Network Security and Segmentation

Network security practices within Converged Plantwide Ethernet define the usage of zones and conduits to segment assets within an industrial automation control system. When using FactoryTalk Analytics GuardianAI it is suggested to follow the CPwE Design Implementation guide (Converged Plantwide Ethernet Design) to isolate PowerFlex Drives into various zones. Also segmenting the zone where the edge node running FactoryTalk Analytics GuardianAI is a best practice. Furthermore, augmenting these zones and conduits with enhanced physical security is also a best practice as defined by Physical Infrastructure within CPwE architecture (Physical Infrastructure within CPwE Architecture). As the CPU and memory requirements for FactoryTalk Analytics GuardianAI are imposed at runtime, it is critical that the edge node hardware selected meets the minimum requirements specified and is protected within a defense-in-depth zone. FactoryTalk Edge Manager nodes will automatically enforce the minimum requirements to run FactoryTalk Analytics GuardianAI (FactoryTalk Edge Manager).