Ford AUTO-TECH 2003 Presentation
Download
Report
Transcript Ford AUTO-TECH 2003 Presentation
ANX Network Status and Direction
Dennis Kirchoff
ANX Development Leader
Dealer and Supplier Infrastructure
Telecommunications Services
Information Technology Infrastructure
AIAG AUTO-TECH 2003 Conference
August 28, 2003, Cobo Conference Center, Detroit, Michigan
Presentation Topics
Ford ANX Network Versus Public Internet Usage
Ford ANX Network & Applications Status
Ford ANX High Availability Enhancement Plans
ANXTunnelz Service Model Approach to IPSec
Technology Management
ANXTunnelz Subscription Process and Ford ANX
High Availability/ANXTunnelz Migration Process
Ford Support for Supplier Connections to Ford
2
Ford – ANX & Public Internet Usage
Use the ANX network for Business Critical
applications that require:
Low latency, high performance
High availability
End-to-end accountability
Real-time performance
High service quality
Use the Public Internet for applications that are
not Business Critical and do not require:
Low latency, high performance
High availability
End-to-end accountability
Real-time performance
High service quality
OR
ANX is not affordable or not available
3
Ford ANX Network Status
Ford has ANX connections to two ANX CSPs:
AT&T and SBC
Two DS3 circuits each running at 20 to 25 Mbps
Engineered to maximize diversity, basis for fail-over design
Ford ANX network usage:
Exchanging production data with 784 trading partners (TPs):
644 gate-to-gateway VPNs (TP has a dedicated connection)
140 client-to-gateway VPNs (TP has a dial connection)
Primary applications are CAD/CAM/CAE/PIM, mainframe access,
and high volume batch EDI
New applications: logistics support and financial transactions
4
Ford ANX Network Use for JIT Logistics
At some plants, logistics providers supporting
assembly plant operations connect to Ford via the
ANX network
If the provider has a “corporate“ ANX connection
and a robust internal network infrastructure, critical
Ford traffic rides over the provider’s intranet
If the provider’s internal network infrastructure
does not meet Ford availability/reliability criteria,
the provider connects his site to the ANX network,
so that critical Ford traffic bypasses his intranet
Lesson: A TP’s intranet infrastructure can be
critical for some Ford business processes
5
Ford EDI Deployment on ANX
Global Electronic Commerce (GEC) Hub has
replaced SOLMIS for EDI at Ford
Supported transport mechanisms:
Bisync network access for EDI ends Jan. 1, 2004
Move to TCP/IP =>Major improvement in reliability &
transmission speed (150-600 times faster)
FTP (machine-to-machine batch file transfer)
HTTP (web forms for interactive low-volume submissions)
No plans for support of AIAG E-5 message routing standard
Ford connects with four EDI VANs via ANX network
6
Additional Ford ANX Initiatives
Supplier access to Ford using the Raptor Mobile
client-VPN system has been phased out, TPs now
using Ideal/LDMI ANX dial service
FDX (Ford Data Exchange) from AutoWeb
Communications, Inc. will be used for file transfers
because FTPPAHs (FTP Properly Administered
Hosts) are being retired
Initial rollout focused on Ford ANX TPs
Now also available via the public Internet
More info at: www.autoweb.net or 1-248-601-7140
7
Ford ANX Network Enhancement Plans
SLAs with our business customers drive Ford
usage of the ANX network:
SLA from ANX CSPs/ANXeBusiness for network transport
No SLAs available for the IPSec tunnels with Ford’s ANX TPs need end-to-end management of the IPSec tunnels
Need to address high availability issues and
increasing technology management costs
3 projects address these issues:
Dynamic Routing BGP peering with our ANX CSPs
Highly Available Firewalls CP FW1 on Nokia appliances
Highly Available VPNs IPSec tunnel management service
8
High Availability ANX for Ford
Design objectives:
Eliminate single points of failure for ANX network connectivity
Automatically fail-over to alternate connectivity or redundant
elements should an access line or an element fail
Achieve some level of load sharing
Utilize proven “best practices” in place on the Internet today
In addition, the solution needs to eliminate IPSec
device/product interoperability issues between Ford
and ANX TPs with dedicated network connections
Gateway-to-gateway VPNs over ANX need high availability,
reliability, robustness, and single accountability
Eliminate diversity of IPSec products Ford needs to deal with
Centrally manage all IPSec devices, including S/W upgrades
IPSec interoperability not an issue for TPs with dial access
9
Legacy ANX Access Infrastructure
10
Access for Gateway-to-Gateway VPNs
11
Migration from Old to New ANX Access
Ford is requiring its ANX TPs with gateway-to-gateway
VPNs to Ford to migrate to the new ANX access
infrastructure as soon as possible
No new connections to the legacy ANX access
infrastructure after October 1, 2002
New Ford ANX infrastructure is in production with 117
Ford trading partners, most were “migrated” from
legacy ANX access, some are new Ford ANX TPs
An additional 214 Ford TPs have subscribed to
ANXTunnelz and are at various stages in the migration
process
12
Migration from Old to New ANX Access
Ford ANX TPs need to subscribe to the ANXTunnelz
service from ANXeBusiness in order to access the new
infrastructure
A letter to targeted Ford ANX TPs covering these
changes was sent on November 25, 2002
Signed by TCS, C3P, Purchasing, Ford Financial IT managers
Follow-up e-mails were sent in March, April, and July
Ford TPs should subscribe to ANXTunnelz by
September 30, 2003
13
Migration from Old to New ANX Access
High Availability solution for Ideal/LDMI ANX dial service
access to Ford is under development
Ultimately, all analog dial ANX access will be
consolidated on one High Availability firewall
Dial ANX TPs on the four legacy firewalls will be moved to one
new HA firewall
Some TPs may need to do a minor migration (IP address
change)
All four of the legacy ANX firewalls will be removed from
service as soon as possible
14
Legacy Ford ANX IPSec Environment
Ford Responsibility
Ford
Network
FW
IPSec
Gateway
ANX CSP/ANXeBusiness
Network Transport SLA
R
R
TP Responsibility
IPSec
Gateway
FW
Trading
Partner
Network
- Multiple IPSec Products from different vendors
- Interoperability promised, but not really there
- Each TP manages IPSec gateway differently
- SLA for end-to-end tunnel management impossible
15
New Ford ANX IPSec Environment
IPSec Tunnel Management Service SLA
Ford Responsibility
Ford
Network
FW
IPSec
Gateway
ANX CSP/ANXeBusiness
Network Transport SLA
R
R
TP Responsibility
IPSec
Gateway
FW
Trading
Partner
Network
- The service has sole responsibility for IPSec interoperability
- Interoperability based on use of IPSec products from one vendor
- The service provides uniform version control for IPSec products
- The service provides SLAs for end-to-end tunnel management
16
ANX IPSec Tunnel Management Service
Ford developed a statement of work
covering SLA, IPSec functionality,
monitoring, maintenance, notification,
reporting, and change control requirements
Designed as an ANX community, not a Ford,
solution
In 2002, Ford signed a contract with
ANXeBusiness for ANXTunnelz, their IPSec
tunnel management service, for Ford and
500+ of its ANX TPs who have dedicated
connections
17
ANX IPSec Tunnel Management Service
Ford wants this to be as painless as possible
for ANX trading partners with dedicated
network connections
Great majority of Ford ANX TPs have a T1 or lower bandwidth
dedicated connection
For a T1 connected TP, price for first year will be $240; in
following years, price will be $240 + $250 H/W maintenance fee
Higher bandwidths or HA may increase the initial, first-year cost
and annual maintenance costs
Ford sponsorship of a TP waives a $3000 ANXeBusiness
installation charge for the TP
18
ANXTunnelz Subscription Process
Registration:
Trading Partner
registers and
accepts contract
via ANXTunnelz
web site
Hardware
Installation:
ANXeBusiness
works with TP
contact to
complete physical
and network
installation of
hardware
Site
Assessment:
ANXeBusiness
completes site
assessment with
TP via phone and
e-mail
Network
Accessible:
ANXeBusiness is
able to access the
hardware over the
ANX network
Hardware
Configuration
and Shipment:
ANXeBusiness
configures
hardware using
specifications
from site
assessment and
ships to TP
Hardware
Operational:
ANXeBusiness
completes
installation hardware is now
managed using
ANXTunnelz
software
19
Ford ANX HA Migration Process
ANXeBusiness will schedule TPs for migration from
the old to the new Ford HA access infrastructure
Ford TPs start the process by subscribing to the
ANXTunnelz service at
http://www.anx.com/ANXTunnelz.html
Initial migration rate will be 10 per week:
Monday through Friday except for Ford company holidays
One in the morning, one in the afternoon each day
A “rework” window is available at the end of each day
Investigating ways to increase migration run rate
Process designed to minimize impact on production
20
Ford ANX HA Migration Process (cont.)
Using data from ANXeBusiness, prior to the
scheduled date and time for a TP’s migration:
Ford GSEC updates its database for the TP
Ford GSEC causes firewall rules from old infrastructure to be
copied to firewalls in new infrastructure
Ford GSEC updates Ford Helpdesk on the plan
Ford GSEC schedules change of static route within Ford
During the one hour scheduled migration window:
Existing application connectivity is demonstrated
ANXeBusiness implements changes with the TP at the TP site
Ford “swings” a static route from the old to the new access
infrastructure
Application connectivity is demonstrated to prove success
21
Ford ANX HA Migration Process (cont.)
If the migration cannot be completed within the
allocated hour
Ford reverts to the old static route
ANXeBusiness restores the TP site to its prior configuration
Ford and the TP resume production use of the ANX network
ANXeBusiness reschedules migration once problems have been
identified
Migrations that failed during the first attempt are
completed successfully during a “rework” window later
in the same week or in the following week
22
Ford ANX HA Migration Tips
Ford trading partners drive the migration process
through active involvement with ANXeBusiness
Use the online process proactively
Be available for site survey and follow-up
Keep scheduled appointments with ANXeBusiness
Have key resources available for the migration
ANXeBusiness relies on Ford to set priorities for
migrating selected TPs
Drivers for prioritizing a TPs migration
History of IPSec problems
Support of critical business processes
23
Ford Support for Trading Partners
The Ford Global Supplier Electronic Communications
(GSEC) ANX process is explained at:
web.suppcomm.ford.com/us_docs/usa_main.htm
Additional Information and Help:
HA/ANXTunnelz Migration: [email protected]
ANX general questions:
[email protected]
24