Our company IT department approached me with a project to add a separate management VLAN onto our DeltaV Primary and Secondary Cisco switches (3750) for monitoring in SolarWinds. The switches themselves definitely support management VLAN configuration, but I'm not exactly sure how to answer them. The switches are physically isolated from the rest of the company's networks. I was assured that while adding a management VLAN will physically bridge the switches into the corporate domain, the network and data will be unaffected.
Has anyone done this before? Is this even supported or recommended by Emerson? Will this open up our network to extra security risks? Can this possibly affect the operation of controllers and workstations?
Thank you.
James Suisse
In reply to AdrianOffield:
Hi,
I would recomend keeping the Process Lan to itself. If you open a pipe outside there is always the risk that somebody can get in trough it :(
In the picture you can see the recomended network layout.
Here is a document you could read:
www2.emersonprocess.com/.../DeltaV-Cyber-Security-Flyer.pdf
Niklas Flykt
Klinkmann Oy
Key Account Manager safety products
nikfly@gmail.com