It has interesting capabilities, but management looks less than appealing. Not to mention that CIP Security support is still rather rare in the field, much less in drivers. (It is on my to-do list...)
We're using Ignition now for 10 years and it's always been on a Windows machine (either Windows server 2012 - 2019 or Windows 7 - 10; I'm a windows guy for 38 years now, sorry 
). And they're Vison only (no Perspective).
And I never had ANY problems neither with hardware (PC) or software (Ignition). I have one Ignition gateway with redundancy on two physical servers (because a client requested it) and it's running now for four (4) years (from the start) without restarting Windows.
But, I always have full control (admin) for every PC, either Gateway or client PC. I always insist on that. Either that or we don't take the job.
I must say, that all the IT departments that I had to deal with, were OK. Some of them I also had to teach how to do their work...
I would say that Windows and PC world isn't any worse (or better) than the Linux world. They both have their quirks. It all depends on how you set it up...
Just my two cents...
Our OT system is 100% in our own control. Our SCADA network is separate from IT and we only interface with them on a few datapaths where we send data up for public facing display. I thought that was the norm to be honest.
For our shop, the IT folks only control the backbone that shuffles data around to our area "nodes" where there is both an OT switch and an IT switch. IT manages that level, splitting traffic using VRF's. Each "workcell" is typically split off again using a router OT controls to create individual machine centers where an operation lives, the PC's OT uses in the production process are mostly Linux running custom software (unless a vendor provides something else) and located either in the machine center or plugged into the OT switch... for things like Ignition, IT provides the hardware running Hyper-V but OT maintains all our own VM's on it where we control everything and it includes things like Ignition/LibreNMS/Custom MES stuff/etc.... mostly running on Linux.
I don't know if it is normal but our OT is really more like OT+IT+Dev for operations and our IT is more like ERP + office PC's + network + helpdesk. It was a long set of conversations that got things to the state but it works pretty well for us to have deep control into everything production on the OT side so we can focus on stability and uptime. It is worth noting that I used to run the IT side of things previously so for the OT group to staff IT/Network/Dev skill sets in OT is quite natural in our environment.
1 Like
This is one of the reason the merging of IT and OT has been difficult for many companies.
I don't think having the Gateway installed on a virtual server is not really a good idea because of things like installing updates without being tested, rebooting.
Forced inadequately vetted updates that trigger an unplanned reboot; it sounds like we're talking about windows.
1 Like
Yes, it was referring to Windows which unfortunately is prevalent in the process industry. I must say I have never seen a Linux machine running a plant.
Sorry, I put two negatives in my previous comment.
1 Like
Normally the production network and the office network sit in different levels of the Purdue(ISA 95) model and yes it should not happen.
Sadly, many IT departments want to put all of the Level 3 servers on the other side of the DMZ, or in the DMZ.
Yes, you are right. They don't understand how critical the network traffic is on the production floor.
We are very lucky to have all the systems infrastructure under our control, just the office laptop/desktops are IT control.
The virtualization enviroment as well as switches are separated to avoid downtimes and lack of response and maintenance, since IT has not enough people in our plant, just 3 people for a 1000+ employees site.
We decided keep it separated a few years ago, even we have dedicated firewalls and separated domains.We are part of a group with more than 8000 employees, and talking to other people from other industries, I can asure most of them has not an IT departament big enough.
1 Like
Thats the point!!
Long story short, I use to work at a place like this. The place I work now is different.
If IT does not mind the request their isn't much you can do.