OT Industrial Robot surrounded by IT Servers. Symbolizing IT/OT Convergence.
Podcast

All Things FactoryStack & PharmaStack PT 2 (Heads in the Cloud Podcast)

4IR Solutions CEO James Burnand and CTO Joseph Dolivo continue to break down FactoryStack and dive into the inner workings of the platform.

James Burnand:

Hi everybody, and welcome to the Heads in the Cloud podcast with me, James Burnand and Joe Dolivo. We're missing our MC and host, GI today, so we will do our best without him, so no fancy introductions and the level of excitement will be down to my level. So Joe, welcome to the podcast today. I know what we talked about last time was a little bit of the history around factory stack and where we were and how we got to where we are. I think today, the idea was to talk a little bit more about some of the actual functions and features and technologies that are being used inside of the platform, and how and why those are important today as well as as you look forward. So maybe you want to kick it off?

Joseph Dolivo:

Totally. Yeah, and I think Darth Vader did a pretty good job covering for me last week, and Geralt for you. But I think this is a good topic and this is where I think we wanted to go next, and I brought along a shirt for the occasion which I don't know if you can see it but it's a very nice meme which says, "There is no cloud, it's just somebody else's computer." And there's a lot of ways to interpret that but I think where it's relevant for us is the cloud itself we talk about in terms of the enabling technologies that are cloud adjacent, I'll say, and that could be things like hybrid cloud, that could be things like containers, that could be things like version control and there's a lot of complexity in there. And a big thing that we've been trying to do is to take the best and brightest from the IT software worlds and distill them down into real nice practical ways for folks to use those in the manufacturing space, and that's really what factory stack is.

So you look at it going down a level, at a technical level, we talked last time about where it came from and how it's really all about this managed service that we're providing, so we're taking the headaches out of managing OT, that's what we're basically providing. But it lives in a couple of different areas. It lives inside of the cloud, meaning a public cloud, so an Azure or a GCP or an AWS, and then for a lot of customers, there's something that's living on premise. So that's either an edge device or that's some kind of a more of an industrial server, but there has to be something... Because we're in manufacturing, at least not yet, we can't just trust that all the sensors are going to have integrated 5g, they're going to push everything up and if you lose connectivity, it's okay. That's not really practical for manufacturing. So there's this lower level infrastructure layer of collecting data, providing fallback control, and that's all wrapped in some of these tools and technologies that we talk about, so that's where it starts out.

And then you look at what does factory stack layer into that? It's building some of these, again, tools and technologies into that, and one thing that's very, very different from factory stack than what you'll see in most other let's say SaaS applications targeting the space is you have your own private virtual network, and that's really, really important because especially with all the security concerns that you hear about all the time and even for things like data residency requirements, data sovereignty, where customers expect data to be in a certain location, we need to have pretty much full control over the underlying computed infrastructure and storage infrastructure that's storing all of this data. So we provision these totally isolated environments per customer, and everything that we're going to deploy in there, which we'll talk about, is basically living inside of there. So I don't know if you wanted to elaborate on that, James, and then we can talk about some of the tools and pieces that go into that virtual network, if you will.

James Burnand:

Yeah, I would say totally isolated is maybe a bit of an overstatement, but conceptually, it's kind of like setting up a VLAN or a segment of a network that's dedicated so there's no... In the old controls world, you're minimizing multicast traffic going to PLCs, you're minimizing the chance of somebody potentially installing or doing something on another network that then creates problems with your controls network. Because again, your controls network and your controls devices are extremely sensitive to time, so you can't afford packet storms. You can't afford to have downtime on your PLCs or your SCADA systems because these are operating real time equipment. These are things that you measure downtime with figures of dollars because every minute counts.

It's also one of the issues that really created some of the need for FactoryStack, is that it's really hard in that kind of an environment where it's very expensive to upgrade and update software versions. It's very difficult sometimes to manage how that process takes place, and even things like applying basic security principles that have been done in the IT space for a long, long time, it's much more difficult to do that in the OT space because of the requirement of uptime of all of the equipment and the computing infrastructure and the PLCs and everything that's operating down there.

So when you start to look at, hey, what does cloud do for me? What does containerizing my applications do for me? It gives you all sorts of opportunities to now take advantage of more IT centric and IT standard policies, which makes you more secure, which makes it easier and faster to deploy, to update, makes it cheaper to operate. You can now do these things easier because of some of the enabling technology that you get by looking at a cloud or a hybrid cloud or cloud edge sort of a scenario.

So the technologies that go into that, there's a whole bunch of different ones, but conceptually, what we're trying to do is to make that transition easier. We believe that transition's coming, whether you want it to or not, in the next, my prediction's probably 10 years before we really get to people really embracing a full cloud based infrastructure, but hybrid I believe is something that you'll see now to the next three years, it'll start to become really, really mainstream for most manufacturers because it's really not that far of a leap. You still have physical infrastructure on site, you still operate the critical workloads that you need to inside of the four walls of your building, but you're able to more intelligently take parts and pieces of what you do and use these really efficient cloud service offerings to be able to make them more effective and more cost effective.

Joseph Dolivo:

Totally. If you look at what actually goes into this now, so you take an example of an application like Ignition. So Ignition right now is the core of what we're providing, both with factory stack and with pharma stack, and you can deploy that application either at the edge or in the cloud or in both in most cases in a hybrid cloud approach, and Ignition is very well architected for doing that. And you can of course go and install Ignition yourself. It's three minutes. They make it very, very easy. The cloud edition is going to get even easier to basically get it spun up, but then when you want to start doing real work with it, this is where you're going to need a database. You're going to have to make sure that your security model is practical for your environments, you're going to have to tie in with other services. And so Ignition's Best Practices Guide is great for helping you walk through some of those. They've got a separate guide for how you can integrate version control, and so they give you all the different building blocks.

And so what we're trying to do is to basically provide you a pre-configured and managed set of all of these that are pre-configured to work together. And it's not just the spinning up, because the spinning up is nice, it's great for demos, it's cool, I can spin up infrastructure in 15, 20 minutes, but it's the ongoing maintenance of that. And that's where we found with, especially a lot of OT software, you tend to fall short because it's nobody's primary job in typical cases to maintain those applications, to lifecycle them, to do updates, and so that's something that we're basically providing. So if you say I want to buy one factory stack please, or one pharma stack, that's one of the applications. The application that we're built around right now is Ignition as a starting point.

James Burnand:

I would say the other thing is that most end users aren't technical enough to really understand all the intricacies of what they get supplied from a systems integration company. And I will say, I'm going to put my hand up and admit, in the past, I might have installed a database or two with the SA password being something very short and very simple and that being the only way that records were inserted and updated. The sad part was that that was the norm way back when I didn't have any gray hair because our whole focus was get it working, the database is just a place where we put stuff and take stuff. The concept of really building in proper security to that application in terms of authentication, minimum level of access rights and proper data management policies and backup policies, these weren't things we really thought about as a systems integrator. We just thought about how to get it working.

The danger with that approach right now is, number one, is if you do that, number one, the end user doesn't really understand that you're doing it, but the integrator gets to slip by without the liability because it's installed in a relatively isolated network segment and the odds of something happening are somewhat lessened by the fact that it's typically behind a corporate firewall and a multilayered network structure.

When you start looking at, hey, I'm going to put this as a cloud-based service, that complacency is no good anymore. It really should be no good anymore in the factory floor but I guess I would say that I know that that stuff still happens from place to place, and typically, it's a lack of experience or professionalism around security, or just not having the knowledge or even awareness that this is that vitally important. But that's where we really are trying to fill that gap inside of the industry because we do understand how to do it properly, and we've put a lot of energy and effort into trying to fit not just the best practices, like Joe talked about from Ignition, but also the other vendors of software as well as the cloud providers that we're using to host these workloads, both in the cloud and on the edge.

Joseph Dolivo:

Definitely, security is going to be an issue that we keep coming back to and that's a big part of what we're providing. You look at something like a database as well, and it's even just doing backup. So if you go and install it and set it up, it's going to work for a while until you fill up your disc space, so who's basically monitoring to make sure that it's being offloaded as appropriate? That you're taking backups? That you're testing those backups? That you have a DR disaster recovery strategy in place if something goes wrong? So those are all the things that tend to get taken for granted and you don't necessarily realize you're missing out on it until it's too late.

Same thing with the security issues. So you might be fine until you get hit with ransomware and now you're scrambling to try to make something work. And there's just another article, I think James, that you shared on LinkedIn about one of the lawsuits related to an insurance company not wanting to pay out for some of the ransomware, so we're going to keep seeing things like that. But the ongoing care and feeding and maintenance and monitoring, looking at logs, looking at metrics, how do you know if you're overloading your database server? Those are things that we're basically providing as a part of the service so you can focus on your application and not have to worry about it.

James Burnand:

Yeah. Joe, and that reference was to not patcheta, which hit a lot of manufacturers, and I forget how many hundreds of billions of dollars in damage it did but it was a massive, massive hit. And what the insurance companies did is they claimed it was an act of war because I guess it was Russia attacking the Ukraine I think was the initial start of it, and then once it spread, it spread like wildfires. And once it got into controls networks, there was no stopping it because of the lack of security and framework and the way things are deployed in those networks.

Joseph Dolivo:

Yeah. No, for sure.

James Burnand:

So I know we've managed to get halfway through the podcast and not really dive into the technical, so why don't we talk about some of the services that are actually a part of a standard FactoryStack install, Joe?

Joseph Dolivo:

Yeah, so if you say, like I said, "I want to buy one FactoryStack." So we've got pricing guidance on the website for some preconfigured tiers which are actually based on, again, some of those recommendations from Inductive as far as how do you size the underlying compute, the storage, the bandwidth and all of that. So we've got some guides there, but the reality is that everybody's installation is a little bit different. We're using the cloud native term, to come back to our theme of infrastructure risk code, to provision basically custom architectures that are tailor fit for your particular use case. So that could be very complex multi-sites, multi gateway, load balanced infrastructures that we're supporting with multiple databases, multiple database servers set up across multiple regions for high availability. All of those things are things that we can support at the architectural level.

And then what goes within there is Ignition like we've mentioned, a database like we've mentioned. A thing we didn't mention about the database is that it's optimized for time series data storage as well so you don't have to set up a separate time series historian. You can just use the one that's provided for you as part of the platform. As well as you picture allowing access into this network, so there's load balancing, there's web application firewalls that'll basically scan and protect traffic coming into and out of those, as well as firewalls, network security groups and all those sorts of rules. Those best practices are basically built in for you.

VPN connectivity as well to optionally enforce that, let's say your site to cloud connections are encrypted, not only over using TLS as they would be over a gateway network connection with certificates, but also over an additional layer of a VPN. And we use the same thing for doing any kind of administrative access. For example, on our end, if we need to get access to a secure cluster, we're going to do it over VPN connectivity. Everything is of course being monitored and audited and logged with alerts set up if something doesn't really smell right, so we're able to take advantage of a lot of those cloud native services.

A lot of them are basically using machine learning to do anomaly detection, to say, "Hey, I'm not used to somebody from this IP address range or this geolocation area from logging into the system. I'm going to potentially flag it or I'm going to require an additional factor of authentication to give access to that." So that level of security is something that we've basically built in from the ground up by being tied in really deeply with the different cloud providers for at least the cloud half of that service.

And the other major feature is really doing the automated version control, which is, again, I think hard to understate because if I'm just happily going and working out my application without me having to configure anything myself in Ignition, if I make a change to a screen, I'm getting automated version capturing of that for free without me doing anything different. If I want to go to that next level and I want to have a true DevOps set up with multiple servers and I want to be able to control changes between those and migrate those changes, then we're capturing all those, and with a couple of different settings to tweak like knowing which users should have access to which environments, you basically get a full DevOps workflow for free using the exact same private network, private infrastructure, compute resources we have available. We're just turning up the dial to scale on or off.

So it's that scalability, the flexibility, the elasticity that you get from the cloud wrapped up into this where you don't necessarily have to know your end state. If you want to start out small with one of these installations, I want to monitor a handful of tags at one site from the cloud, and then down the road, I may want to scale that up across multiple sites and multiple geographies, and some of those are going to have, again, those data sovereignty restrictions on where data can be, we can support all those infrastructure scenarios using the same core platform, which I think is super cool from a technical standpoint and having developed it, but hopefully that's a message that resonates with a lot of folks too.

James Burnand:

Yeah, no, great description, Joe. The other thing I guess I'd just add to that is that our enterprise edition which is really our customizable edition, we also do support other pieces of software as well so both operating as containers as well as some operating as virtual machines. So if your infrastructure looks a little bit different or, hey, I need to have... One of the requests we had was for HiveMQ or we've had requests to have Canary as a part of those infrastructures, we're certainly able to support those as a part of that enterprise. It's just we don't have a standard price listed on our website because obviously, it's a little bit different for us to include those different pieces of software.

Looking forward of course, what we're really trying to do is we're adding in complimentary software in the future as it makes sense to do so and as the needs and the desires from the marketplace grow for those. So if you happen to be a software manufacturer listening or someone who has a package, specifically something that can operate in a dockerized environment and operates within an orchestration cluster, this is something that we're actively doing right now is evaluating and looking at the state of this for those software manufacturers to try to figure out the path to integration and inclusion as a part of the core product. So just throwing that out there.

Joseph Dolivo:

Totally. Yeah, no, it's exciting. Looking forward to the next steps with building out the platform.

James Burnand:

Yeah.

Joseph Dolivo:

I think we're probably good for today. We don't have our GI on here to tell us to stop, but I think we've gotten through what we wanted to talk about. Anything else you wanted to add today, James?

James Burnand:

No, just appreciate the time, Joe, and anyone that's watching, we're happy to have you and we'll see you next time.

Joseph Dolivo:

Awesome. Thanks.

James Burnand:

Cheers. See you.

Heads in the Cloud, your source for future proofing your business.

Subscribe

Video: https://www.youtube.com/watch?v=51h5tY5S7ew

Audio Podcast: https://spotifyanchor-web.app.link/e/gzLK3xcPMsb

Blog: https://www.4ir.cloud/blog

4IR Solutions

Connect With One of Our Experts
https://info.4ir.cloud/connect-with-our-experts