Industrial network for monitoring rail systems

BLT has a 65 km long tramway network in the Northwest Switzerland region. Technical installations are distributed along these lines to enable the operation of the trams. CTE was commissioned to plan and implement a network infrastructure to reliably monitor and control these systems with a modern telecontrol system. The assignment included:

• Analysis and advice for the BLT project team

• Highly available and secure network

• Virtualisation / HCI Cluster

• Backup system

• System Monitoring

• Network management

• SMS alerting

In a first step, after analysing the initial situation for the customer, a consulting report was created to help decide on the right solution. A specification sheet then formed the basis for the development of a final concept for system networking.

The appropriate hardware was also evaluated, taking the requirements into account. This included switches suitable for use in industrial environments. This means that they are compact and designed for DIN rail mounting, and can also be used in extended temperature windows. In addition, specific optical modules have been installed, which allow transmission of up to 40 km. For redundancy reasons, the topology was divided into several rings according to a previously developed scheme.

The Media Redundancy Protocol (MRP) was used as the redundancy protocol for the implementation. The protocol recognises the failure of a line interruption or the failure of a network component and reroutes the traffic in less than 200 ms. It is therefore ideal for industrial environments.

After initial experience with the use of virtualisation in the BLT data center and a shared firewall, the implementation was optimised. On the recommendation of CTE, an independent virtualis
ation and firewall was used, which is specially designed for the needs of industrial systems. This ensures a clear separation between industrial IT and office IT.

This approach has proved successful and the solutions developed by CTE have been put into operation without any problems. Moreover, the network continues to grow: In the end, there will be over 120 switches and 1,200 components in the network. High-availability virtualisation as well as several zones and perimeter firewalls were deployed. All systems are monitored via a system monitoring system and the on-call service is notified in the event of a failure. The 120 switches are managed via a central switch management system. A network access control system is used as well as a zone concept through segmentation according to current cybersecurity standards. The required applications are hosted on a highly available virtual infrastructure and protected by a backup and disaster recovery system.

Even after commissioning, we support the entire life cycle of the systems used. This includes updates and the maintenance of all systems provided by CTE. In addition to maintenance, CTE also offers an on-call service in the event of system failures.