Automated mapping of OT devices to the Equipment Model

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Automated Mapping of OT Devices to the Equipment Model

    The automated mapping of Operational Technology (OT) devices to the Equipment Model enables managers to efficiently connect OT devices to their respective production processes. This is crucial for addressing vulnerabilities and managing workflows involving OT devices effectively.

    Show full answer Show less

    Key Features

    • Automatic Mapping: Links OT devices to ISA equipment model entities through IP addresses, simplifying device-to-process relationships.
    • Subnet Management: Supports uploading and storing OT subnets from trusted sources, allowing for organized records within ServiceNow.
    • Role-Specific Functions: Different user roles (System Admin, ISA Admin, ISA Editor) have specific tasks related to the mapping process.
    • Plugins Required: The Operational Technology Manager and Manufacturing Process Manager plugins must be installed for full functionality.
    • Guided Setup: Use the Manufacturing Process Manager guided setup for easy configuration of automated mappings.

    Key Outcomes

    By implementing automated mapping, customers can:

    • Minimize conflicts arising from reuse of private IP address ranges across sites.
    • Automatically associate OT devices with the correct equipment model entities, improving workflow efficiency.
    • Quickly identify unmapped OT devices or those not assigned to a site, facilitating better management.
    • Easily manage and create OT subnet mapping records, ensuring accurate device mapping.

    Automate mapping of OT devices to the production process.​

    When OT managers experience vulnerabilities or need to manage workflow involving OT devices, the context of how the OT device connects to the production process it automates is critical to prioritizing work. ​ ​Automatic mapping of OT devices to ISA equipment model entities enables the view of device-to-process relationships​.
    Note:
    Only one subnet range per site is supported. Two different sites can have the same subnet; for example, 192.168.101.0/24. But multiple subnets of the same range are not supported for the same site. It is recommended that you use manual mapping in this scenario.

    Key benefits

    • Upload and store OT subnets from authoritative sources (such as NetDB or Firewalls) as records in a ServiceNow ​ instance.
    • Automate assignment of OT devices to ISA entity using IP addresses and OT subnet
    • Minimize issues with reuse of private IP address ranges across multiple sites​

    Industrial networks use subnets to divide the private IP address space with a single subnet often aligned to a part of the production process, or the equipment model entity. For example: A canning line runs on a 192.168.101.0/24 network in which all the equipment was programmed by the integrator. The IPs used by the control systems, or OT devices, are often hard coded into the automation software used to run the line. If the subnet maps to the canning line in the Atlanta site, a manager can automatically map a detected PLC with IP 192.168.101.66 to the canning line.

    The mapping feature relates each subnet to an equipment model entity, enabling you to automatically map OT devices to the subnets associated with the equipment model entity based on the IP address that was reported upon import from an OT Certified integration or ServiceNow® Discovery for OT.​

    A system administrator can import OT subnet mapping records. An ISA administrator can automatically create mappings of subnets to equipment model entities through a scheduled job flow. An ISA Editor can manually create mappings of an individual OT device on-demand.

    Automated mapping feature personas

    The automated mapping feature is aimed at the following personas.
    Table 1. Personas for automated mapping
    Persona Description
    System Admin The System Admin performs these tasks:
    • Imports data into the OT subnet to Equipment Model Entity Mapping table
    • Activates, schedules, or manually triggers the OT Subnet Mapping scheduled flow
    ISA Admin The ISA admin manually triggers the Map all OT devices UI action from the OT Subnet Mapping list view.
    ISA Editor The ISA editor performs these tasks:
    • Manually creates and updates OT subnet mapping entries for specific sites
    • Maps individual OT devices to an equipment model entity from an OT device record
    • Maps multiple OT devices to an equipment model entity from an OT subnet mapping record

    Plugins

    Enabling the mapping feature requires the following plugins:

    If the required plugins are installed, an ISA administrator can access the subnet mapping feature from the Industrial Process Manager application menu.