I/O Device Requirements and Restrictions
I/O devices in a high availability system that is
CIP Security™
-enabled have the following requirements and restrictions.Cannot Use CIP Security to Protect Communication to I/O Devices
In a high availability system, you cannot use
CIP Security™
to protect communication to I/O devices directly. CIP Security™
does not support Datagram Transport Layer Security (DTLS) communication to I/O devices in
a high availability system.You can use alternative methods to protect communication to I/O devices. The following
sections describe these methods.
I/O Devices on a Converged Network
If your system operates with a converged I/O network, you must include a firewall to create
a trust zone around the redundancy chassis pair and the I/O devices that they operate.
IMPORTANT:
You must configure the firewall to restrict access to all unsecured Ethernet devices in
the chassis and all I/O devices that are connected to them.
Converged I/O Network
Item | Description |
|---|---|
A | Manufacturing zone |
B | Firewall |
C | Converged I/O network |
I/O Devices on a Non-converged Network
If your system operates with a non-converged I/O network, you are not required to include a
firewall between the application’s manufacturing level and I/O devices. When you use a
non-converged network, there is increased security for the communication between the
controller and the I/O devices.
Non-converged I/O Network
Item | Description |
|---|---|
A | Manufacturing zone |
B | Non-converged I/O network |
Provide Feedback