Cisco Industry Validated Design Guides
Secure and reliable network foundations for digitizing industrial operations
Contact Cisco
-
-
Call Sales:
- 1-800-553-6387
- US/CAN | 5am-5pm PT
Network architectures that meet the needs of both operations and IT
Use our reference network designs to simplify the deployment of IT technologies in OT and get the most out of modern industrial automation.
Reference and design guides for your industry
Manufacturing
Improve business operations by digitizing production environments.
Extended enterprises
Build OT networks using enterprise networking technology, and securely extend your IT networks to rugged and outdoor spaces.
Utilities and renewables
Modernize the power grid to improve reliability, security, and distributed renewable resources.
Cities and communities
Get your city ready for digital transformation with a network that connects distributed IoT sensors and devices.
Roadways and intersections
Improve public safety, operational efficiency, and traffic management.
Public transportation
Connect your mass transit and rail operations to improve efficiency, security, and passenger experience.
Ports and terminals
Deploy secure and reliable terminal automation to improve productivity and output.
Mining
Enable digital mining to accelerate automation and autonomous operations.
Oil and gas
Improve productivity and security of your upstream, midstream, or downstream operations.
Industrial security design guides
Get OT security that sees more, scales simply, and automates protection. Our industrial security design guides will help you to deploy industrial networks with advanced OT security features that are built in.
All industry guides
Find design and implementation guidance for industry-specific solutions and architectures.
| Industries / Use Cases | Solutions / Guides | Description |
|---|---|---|
| Industrial Security | Complying with ISA/IEC-62443-3-3 white paper | This Cisco white paper provides an in-depth overview of how Cisco security solutions align with the ISA/IEC 62443-3-3 standard for securing industrial automation and control systems. It outlines key requirements, best practices, and how Cisco technologies can help organizations strengthen their OT security posture and achieve compliance with industry regulations. |
| Industrial Security | Industrial Cybersecurity for Distributed Field Networks solution brief | This Cisco solution brief highlights cybersecurity best practices and technologies for securing industrial field networks. It explains how Cisco’s industrial security solutions help protect critical infrastructure, detect threats, and ensure reliable operations in OT environments. The brief provides insights into key challenges, benefits, and how Cisco enables robust, end-to-end cybersecurity for industrial networks. |
| Industrial Security | Gaining Visibility into Industrial Networks at Scale solution brief | This Cisco solution brief explores how organizations can achieve scalable visibility into industrial networks. It details Cisco’s approach to monitoring OT environments, identifying potential security risks, and enhancing operational efficiency. The brief outlines key benefits of Cisco’s solutions for gaining deep, actionable insights across large and complex industrial networks. |
| Industrial Security | Protecting Industrial Plants with Cisco Secure Firewalls solution brief | This Cisco solution brief outlines strategies and technologies for securing industrial plant networks. It highlights how Cisco’s integrated security solutions help protect plant operations, mitigate cyber risks, and maintain safe, reliable production environments. The brief provides practical guidance for enhancing network security and resilience in industrial settings. |
| Roadways and Intersections | Secure Cellular Roadways design guide (NEW) | This is a comprehensive overview of Cisco's validated solution for deploying secure, scalable, and resilient cellular connectivity within intelligent transportation systems. It outlines the architecture, design principles, and technologies that enhance roadway safety, traffic management, and operational efficiency. Additionally, the guide includes implementation details, best practices, and use cases to assist organizations in deploying robust and secure roadway communication infrastructures. |
| Utilities and Renewable Energy | Cisco Cyber Vision Active Discovery for DNP3 Devices white paper | This explores the implementation of active discovery mechanisms within the Distributed Network Protocol 3 (DNP3) framework, commonly used in the utilities sector for supervisory control and data acquisition (SCADA) systems. It highlights how active discovery enhances network visibility, improves operational security, and ensures reliable communication between devices in critical infrastructure environments. The white paper also discusses best practices, challenges, and recommendations for integrating active discovery into utility networks while maintaining compliance with industry standards. |
| Utilities and Renewable Energy | Transport SCADA traffic over Cisco MPLS Pseudowire Technology white paper | This document details Cisco's approach to securely and efficiently transporting SCADA traffic over MPLS-TE (Multiprotocol Label Switching Traffic Engineering) and MPLS Layer 2 VPNs. It describes how these technologies address the unique requirements of utility networks, such as low latency, high reliability, and robust security for critical infrastructure operations. The white paper also provides guidance on design considerations, implementation strategies, and best practices for ensuring optimal SCADA performance in modern utility communication networks. |
| Utilities and Renewable Energy | Securing Distributed Energy Infrastructures with SD-WAN solution overview | This document outlines Cisco’s solution for enhancing the security and efficiency of distributed energy infrastructures using Software-Defined Wide Area Networking (SD-WAN). It explains how Cisco SD-WAN enables secure, scalable, and reliable connectivity for energy operations, supporting critical applications and seamless integration across distributed sites. The guide also highlights use cases, design considerations, and best practices for deploying SD-WAN to modernize energy infrastructure while maintaining robust cybersecurity and operational resilience. |
| Roadways and Intersections | Robust Cybersecurity to Safeguard Roadways Infrastructure solution overview | This highlights Cisco's approach to securing intelligent transportation systems (ITS) against evolving cyber threats. It describes how Cisco's cybersecurity solutions protect roadway infrastructure by providing end-to-end visibility, threat detection, and secure connectivity for critical transportation operations. The document also outlines best practices, use cases, and advanced technologies designed to ensure the safety, reliability, and resilience of modern roadway networks. |
| Roadways and Intersections | 6 Ways to Secure Connectivity for Intelligent Roadways white paper | This outlines Cisco's comprehensive framework for securing intelligent roadway systems. It identifies six critical areas of connectivity, including secure device access, data privacy, and network protection, to ensure safe and reliable transportation infrastructure. The paper also provides insights into best practices, technologies, and architectures that enable secure communication and enhanced resilience in modern roadway networks. |
| Industrial Security | NIS2 Compliance for OT solution overview | This explains how Cisco’s security solutions help industrial organizations meet regulatory compliance requirements while safeguarding critical operations. It highlights tools and best practices for ensuring cybersecurity, operational visibility, and risk management in industrial environments. The paper also addresses key challenges in achieving compliance and provides strategies for maintaining secure and resilient industrial operations. |
| Industrial Security | NIS2 Compliance for Industries white paper | This document explores Cisco's approach to protecting industrial networks from cyber threats while ensuring operational continuity. It highlights strategies and technologies for safeguarding critical infrastructure, including segmentation, threat detection, and secure remote access. Additionally, the white paper provides insights into best practices for enhancing network resilience and meeting security standards in industrial settings. |
| Industrial Security | Secure Remote Access for OT solution overview | This document outlines Cisco's solutions for enabling secure and efficient remote access to operational technology (OT) systems. It highlights key challenges in OT environments, such as protecting critical infrastructure from cyber threats while ensuring uninterrupted operations. The paper also provides best practices and technologies for implementing remote access securely, with a focus on visibility, control, and risk mitigation in industrial settings. |
| Roadways and Intersections | Secure Cellular Roadways design guide | This Cisco Validated Design is designed to make roadway operations simpler, more scalable, and secure. It provides a modern and resilient network architecture for roadway operators, addressing key needs such as: automated VPNs, zero-trust access, network segmentation, and improved visibility into Operational Technology (OT) systems. The solution is built around Cisco Industrial Routers, powered by Cisco Catalyst SD-WAN, offering a secure and scalable distributed field. |
| Extended Enterprise | SD-WAN for Distribution Automation design guide | This solution overview explains how Cisco's validated SD-WAN architecture using vManage can help power utilities securely, connect more renewable energy sources to the grid, reduce operational costs, improve efficiency, and grid reliability, enhance security, and meet regulatory compliance. This document builds on the "SD-WAN for Industrial Markets design guide" in this industry guide listing. |
| Extended Enterprise | SD-WAN for Remote Condition Monitoring and Control design guide | Many industries rely on equipment and other assets deployed at geographically remote locations for their line of business to function properly. Having visibility into the current condition of these devices is critical in ensuring that the day-to-day operations work smoothly, and when something does go wrong, it can be responded to quickly for resolution. Cisco's SD-WAN solution based on vManage can work with Industrial IOT routers to provide reliable, secure connectivity for the end devices themselves, as well as other sensors, cameras, and other equipment that supports the operation of the end devices. This document builds on the "SD-WAN for Industrial Markets design guide" in this industry guide listing. |
| Extended Enterprise | SD-WAN for Industrial Markets design guide | This design guide outlines the application of SD-WAN using vManage to the IR1800, IR1101, and IR8340 Industrial Routers. It defines the incremental capabilities provided by Industrial Routers and how those can be leveraged in an SD-WAN environment to provide solutions for industrial vertical markets. This document is an augmentation of an existing SD-WAN Enterprise design case study and the launching point for additional SD-WAN vertically focused design guide documents in this industry guide listing (search for "SD-WAN"). |
| Extended Enterprise | SD-WAN for Industrial Markets solution brief | SD-WAN has emerged as a viable technology for industrial IoT markets by leveraging vManage and industrial router features to extend enterprise networking into industrial spaces. This document overviews how the combination of SD-WAN and industrial router features can be used to provide effective solutions for industrial IoT markets. |
| Extended Enterprise | Extended Enterprise solution overview | The Cisco Extended Enterprise Solution extends your IT network to the non-carpeted spaces of the enterprise, where the operations happen. The solution brings Cisco’s market-leading intent-based networking, Internet of Things (IoT) networking, and Cisco Digital Network Architecture (Cisco DNA) all the way to the IoT edge. This document targets both IT and non-IT audiences to provide a high-level overview of the solution architecture and the building blocks. |
| Extended Enterprise | Extended Enterprise SD-WAN solution overview | The Cisco Extended Enterprise SD-WAN solution offers a simplified ability to route traffic from non-carpeted spaces in a secure manner with a consistent quality of experience. This document provides IT audiences a high-level overview of the use cases, business outcomes, solution architecture, and building blocks of Cisco Extended Enterprise SD-WAN. |
| Extended Enterprise | Extended Enterprise non-fabric and SD-Access fabric Design Guide | This Design Guide targets both IT and non-IT audiences to provide a high-level overview of the Cisco Extended Enterprise (EE) solution architecture and building blocks. The EE solution captures business intent and extends it to the non-carpeted spaces of the enterprise, where the operations happen. The solution brings Cisco's market-leading intent-based networking, Internet of Things (IoT) networking, and Cisco Digital Network Architecture (Cisco DNA) all the way to the IoT edge. |
| Extended Enterprise | Extended Enterprise SD-WAN Design Guide | This Cisco Validated Design outlines the steps for both IT and operations teams to accomplish their business goals by realizing unified SD-WAN-based management for enterprise and extended enterprise deployments with the Cisco IR1101 Integrated Services Router Rugged (Cisco IR1101). |
| Government and Defense | Radio-Aware Routing with Cisco ESR6300 reference design guide | This Cisco Reference Design document describes how Cisco's embedded Industrial IoT portfolio, specifically the ESR 6300, with its support for Dynamic Link Exchange Protocol (DLEP), can be used in a variety of applications from defense to search and rescue. Focus is paid to how the ESR 6300 unique support for DLEP can help maintain connectivity in dynamic, harsh environments, even while on the move. |
| Industrial Security | Driving NERC CIP Compliance solution brief | Power utilities in North America have to comply to the NERC CIP cybersecurity requirements. This white paper provides a detailed overview of NERC CIP and how Cisco can help gain compliance. |
| Industrial Security | Industrial Security Solution Overview | Get a high-level overview of the Cisco Validated Design for industrial security. The Cisco industrial security solution is intended to be used by IT, OT, and security teams to protect the industrial network without disrupting production safety and uptime. Cisco's phased approach enables organizations to enhance their security posture at their own pace. |
| Industrial Security | Physical Perimeter Security Solution Brief | The perimeter is the point of demarcation between what is inside a zone, and what is outside. It is often the first line of defense against unauthorized access. The industrial sector, particularly those being considered as national critical infrastructure, considers physical perimeter security as an imperative measure in their physical security implementation due to regulatory compliance requirements, the nature of its operation, and the protection of high-value assets. This Solution Brief describes perimeter security that can be applied to many industrial situations. |
| Industrial Security | Industrial Security Design Guide | The Cisco Industrial Security design guide provides a phased approach to secure critical infrastructure in which each phase build the foundation for the next, so that you can enhance your security posture at your own pace and demonstrate value to all stakeholders when embarking on this journey. Content includes, asset visibility, zero trust for OT networks and cross-domain detection, investigation & response. |
| Manufacturing | Industrial Automation Networks implementation guide | Cisco's Industrial Automation Cisco Validated Design solution applies network, security, and data management technologies to Industrial Automation and Control System (IACS) plant environments and key production assets that are the core to operational environments. It provides a Cisco validated reference architecture and design and deployment guidance for customers, partners, and system implementers. |
| Manufacturing | Making Industrial IoT Simpler - Solution brief for Cisco Catalyst Center for industrial automation | This solution brief describes at a high-level the value Cisco Catalyst Center brings to operational networks in terms of network automation, assurance, and security. |
| Manufacturing | Cisco Catalyst Center for Industrial Automation design guide | This design guide describes operational network architecture and details of automation, performance assurance, and security workflows with Cisco Catalyst Center. |
| Manufacturing | Cisco Catalyst Center for Industrial Automation implementation guide | This implementation guide provides in-depth guidance on configurations and administrational details of a Cisco Catalyst Center managed operational network. |
| Manufacturing | Industrial Automation Networking solution brief | This solution brief details Cisco's validated architecture for deploying industrial automation technologies as you digitize your industrial operations. |
| Manufacturing | Industrial Automation at-a-glance | This at-a-glance brochure provides a quick overview of Cisco's Validated Design for deploying industrial automation technologies and the capabilities enabled by this architecture as you digitize your industrial operations. |
| Manufacturing | HA Seamless Redundancy in the Factory Network design guide | This Design Guide describes the High-Availability Seamless Redundancy in the Factory Network Cisco Validated Design, which provides a tested and validated architecture to deploy HSR in ring topologies in the factory Cell/Area zone (the area where the IACS and end devices (Levels 0-2) connect to the network). This document guides the reader through the high-level technology and architecture. |
| Manufacturing | Cisco Connected Factory - Converged Plantwide Ethernet (CPwE) solution site | Converged Plantwide Ethernet (CPwE), which applies to multiple industries, specifically helps manufacturers seeking to integrate or upgrade their Industrial Automation and Control System (IACS) networks to standard Ethernet and IP networking technologies. |
| Manufacturing | Cisco Connected Factory - PROFINET Solution Site | The Connected Factory PROFINET solution addresses the needs of the resilient network by providing a variety of key factors, such as operational availability, network integration, flexibility, low maintenance, better determinism, faster response-time, and low data collisions, both by physical, or by protocol, within the industrial Cell/Area Zone. |
| Manufacturing | Industrial Automation Network design guide | This Design Guide describes the solution architecture of Cisco's Industrial Automation Cisco Validated Design solution, which applies network, security, and data management technologies to Industrial Automation and Control System (IACS) plant environments and key production assets that are the core to operational environments. It provides a Cisco validated reference architecture and design and deployment guidance for customers, partners, and system implementers. |
| Manufacturing | Industrial Automation Wireless design guide | This CVD covers industrial automation wireless use cases for URWB and the Cisco Wi-Fi. It encompasses URWB for layer 2 fluidity and layer 2 extended for mobility use cases as well as fixed point-to -point backhaul use cases. Recommended design considerations and best practices using both technologies within the industrial space are included in this guide. |
| Mining | AI, Fleet Management Tele-Remote, and Autonomous Vehicles Solution Brief | This document describes how Cisco enables AI, fleet management tele-remote, and autonomous vehicles. Learn how industrial wireless powers the autonomous operations zone, driving large productivity gains, and improved mine safety. |
| Mining | Industrial Automation for Mining at-a-glance | The Cisco Industrial Automation Solution for Mining provides guidance for digitizing industrial mining environments in order to achieve significantly improved business operational outcomes. It provides network and security design and implementation guidance for mining industrial applications supporting extraction, crushing, conveyance, processing, smelting, and refining processes. |
| Mining | CURWB Deployment for Autonomous Operations in Open-Pit Mining design guide | Cisco is enabling a more safe and secure way for mines to move to autonomy and tele-remote, not only improving efficiency but also creating a safe workplace for mining employees. The solution is for next-generation above-ground mines is described in this new Cisco Validated Design. |
| Oil and Gas | Industrial Automation for Oil and Gas at-a-glance | This at-a-glance brochure provides a quick overview of Cisco's Validated Design for deploying industrial automation in process control and refineries and the capabilities enabled by this architecture. |
| Ports and Terminals | Connected Ports and Terminals Design Guide | This design guide provides a reference network architecture and design and deployment guidance and best practices around Connected Ports and Terminals with a specific focus on CURWB architecture to enable the TOS application and OT security using Cisco Cyber Vision. Also covered within this document is RF Planning, Design, Site-Survey and Installation considerations and best-practices around a ports and terminals CURWB deployment. |
| Public Transportation | Connected Mass Transit solution brief | This solution brief provides an overview of Cisco's solution for mass transit operations. |
| Public Transportation | Connected Rail Solution Brief | This solution brief provides an overview of Cisco Connected Rail solution, including key rail industry business objectives and use cases, network challenges for rail operations, Cisco Connected rail architecture building blocks with integration of Cisco Ultra-Reliable Wireless Backhaul, Internet of Things (IoT) networking and Cisco intent-based networking, and the solution benefits. |
| Public Transportation | Connected Rail design guide | This design guide provides network architecture and design guidance for the planning and subsequent implementation of a Cisco Connected Communities Infrastructure (CCI) solution, specifically as it pertains to deployment in a trackside rail context. Use cases include connectivity for passenger Wi-Fi and infotainment, Wi-Fi at stations, and segmented connectivity for non-critical rail communication systems. |
| Public Transportation | Rail Communications-Based Train Control (CBTC) and Safety solution brief | Cisco Rail CBTC and Safety Solution delivers a standard-based, redundant, and modular architecture, implementing zero trust network access to secure the rail transit systems. |
| Public Transportation | Rail Communications-Based Train Control (CBTC) and Safety design guide | This guide provides comprehensive guidance for designing the Cisco Rail CBTC and Safety solution. The guide introduces an end-to-end architecture that meets CBTC Data Communication Systems (DCS) specifications. It includes highly reliable and redundant network design for onboard, train-to-wayside wireless, trackside, backbone and core network. Additionally, this guide incorporates industrial automation security, MPLS with segment routing, Catalyst WAN Manager, Catalyst Center, Industrial Wireless Service, IW Monitor, Crosswork Network Controller, Meraki, and Frauscher axle counter technologies into the overall architecture. |
| Public Transportation | Rail Communications-Based Train Control (CBTC) and Safety implementation guide | This implementation guide breaks down the overall rail CBTC and safety solution into sections based on the location and role in the network. This includes the core, backbone, wayside access, wayside wired, onboard train, and network management. |
| Roadways and Intersections | Connected Roadways and Intersections solution brief | This solution brief provides an overview of Cisco's solution for connected roadways and intersections. |
| Roadways and Intersections | Connected Communities for Roadways Solution Design Guide | This design guide provides network architecture and design guidance for the planning and subsequent implementation of a Cisco Connected Communities Infrastructure (CCI) solution, specifically as it pertains to deployment in a roadways, highways, intersections or equivalent context. Use cases include V2X and secure connectivity of ITS equipment. |
| Cities and Communities | Connected Communities Infrastructure General Solution Design Guide | This design guide provides network architecture and design guidance for the planning and subsequent implementation of a Cisco Connected Communities Infrastructure (CCI) solution. Based on the market-defining Cisco Digital Network Architecture (Cisco DNA) and intent-based networking capabilities, CCI allows the creation of a single, secure communications network that provides a single, modular network with wired (fiber, Ethernet), wireless (Wi-Fi, cellular, and V2X) and Internet of Things (IoT) communications (LoRaWAN and RF mesh) connectivity options for unmatched deployment flexibility; Cisco Software-Defined Access (SD-Access) to virtually segment and secure your network across departments and services, each with its own policies, control, and management as needed; Cisco Catalyst Center for network automation with unified management of communications policy and security that significantly lowers operational costs. |
| Cities and Communities | Connected Communities for Cities Solution Design Guide | This design guide provides network architecture and design guidance for the planning and subsequent implementation of a Cisco Connected Communities Infrastructure (CCI) solution, specifically as it pertains to deployment in a smart, instrumented and connected city/municipality context. Use cases include connected lighting, flood sensors, and public Wi-Fi. |
| Utilities and Renewable Energy | Substation Automation Utility WAN solution guide | This solution guide describes how the Substation Automation validated design integrates into the Cisco converged transport WAN architecture. It is based on new WAN technologies such as segment routing and EVPN services. It also covers teleprotection use cases using partner products. |
| Utilities and Renewable Energy | Substation Automation – The New Digital Substation Version 3.2 design guide | This solution Substation Automation 3.2 leverages recently-added capabilities for WAN connectivity. New information includes GridTime 3000 from timing partner microchip as Substation Automation LAN Timing source. |
| Utilities and Renewable Energy | Substation Automation – The New Digital Substation Version 3.2 implementation guide | This version of this Next Generation Utility WAN implementation guide describes enabling new Substation LAN topologies that can be adopted for Station Bus and Process bus deployments. The guide also introduces a new device, Microchip GT3000 for PTP Power profile GrandMaster role with various capabilities. |
| Utilities and Renewable Energy | Substation Automation – The New Digital Substation Version 3.2 solution brief | This solution Substation Automation 3.2 leverages recently-added capabilities for WAN connectivity. New information includes GridTime 3000 from timing partner microchip as Substation Automation LAN Timing source. |
| Utilities and Renewable Energy | Renewable Energy—Offshore Wind Farm 1.2 implementation guide | This implementation guide provides in-depth guidance on configurations and administrational details of the components that are part of the offshore windfarm operational network. The guide expands the turbine operator network to include Advanced REP design for High-Availability and a standalone compact onshore substation. |
| Utilities and Renewable Energy | SD-WAN for Distribution Automation design guide | This solution overview explains how Cisco's validated SD-WAN architecture using vManage can help power utilities securely, connect more renewable energy sources to the grid, reduce operational costs, improve efficiency, and grid reliability, enhance security, and meet regulatory compliance. This document builds on the "SD-WAN for Industrial Markets design guide" in this industry guide listing. |
| Utilities and Renewable Energy | Renewable Energy—Offshore Wind Farm 1.2 design guide | Many world countries are turning to developing renewable energy sources. The United States is predicted to become a major offshore wind energy producer in the coming decade. Cisco can help with renewable energy technologies, in onshore and offshore wind farms, onshore solar farms, and onshore battery storage facilities. This document focusses on the complexities that offshore wind farms are facing and the solutions that Cisco offers. |
| Utilities and Renewable Energy | Renewable Energy—Offshore Wind 1.2 solution brief | The offshore wind farm solution guide provides an overview to address both the onshore and offshore networks. Providing an overview of security and automation plus the relevant use cases this architecture addresses. |
| Utilities and Renewable Energy | Renewable Generation Wind Farms: Enabling green technologies | Wind power is one of the most prevalent renewable energy forms and is gaining popularity globally. See how to connect and integrate renewable wind power into the grid. |
| Utilities and Renewable Energy | DA – Direct Transfer Trip Over Cellular Solution Brief | The Direct Transfer Trip solution guide provides an overview to address the DTT over cellular connectivity. Providing an overview of the solution, the underlying technologies that enable it, and the various use cases that the solution supports. |
| Utilities and Renewable Energy | DA – Direct Transfer Trip Over Cellular Design and Implementation Guide | Traditionally Direct Transfer Trip Signals (DTT) were sent between substations and remote Distributed Generation (DG) site using leased telephone lines. Cisco undertook work to design and validate key use cases over Cellular backhaul technology. This solution uses the Catalyst IR1101 rugged router, used widely in distribution automation networks today with plugin cellular modules to support the various commercial and private spectrum bands. DTT is an additional use case that can be deployed on existing Cisco IR1101 platforms. |
Sorry, no results matched your search criteria(s). Please try again.
