning and design phases will
generally lead to a network that does not perform to the best of its
abilities, and the time saved by doing so will be far outweighed by the
additional time wasted on troubleshooting and design changes during
commissioning and live running phases.
References
[1] IEEE1588/PTP. 2008. Standard for a Precision Clock Synchronisa-
tion Protocol for Networked Measurement and Control Systems.
[2] IEC61850. 2011. Communication Networks and Systems in
Substations.
60
ENERGY EFFICIENCY MADE SIMPLE 2015