Infrastructure

For over a decade the organisation has operated a core business network infrastructure.

This infrastructure was originally targeted only at the Aerospace sector of the business and

the company's IT solution provider Hewlett Packard including security and recoverability.

The organisations sites around the world are not all directly linked by a Business LAN, albeit some of the key systems do have instances around the world that can communicated such as SAP and PLM. Direct connection across nation borders is complex due to the legal requirements to control the flow of knowledge and information. The organisation does operate a collaboration tool called 'ForumPass' which is authored and supported by one of its subdivisions company 'Exostar'. Forumpass is a web hosted, secure data store where users can create pages similar to those of social networking sites. These pages can be linked and used as message boards, balloting tools, public document stores, information 'wiki' sites etc. The system also provides the capability to launch teleconferencing 'Webex' sessions where users can remotely view and share files and even edit them collaboratively.

While this toolset is useful for the manual exchange of discrete data and information, it does not provide a mechanism for a seamless and automated flow of information, meaning it is best suited to specific discussions on a focused topic and leading to the risk that it is

incomplete or out of date. The organisation’s PLM programme has a work stream dedicated to collaboration, and it is through this system that the exchange of technical information is planned to be enabled and controlled. The company also has a central "IT Infrastructure"

organisation which splits its scope into 6 work streams:

* Client Infrastructure

* Compute, Service Integration

* Network

* Factory and Facilities

* Programme Planning

However this function has a limited opportunity for interaction with the wide range of

business units, which do not have their own IT functions with which to interface, and so the business communication flow in to this organisation tends to be centrally and functional led rather than holistic. There is also a risk that a central function such as this, with a depth of understanding of its area of work and the legal and technical requirements, may develop solutions to meet the technical infrastructure challenges without fully understanding or developing a global requirements vision, resulting in a centrally mandated solution that does not match the business expectations.

The organisation has historically operated local factory shop floor networks for the delivery of CNC programs and basic data capture which have not been connected to the business

infrastructure. These legacy systems were non standard and little more than cables and switches with little or no security. This 'fire break' approach has been necessary due to the complexity and lack of standardisation of the machine systems on the shop floor which due to their age and customisation are unstable or insecure. Connecting these systems to the businesses LAN infrastructure would be an unacceptable security risk and where this has been done has proven to jeopardise the stability of the business infrastructure. Over the last 5 years the organisation’s Manufacturing Systems Centre of Competence has developed and deployed a standard shop floor technical 'Tech LAN' infrastructure which is still plant based but provides an improved level of security (class 3 or unsecure) at a local level, and also provides the ability to connect to the business LAN via an automated communication bridge using the Microsoft MQ to mirror files through a firewall which prevents manual transfer of data between the two networks. This is currently used to allow the DNC systems to store the master programs on a the secure business LAN where they can be recovered in an emergency and to pass them through a firewall using Microsoft MQ to a shop floor technical LAN to be deployed to the machine tools. While this is a significant improvement it means MQ is a single point of failure and the communication mechanism between the business LAN and Tech LAN is limited to the automatic transfer of files within specific folders. This is sufficient for the transfer of data but significantly constrains the transfer of information and knowledge as it is difficult to pass context and conditional informations with the data. The MSCoC is therefore starting to deploy an architecture called Tech LAN 2 which is a Class 2 network which allows dynamic interoperation between the 2 LAN domains as it is secure and supported. Tech LAN 2 does, however, push this requirement for security and standardisation further out onto the shop floor meaning the individual clients either need to be of an approved standard with sandard Virus software (F-Secure) and standardised builds with access control, or they must be connected to a buffer client which in turn is connected to the Tech LAN. Tech LAN 2 has also moved from using geographically dispersed or 'local’

tech LAN servers to using a large campus server for the entire site. There is discussion regarding the use of this server for the within-region sites e.g. the whole of the UK, however even with high availability architecture design, it is felt by some business units that this represents a too significant business continuity risk. The move to Tech Lan 2 is creating a massive standardisation workload and cost and relies on the engagement of the local business unit, but the ongoing supportability and benefits on centralised systems lifecycle management will easily offset this cost.