Dennis KirchoffANX Development Leader

Dealer and Supplier InfrastructureTelecommunications Services

Information Technology Infrastructure

AIAG AUTO-TECH 2003 ConferenceAugust 28, 2003, Cobo Conference Center, Detroit, Michigan

ANX Network Status and DirectionANX Network Status and Direction

2

Presentation TopicsPresentation Topics

Ford ANX Network Versus Public Internet Usage

Ford ANX Network & Applications Status

Ford ANX High Availability Enhancement Plans

ANXTunnelz Service Model Approach to IPSec Technology Management

ANXTunnelz Subscription Process and Ford ANX High Availability/ANXTunnelz Migration Process

Ford Support for Supplier Connections to Ford

3

Ford – ANX & Public Internet UsageFord – ANX & Public Internet Usage

Use the ANX network for Business Critical applications that require: Low latency, high performance High availability End-to-end accountability Real-time performance High service quality

Use the Public Internet for applications that are not Business Critical and do not require: Low latency, high performance High availability End-to-end accountability Real-time performance High service qualityOR ANX is not affordable or not available

4

Ford ANX Network StatusFord ANX Network Status

Ford has ANX connections to two ANX CSPs: AT&T and SBC Two DS3 circuits each running at 20 to 25 Mbps Engineered to maximize diversity, basis for fail-over design

Ford ANX network usage: Exchanging production data with 784 trading partners (TPs):

644 gate-to-gateway VPNs (TP has a dedicated connection) 140 client-to-gateway VPNs (TP has a dial connection) Primary applications are CAD/CAM/CAE/PIM, mainframe

access, and high volume batch EDI New applications: logistics support and financial transactions

5

Ford ANX Network Use for JIT LogisticsFord ANX Network Use for JIT Logistics

At some plants, logistics providers supporting assembly plant operations connect to Ford via the ANX network

If the provider has a “corporate“ ANX connection and a robust internal network infrastructure, critical Ford traffic rides over the provider’s intranet

If the provider’s internal network infrastructure does not meet Ford availability/reliability criteria, the provider connects his site to the ANX network, so that critical Ford traffic bypasses his intranet

Lesson: A TP’s intranet infrastructure can be critical for some Ford business processes

6

Ford EDI Deployment on ANXFord EDI Deployment on ANX

Global Electronic Commerce (GEC) Hub has replaced SOLMIS for EDI at Ford Bisync network access for EDI ends Jan. 1, 2004 Move to TCP/IP =>Major improvement in reliability &

transmission speed (150-600 times faster)

Supported transport mechanisms: FTP (machine-to-machine batch file transfer) HTTP (web forms for interactive low-volume submissions) No plans for support of AIAG E-5 message routing standard

Ford connects with four EDI VANs via ANX network

7

Additional Ford ANX InitiativesAdditional Ford ANX Initiatives

Supplier access to Ford using the Raptor Mobile client-VPN system has been phased out, TPs now using Ideal/LDMI ANX dial service

FDX (Ford Data Exchange) from AutoWeb Communications, Inc. will be used for file transfers because FTPPAHs (FTP Properly Administered Hosts) are being retired Initial rollout focused on Ford ANX TPs Now also available via the public Internet More info at: www.autoweb.net or 1-248-601-7140

8

Ford ANX Network Enhancement PlansFord ANX Network Enhancement Plans

SLAs with our business customers drive Ford usage of the ANX network: SLA from ANX CSPs/ANXeBusiness for network transport No SLAs available for the IPSec tunnels with Ford’s ANX TPs -

need end-to-end management of the IPSec tunnels

Need to address high availability issues and increasing technology management costs

3 projects address these issues: Dynamic Routing BGP peering with our ANX CSPs Highly Available Firewalls CP FW1 on Nokia appliances Highly Available VPNs IPSec tunnel management service

9

High Availability ANX for FordHigh Availability ANX for Ford

Design objectives: Eliminate single points of failure for ANX network connectivity Automatically fail-over to alternate connectivity or redundant

elements should an access line or an element fail Achieve some level of load sharing Utilize proven “best practices” in place on the Internet today

In addition, the solution needs to eliminate IPSec device/product interoperability issues between Ford and ANX TPs with dedicated network connections Gateway-to-gateway VPNs over ANX need high availability,

reliability, robustness, and single accountability Eliminate diversity of IPSec products Ford needs to deal with Centrally manage all IPSec devices, including S/W upgrades IPSec interoperability not an issue for TPs with dial access

10

Legacy ANX Access InfrastructureLegacy ANX Access Infrastructure

11

Access for Gateway-to-Gateway VPNsAccess for Gateway-to-Gateway VPNs

12

Migration from Old to New ANX AccessMigration from Old to New ANX Access

Ford is requiring its ANX TPs with gateway-to-gateway VPNs to Ford to migrate to the new ANX access infrastructure as soon as possible

No new connections to the legacy ANX access infrastructure after October 1, 2002

New Ford ANX infrastructure is in production with 117 Ford trading partners, most were “migrated” from legacy ANX access, some are new Ford ANX TPs

An additional 214 Ford TPs have subscribed to ANXTunnelz and are at various stages in the migration process

13

Migration from Old to New ANX AccessMigration from Old to New ANX Access

Ford ANX TPs need to subscribe to the ANXTunnelz service from ANXeBusiness in order to access the new infrastructure

A letter to targeted Ford ANX TPs covering these changes was sent on November 25, 2002 Signed by TCS, C3P, Purchasing, Ford Financial IT managers

Follow-up e-mails were sent in March, April, and July

Ford TPs should subscribe to ANXTunnelz by September 30, 2003

14

Migration from Old to New ANX AccessMigration from Old to New ANX Access

High Availability solution for Ideal/LDMI ANX dial service access to Ford is under development

Ultimately, all analog dial ANX access will be consolidated on one High Availability firewall Dial ANX TPs on the four legacy firewalls will be moved to one

new HA firewall Some TPs may need to do a minor migration (IP address

change)

All four of the legacy ANX firewalls will be removed from service as soon as possible

15

Legacy Ford ANX IPSec EnvironmentLegacy Ford ANX IPSec Environment

ANX CSP/ANXeBusinessNetwork Transport SLA

FordNetwork

TradingPartnerNetwork

IPSecGateway

IPSecGateway

Ford Responsibility TP Responsibility

R RFW FW

- Multiple IPSec Products from different vendors

- Interoperability promised, but not really there

- Each TP manages IPSec gateway differently

- SLA for end-to-end tunnel management impossible

16

New Ford ANX IPSec EnvironmentNew Ford ANX IPSec Environment

FordNetwork

TradingPartnerNetwork

ANX CSP/ANXeBusinessNetwork Transport SLA

IPSecGateway

IPSecGateway

IPSec Tunnel Management Service SLA

Ford Responsibility TP Responsibility

R RFW FW

- The service has sole responsibility for IPSec interoperability

- Interoperability based on use of IPSec products from one vendor

- The service provides uniform version control for IPSec products

- The service provides SLAs for end-to-end tunnel management

17

ANX IPSec Tunnel Management ServiceANX IPSec Tunnel Management Service

Ford developed a statement of work covering SLA, IPSec functionality, monitoring, maintenance, notification, reporting, and change control requirements

Designed as an ANX community, not a Ford, solution

In 2002, Ford signed a contract with ANXeBusiness for ANXTunnelz, their IPSec tunnel management service, for Ford and 500+ of its ANX TPs who have dedicated connections

18

ANX IPSec Tunnel Management ServiceANX IPSec Tunnel Management Service

Ford wants this to be as painless as possible for ANX trading partners with dedicated network connections

Great majority of Ford ANX TPs have a T1 or lower bandwidth dedicated connection

For a T1 connected TP, price for first year will be $240; in following years, price will be $240 + $250 H/W maintenance fee

Higher bandwidths or HA may increase the initial, first-year cost and annual maintenance costs

Ford sponsorship of a TP waives a $3000 ANXeBusiness installation charge for the TP

19

ANXTunnelz Subscription ProcessANXTunnelz Subscription Process

Registration:

Trading Partnerregisters and

accepts contractvia ANXTunnelz

web site

SiteAssessment:

ANXeBusinesscompletes site

assessment withTP via phone and

e-mail

HardwareConfigurationand Shipment:

ANXeBusinessconfigures

hardware usingspecifications

from siteassessment and

ships to TP

HardwareInstallation:

ANXeBusinessworks with TP

contact tocomplete physical

and networkinstallation of

hardware

HardwareOperational:

ANXeBusinesscompletes

installation -hardware is nowmanaged using

ANXTunnelzsoftware

NetworkAccessible:

ANXeBusiness isable to access thehardware over the

ANX network

20

Ford ANX HA Migration ProcessFord ANX HA Migration Process

ANXeBusiness will schedule TPs for migration from the old to the new Ford HA access infrastructure

Ford TPs start the process by subscribing to the ANXTunnelz service at http://www.anx.com/ANXTunnelz.html

Initial migration rate will be 10 per week: Monday through Friday except for Ford company holidays One in the morning, one in the afternoon each day A “rework” window is available at the end of each day Investigating ways to increase migration run rate

Process designed to minimize impact on production

21

Ford ANX HA Migration Process (cont.)Ford ANX HA Migration Process (cont.)

Using data from ANXeBusiness, prior to the scheduled date and time for a TP’s migration: Ford GSEC updates its database for the TP Ford GSEC causes firewall rules from old infrastructure to be

copied to firewalls in new infrastructure Ford GSEC updates Ford Helpdesk on the plan Ford GSEC schedules change of static route within Ford

During the one hour scheduled migration window: Existing application connectivity is demonstrated ANXeBusiness implements changes with the TP at the TP site Ford “swings” a static route from the old to the new access

infrastructure Application connectivity is demonstrated to prove success

22

Ford ANX HA Migration Process (cont.)Ford ANX HA Migration Process (cont.)

If the migration cannot be completed within the allocated hour Ford reverts to the old static route ANXeBusiness restores the TP site to its prior configuration Ford and the TP resume production use of the ANX network ANXeBusiness reschedules migration once problems have been

identified

Migrations that failed during the first attempt are completed successfully during a “rework” window later in the same week or in the following week

23

Ford ANX HA Migration TipsFord ANX HA Migration Tips

Ford trading partners drive the migration process through active involvement with ANXeBusiness Use the online process proactively Be available for site survey and follow-up Keep scheduled appointments with ANXeBusiness Have key resources available for the migration

ANXeBusiness relies on Ford to set priorities for migrating selected TPs

Drivers for prioritizing a TPs migration History of IPSec problems Support of critical business processes

24

Ford Support for Trading PartnersFord Support for Trading Partners

The Ford Global Supplier Electronic Communications (GSEC) ANX process is explained at: web.suppcomm.ford.com/us_docs/usa_main.htm

Additional Information and Help: HA/ANXTunnelz Migration: dkirchof@ford.com ANX general questions: anxdesk@ford.com