Skip to main content

Manufacturing Lab Setup

This guide explains how to set up a virtual lab environment simulating Manufacturing network segmentation using Xshield Gatekeeper.

Prerequisites

Please complete the basic lab setup steps described in the Lab Setup Guide before proceeding with this guide. If similar lab built earlier exists on the tenant, please remove the lab before proceeding to build the lab using following procedure - see section Remove Manufacturing Lab Environment below

Setting Up the Manufacturing Environment

  1. After completing the basic lab setup, run the Xshield Lab utility:

    python3 xshield_lab.py

  2. Select Option 3: Create Lab Environment for Gatekeeper
    Submenu appears with environment options to choose from

  3. Select Option 7: Manufacturing: [✓] Manufacturing environment with MES, PLC, HMI systems, and industrial automation controls Submenu appears with Integrations options to choose from

  4. Select desired option for Integration. If no Integration is desired select options that says ‘None’

  5. Wait for the gatekeeper and assets to appear in your tenant. Make sure assets go to Managed mode or move them manually. You should see preconfigured traffic paths between assets.

  6. At this point you are ready to use the lab.

If you would like to customize lab with inbuilt tags, tag rules, templates, segments and named networks, proceed to next section – Customize Lab Environment.
You may also choose not to customize and build tag rules, templates, segments and named networks on your own depending on your use case.

Customize Lab Environment

  1. After completing the Manufacturing lab setup, run the Xshield Lab utility:

    python3 xshield_lab.py

  2. Select Option 7: Customize Lab Environment

Note: If you have customized lab and desire to re-customize for any reasons, it is recommended to remove Manufacturing lab customization by selecting option 3 – Remove Manufacturing Lab Customization

  1. From the submenu select one of the options
    • Select Option 1: Rename Assets using Agent prefix – To rename assets for better organization for your use case. Renaming assets may help build appropriate tag rules, searches etc.
    • Select Option 2: Customize Manufacturing Lab - Assign Tags, Named Network, Templates, Segments via csv inputs – This will set tags, and build tag rules, templates, segments and named network using predefined csv config files supplied with the virtual lab.

At this point you are ready to implement policy as desired. Certain traffic paths are excluded from the inbuilt templates which can be used to demo policy enforcement storyline. Additionally, a custom tag BreachRisk when changed from Low to High or Extreme, will disallow certain traffic or isolate Filler and Packer sections from other segments respectively. This breach response would allow continuing production without shutting down OT system. This function can be used to demo an active breach scenario.

Remove Manufacturing Lab Environment

Removing lab environment is recommended when you no longer need the environment or if you are going to rebuild the same lab environment or if you want to build different environment.

  1. To remove Manufacturing lab environment, run the Xshield Lab utility:

    python3 xshield_lab.py

Note: Next two steps may take a while to complete. These steps are required only if you have customized the lab environment. If you haven’t customized, proceed to step 4 directly.

  1. Select Option 7: Customize Lab Environment

  2. Select Option 3: Remove Manufacturing Lab Customizations

  3. Run the Xshield Lab utility again

    python3 xshield_lab.py

  4. Select Option 8: Remove Lab Environment

  5. Verify that Gatekeeper, Assets and Tag Rules, Segments, Templates, Named Networks, that were built through lab customization, are removed from the tenant.

Recovery Instructions

If you need to rebuild the lab environment after a host restart:

  1. Follow the Lab Environment Cleanup instructions
  2. Return to the Setting Up the Manufacturing Environment section above