Siemens Switzerland is relying on Fortinet for building technology networks
You can’t ignore security – and that also applies to building technology. At Siemens Switzerland, the technical IP
networks are protected by Fortinet switches and next-generation firewalls – both in customer projects and for their
A significant division of Siemens, the global technology group, is dedicated to building automation and energy technology; Siemens Smart Infrastructure (SI) offers its customers consulting, systems integration and services for secure, energy-efficient buildings and infrastructures. The global headquarters of Siemens SI are located in Switzerland, while the regional company Siemens Switzerland supplies its Swiss customers with comprehensive building technology solutions, including all relevant components – from fire detectors and video surveillance solutions to access control products.
“Recent years have seen building automation increasingly relying on digital technology,” explains Roger Hiestand,
Head of IT Security at Siemens Switzerland. Where analog video cameras were once used, digital cameras are now commonplace. This requires an IP-based network with switches and other network components for data transmission. “In the past, each department procured the relevant components itself, taking different manufacturers into account,” says Hiestand.
Using FortiSwitch and FortiGate gives us fundamental security for technical IP networks at low cost.” – ROGER HIESTAND Head of IT Security, Siemens Switzerland
“There was no standard and no central management.” However, the goal of his ISC department is to standardize the IT components used in Siemens Switzerland’s customer projects. At the same time, projects under the banner of Industrial IoT (IIoT) are set to increasingly shift their focus to security.
Segmentation: a basis for security
Segmentation of the IIoT network using VLANs is a core element of the new IT portfolio developed by Hiestand and his eight-person team. The idea was for it be as simple as possible to set up, centrally manage and implement with products that are compatible with IIoT projects – both in technical and pricing terms. The data throughput is relatively low compared to traditional IT solutions, with numerous smaller, distributed switches replacing the model of a few central switches with lots of ports.
Roger Hiestand weighed up several options before deciding in favor of Fortinet’s products, which underwent a successful test phase. This resulted in close contact with Fortinet’s Swiss subsidiary and with BOLL Engineering, the value-added distributor. “When it came to choosing a partner, proximity was important to me. When we develop a concept, we want to talk directly to competent specialists,” says the IT security manager. Proximity to the manufacturer was guaranteed thanks to the Fortinet subsidiary in Dietlikon and a dedicated contact. And BOLL won Siemens Switzerland’s Head of IT Security over with its clear focus on IT security. The chemistry was right too, as Hiestand explains: “BOLL’s staff are extremely customer-focused and skilled. BOLL is a strong partner with extensive expertise, its own training department and its own warehouse. This is another important factor, because we can’t wait long for the ordered goods to arrive since our projects run to such tight schedules.”
Greater security with next-generation firewalls
Mid-2017 saw the switches previously used in technical IP networks replaced by Fortinet’s powerful FortiSwitches. The technicians working in the field saw little change at first, as even the new devices weren’t centrally managed to begin with. Hiestand’s department then held security training sessions throughout 2018 and added firewalls from Fortinet’s FortiGate range to the portfolio. “This means we can now manage everything centrally and integrate it into our security fabric. We’re achieving fundamental security with little effort.” FortiGate 60E, 100E and 100F appliances are used in customer projects nowadays. The switches are usually models from the 100 series; the FortiSwitch 124-FPOE with an Ethernet-based power supply for video cameras often plays a key role.
“The fact that the smaller FortiGate models were previously only capable of managing eight switches was a problem for us. That’s not enough to meet our needs,” adds Roger Hiestand. This meant they had to use larger FortiGate models in numerous projects due to the considerable number of switches – even though the performance of smaller firewalls in the FortiGate range would have been more than sufficient. To discuss this issue with the supplier, Hiestand got in touch with the relevant product manager at Fortinet. Luckily, the partner was flexible – since FortiOS version 6.2, the smaller FortiGate boxes now also support management of up to 16 switches. “This is hugely helpful to us and shows that Fortinet is extremely customer-focused and interested in listening to its customers and partners,” says Hiestand enthusiastically.
“BOLL is a strong partner with extensive expertise, its own training department and its own warehouse, and short delivery times to boot.” -ROGER HIESTAND Head of IT Security, Siemens Switzerland
Successful projects implemented
The Siemens SI headquarters in Zug are a showcase project for the new network and security portfolio. Siemens Switzerland has set up a Fortinet-based IIoT core network for the newly constructed building – with 35 FortiSwitches and two 300E FortiGates configured as failover clusters.
SieFortiSwitch and FortiGate for the IIoT: the highlights • Affordable switches with eight to 48 ports • Robust segmentation • Smooth integration into the Fortinet security fabric • Next-generation firewalls with ASIC acceleration • Switch management: up to 16 (FortiGate 60E/F), up to 32 (FortiGate 100E/F), up to 48 (FortiGate 300E) mens’ own Scalence switches can still be found on the final level, in the switch cabinets of the individual building areas. Roger Hiestand: “This proves that we can use our standard solution from the portfolio and integrate other solutions at the same time.”
The next job for the ISC team was to start work on Siemens Switzerland’s new site. The former Steinhausen and Volketswil sites were brought together on the Siemens campus in Zurich, where – in addition to the Siemens network which holds responsibility for general IT – there is a “TechNet” which they use for simulating customer projects. Each workstation and meeting room is equipped with a dedicated network cable that provides access to this technical IP network. Currently, the TechNet consists of a core area with two 524D FortiSwitches, 14 424E FortiSwitches and 44 access switches from the FortiSwitch 100E series. Two 100F FortiGates are used for central management and security, supporting the operation of a 10-gigabit ring. This means that all 60 switches can be managed in combination with another 100E FortiGate. The TechNet contains about 1,500 ports in total and offers a separate VLAN for each department. What’s more, there’s an entire WLAN infrastructure for the TechNet with 16 access points at present; not just useful for the company’s own employees, they are also used as a test environment in planning out comparable building network WLAN solutions for customers.
FortiSwitch and FortiGate for the IIoT: the highlights
• Affordable switches with eight to 48 ports
• Robust segmentation
• Smooth integration into the Fortinet security fabric
• Next-generation firewalls with ASIC acceleration
• Switch management: up to 16 (FortiGate 60E/F), up to 32 (FortiGate 100E/F), up to 48 (FortiGate 300E)
ABOUT SIEMENS SWITZERLAND
Siemens, the technology group founded by Werner von Siemens in 1847 which has long since become a major global player, first entered the Swiss market when it built the Wynau power plant in the canton of Bern. Over the ensuing 125 years, Siemens has continuously developed its areas of activity. Today, the regional company Siemens Switzerland employs a staff of over 2,200 and in 2019 generated revenue of CHF 798 million. A total of more than 5,700 employees work for the Group in Switzerland at over 20 locations, one of which is the global headquarters of the Smart Infrastructure division, which focuses on building technology and energy systems.