Risk Analysis Drives P2B Integration

June 13, 2007
Automation, compliance and reporting functions are unlikely candidates for centralization.

Manufacturing and similar industries have decided that connecting plants to business systems (P2B) is necessary to meet existing and emerging business needs. Many are now in the early stages of implementation and are starting to face the architectural trade-offs that are inherent in global integration. On the surface, the challenge appears to be largely technical, but it crosses many organizational lines and requires a collaborative analysis with executive involvement to manage risk while balancing sometimes conflicting objectives.

There are several approaches to P2B integration, ranging from shared databases to enterprise-wide communications buses, with each meeting different needs. Emerging business models require high levels of flexibility and the ability to implement a wide variety of business and integration processes. Furthermore, the nature of P2B integrations needs to be considered. They are implemented in different areas over a relatively long period of time, and this creates the opportunity for wise initial investments in infrastructure to be leveraged over many separate projects.

These needs have made an enterprise-wide bus approach a popular choice. Traditional bus implementations were done with messaging middleware and proprietary application programming interfaces (APIs). Within architectures based on services, standardized Web services might replace the API’s to form one element of an Enterprise Service Bus (ESB).

Resolve technology clashes

Information technology installed on operating sites and in corporate headquarters differs considerably. Infrastructure for enterprise environments is typically driven by enterprise application needs (such as from IFS, Infor, Lawson, Microsoft, Oracle, SAP and others) while site systems have been dominated by Microsoft technology; most suppliers of operations management and automation software require Microsoft technologies.

The enterprise bus lies in the middle. Because businesses prefer one supplier’s product—to realize the benefits of simplification and reuse—this creates a challenge for all businesses, including those with good standardization practices.

It is tempting to lay out a technical approach, optimize costs and get started. However, experience shows that this can lead to serious short- and long-term business risks. A broader perspective and evaluation is required.

Cost is clearly a very important factor in any enterprise communications bus implementation. Software infrastructure alone can cost millions of dollars. But, a low-cost, high-risk solution is seldom acceptable. There is wide variation in available solutions, and it is best to first define architecture, locate infrastructure elements (site or central or both) based on function and risk, and then address the high cost elements.

One of the primary considerations for enterprise communications buses is the location and type of applications to be integrated. Legacy corporate systems are usually located centrally, and legacy operations management and automation systems are located on site. In general, this practice shows little sign of changing, but efforts to reduce costs and share information leads to consideration of central hosting of some operational applications.

Central hosting of manufacturing applications is only acceptable when the plant can run effectively without them for extended periods. Accordingly, automation, compliance and reporting functions are unlikely candidates for centralization. Centralization also complicates risk management because it increases the number of failure modes and the uncertainty that all modes are known. Consequently, on-site location is still preferred.

When assessing risk, we must recognize early on that it is site-dependent and possibly manufacturing process- and
product-dependent. This suggests variations in site-deployed integration capabilities.

Cyber security issues have taught us important lessons related to integration. No matter how reliable communications are, we are likely to be forced to isolate sites while waiting for solutions (such as security patches) to new threats. The frequency and severity of security threats continues to increase. Consequently, systems must be designed to ensure uninterrupted plant operations in isolation for some site- and process-dependent time.

Robert Mick, [email protected], is Vice President, Enterprise Architecture, at ARC Advisory Group Inc., in Dedham, Mass.