This project involved designing and implementing a robust, secure, and scalable network infrastructure for a large manufacturing plant with multiple operational zones.
The key objective was to ensure reliable connectivity, industrial-grade performance, and strong network security across different environments within the plant.
To achieve this, we deployed Industrial Ethernet switches specifically for critical systems like PLC and SCADA, ensuring stable communication in harsh industrial conditions. For end-user connectivity and enterprise services such as BMS and security systems, we implemented access switches to provide seamless and controlled network access.
The network architecture was built using a core and distribution layer design, enabling efficient traffic flow, better redundancy, and simplified management. Each section of the plant was carefully mapped, and switches were strategically placed based on operational requirements and physical locations.
For security, we deployed a next-generation firewall in High Availability (HA) mode, ensuring continuous protection with zero downtime in case of failure. This setup provided secure segmentation between industrial and enterprise networks, protecting critical systems from potential threats.
The project resulted in a highly resilient, secure, and well-structured network, capable of supporting industrial operations, enterprise services, and future scalability while maintaining strong performance and reliability across all plant locations.
If I were to execute this project again, I would focus more on advanced planning and future scalability from the beginning. One key improvement would be deeper network segmentation, especially between industrial systems like PLC/SCADA and enterprise networks, using more granular policies on the firewall. This would further enhance security and reduce risk. I would also invest more time in detailed documentation and automation, such as standardised configurations and monitoring setups, which would make ongoing management and troubleshooting faster and more efficient. Additionally, I would plan for higher redundancy at the access and industrial layer, not just at the core and firewall level, to ensure even greater reliability in case of localized failures. I would include more proactive monitoring and alerting tools from day one, so that any network or security issues can be identified and resolved before impacting operations.
