white paper making the connection: the how-to’s of
TRANSCRIPT
Increasing Product Complexity Tests the Limits of Legacy
Systems
Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
2 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Product complexity has skyrocketed over the last ten years and it continues to rise as
electronics and software dominate and IOT becomes a reality. According to Gartner, the
shift in product complexity has resulted in more than 8.4B connected “things” signing
online in 2017 with 20.4B online by 2020. To conquer product complexity, manufacturers are
undergoing a digital transformation to develop and market connected products and remain
competitive.
As companies undergo digital transformation, they are realizing that their tools and
processes were designed for a simpler, more mechanically focused era and are unable to
accommodate the demands of modern product development—especially as more of product
design is outsourced to external suppliers and partners.
This white paper will explore how to improve collaboration between suppliers, partners, and
manufacturers via Product Innovation Platforms.
3 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
THE GROWTH OF OUTSOURCING In the last couple of decades, two major trends have played out in manufacturing companies
across all discrete manufacturing industries—e.g. automotive, aerospace, industrial, and
electronics—increasing product complexity and the growing role of the supply chain in design
and manufacturing. The convergence of these trends has created a significant challenge
that impacts productivity and operational excellence every day—design collaboration with
outsourced manufacturing partners.
In the last decade, many products have evolved into software-driven systems, driven by the
availability of ubiquitous networking, ultra-fast, low cost processors, cloud processing, and
storage. At the same time, new materials such as composites, and manufacturing techniques
such as additive, are changing the way the products are designed, manufactured, and
serviced. Many observers view the trends as being interrelated—the increase in product
complexity has been enabled and accelerated by the deep expertise within the supply base.
However, OEMs retain responsibility for the overall product—requirements, high-level design,
quality, safety, compliance, customer experience, etc. This mandates that they must be
closely involved in every aspect of the product design—either undertaking design themselves
or collaborating with suppliers to vet their designs.
According to a recent report published by Supply Chain Management Review, companies that
outsource manufacturing have realized valuable improvements (see figure):
• For nearly half (44 percent)
of respondents, operating
margins have grown
seeing earlier new product
introductions
However, the same report also notes that “one continuing challenge is increased lead times”
but adds that “improved collaboration could help companies manage to this constraint.”
benefits have accrued from outsourcing, suppliers
and partners have struggled with data sharing,
communication, and alignment for decades. Legacy
systems put into place failed to establish secure,
efficient workflows and, in their absence, home grown
tools and workarounds became the standard way
of working. Today, most design data, drawings, CAD
files, etc. are shared via manual approaches involving
email, FTP, and file sharing services.
These approaches may have been adequate before,
but as product complexity has risen, more of product
design has been outsourced; therefore, the amount
of data shared between suppliers, partners, and
manufacturers has increased exponentially. Using
these manual approaches has resulted in:
• Increased product development costs due to
product quality issues, increased cycle times, and
more scrap parts
that is out of date, or from sourcing sending the
wrong version
To close the disconnect and resolve these costly
issues, manufacturers need to connect disparate
systems internally and develop a secure approach to
sharing data that adheres to security standards.
5 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Step 1: Rethink tools, data, and processes across disciplines
Before data can be shared externally, it’s critical to ensure that the organization has
internally developed the tools and processes that ensure data is stored effectively. For
example, this means storing data with appropriate context and having effective change
management protocols to ensure accuracy.
Organizations with disparate systems and
multiple instances of PLM should rethink
their strategy and implement an enterprise-
wide foundation to connect all producers and
consumers of product lifecycle information.
Product Innovation Platforms provide a unified
environment that allows all users of product
information to collaborate around a single
set of processes and data. Once this type of
environment is established, it becomes possible
to break down the disconnect between suppliers,
partners, and manufacturers.
Step 2: Connect suppliers and partners via a secure, efficient portal
Once a single environment for data has been achieved, the next step is to configure a secure
means of sharing the information that is easy to access for partners and suppliers. Best
practice dictates that all data and files are accessed and created as normal PLM items, in
conjunction with access restrictions needed to keep sensitive data and company intellectual
property (IP) secure.
With this approach, partners and suppliers can access data directly from within PLM,
ensuring that they are receiving up-to-date information. Manufacturers can also implement
their specific processes and data structures, without imposing artificial restrictions in the
way data is exchanged.
6 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
THE ARAS PLM PLATFORM WITH SECURE EXTERNAL ACCESS Aras offers a flexible approach for connecting partners, suppliers, and manufacturers to the
heart of product information: the Product Innovation Platform.
Secure External Access (SEA) with the Aras PLM Platform connects external partners to
PLM data, while providing highly secure access controls for IP. Conceptually, SEA provides
direct data access, with no artificial data packaging, allowing natural access to data and
processes. To the external user, it appears just as simple as this:
After appropriate access is granted by the main company’s IT administration, external users
are able to access items and files, update items and files, and participate in processes such
as workflow and collaboration.
7 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
THREE DIMENSIONS OF FLEXIBILITY To achieve this deceptively simple data access, Aras offers three dimensions of data control
that support a variety of possible portal architectures, all of which will satisfy modern IT
requirements. These three dimensions are Data Access, Data Location, and Client Access.
Each of these represents a specific capability of the Aras PLM Platform. Experience has
shown that leveraging the advanced capabilities of at least two of these dimensions
simultaneously provides a satisfactory level of access control. Think of this as the “belt and
suspenders” approach to controlling IP access from outside your four walls.
Dimension 1 - Data Access
The Data Access dimension involves the access granted to a user, based on the user’s
authentication and on controls defined on the data itself. There are three types of access
control supported by the Aras PLM Platform, which in order of increasing sophistication are:
Standard permissions, Mandatory Access Control (MAC Policy), and Domain Access Control
(DAC).
Standard Permissions: The Aras standard permission model is a form of Role Based Access
Control and sets permissions based on the user’s defined identities. These permissions
are additive based on the full set of identities (role, groups, etc.) that apply to the user,
and specify whether actions like Get, Update, and Delete can be performed by members
of specific identities for a certain state on a certain type of item (object). While this is
perfectly suitable for most access control within an organization, it is generally regarded as
insufficient to serve as the basis of external access control.
8 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Mandatory Access Control: The next level up is known as Mandatory Access Control or “MAC
Policy.” It is a form of Attribute Based Access Control, and is commonly used by government
organizations such as the military. The basic premise of MAC Policy is that the clearance
level of the subject (the user) must meet or exceed the classification level of the item (object)
being accessed. Of course, this means that items have to be identified with their classification
level and rules have to be established. Aras provides the capabilities to do so. Users are
granted access to items only if both the MAC Policy rules and standard permissions permit.
MAC Policy is one viable option to support external access control.
Domain Access Control: The most sophisticated
level of access control is known as Domain
Access Control or “DAC.” It is a form of
Relationship Based Access Control, whereby
security can be inferred based on the
relationships of items to other items, rather
than being specified directly as in MAC Policy.
DAC involves the establishment of domains or
“Compartments” which are described using
derived relationship families. The derived
relationship families are defined using Aras
Query Definitions—a powerful technology for
defining all kinds of relationships between items. This approach is well suited to project-
based work and so is typically best suited to be used for external access control.
9 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Dimension 2 - Data Location
The Data Location dimension of SEA describes where the data that the external user
accesses is physically located, either inside or outside your company’s firewall. The choice
for this dimension tends to be strongly dictated by corporate policy, and necessarily drives
decisions about the other two dimensions.
Inside the Firewall - Single Database: Data is contained
in a single database inside of the firewall, meaning that
external users are directly accessing your internal Aras
PLM database. This approach can be very powerful, but
the most advanced options of the other two dimensions
should be used to ensure adequate protection.
Outside the Firewall - Multi-Database: This approach involves setting up a separate Aras
server and database instance in a location outside the firewall, either in the DMZ (an isolated
network positioned between the
or in the cloud. Data required for
the external users is physically
copied to the Aras server via the
Aras Data Synchronization Service.
This platform service provides
administrator functions to identify, submit, and monitor the data being synchronized. Note
that this is not a complete “database replication,” but rather a selected data synch based
on identification of the necessary data. As with DAC, the Aras Query Definition capability is
employed here to specify complex, relationship-based definitions of the sets of data to be
shared. Both uni-directional and bi-directional synch are possible. Uni-directional (from
internal to external server) is perfectly adequate for read-only portals and is easier to set up,
while bi-directional supports data updates by partners, as well as process integration using
workflow and collaboration (including Aras Visual Collaboration view and markup). Many
architecture options are possible with Data Synchronization Service, depending on the need
to separate partners from each other, rather than from the internal server. For example, you
can have one Aras server and one database, one server and multiple databases (one for each
partner), or multiple servers each with multiple databases.
10 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Dimension 3 - Client Access
clients are predominantly used, although other types
are possible, including mobile clients and authoring
tool connectors such as CAD Connectors. The types
described here are intended for general-purpose
access to PLM data.
client, suppliers and partners can make use of full
functionality within Aras, including access to all Aras
item types (including those with complex editors such
as Tech Docs and Quality Planning) and web-based
file viewing, markup, and collaboration provided by
Visual Collaboration. This approach is simplest to
implement, however due to the inherent openness of
AML communication (Aras’ XML syntax), this option
is not recommended for use if the “Single Database”
approach for Data Location is chosen—that is if
external users are coming in through your firewall.
Web Services Portal Client: This alternative provides partners access for simple browsing,
searching, and downloading/uploading of files. By using a web service for communication
across the firewall instead of AML, additional filtering is provided such that no unintended
data can be accessed. Overall, this results in a more secure option for client access, with
another benefit being the ability to provide a simpler user experience for those cases where
the full Aras web client is not necessary.
By combining these three dimensions, a wide variety of architectures can be supported for
Extended Enterprise Access. Aras can work with your organization to find the best fit for you.
Below are some specific examples already in place at a few of Aras’ leading customers.
11 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
PRACTICAL CONFIGURATIONS USING SECURE EXTERNAL ACCESS An American multinational technology company
leverages the Aras PLM Platform with Secure
External Access to share data with suppliers and
partners. They configured their solution using:
• Data Access: Domain Access Control (DAC)
• Data Location: Single Database
A multinational corporation in Japan, manufacturing heavy equipment and aerospace and
defense equipment, configured Secure External Access to work with partners with:
• Data Access: Domain Access Control (DAC)
• Data Location: Synchronized Multi-Database
The external server configuration is
one server with multiple databases.
Synchronization is initially uni-
directional but moving to bi-directional
in the Phase 2 implementation.
12 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
A BETTER WAY TO PARTNER The Aras PLM Platform provides a unified environment that allows all users of product
information to collaborate around a single set of processes and data. With a Platform
approach, manufacturers can trust that data is up-to-date and maintained in context,
ensuring partners and suppliers receive accurate data. With Secure External Access using
the Aras PLM Platform, manufacturers can create a secure means of transferring this data
while adhering to their unique IT requirements.
For more information, we encourage you to contact us at www.aras.com.
competitive edge. Aras’ open, flexible, scalable, and upgradeable PLM
platform and applications connect users in all disciplines and functions
to critical product information and processes across the extended
enterprise. Aras customers include Airbus, BAE Systems, GE, GM,
Hitachi, Honda, Kawasaki Heavy Industries, and Microsoft.
Download Aras Innovator today.
978.691.8900 | [email protected] | www.aras.com
© 2018 Aras. All rights reserved. This document is for informational purposes only. Aras and Aras Innovator are either registered trademarks or trademarks of Aras Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. REQ-0152-1810
Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
2 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Product complexity has skyrocketed over the last ten years and it continues to rise as
electronics and software dominate and IOT becomes a reality. According to Gartner, the
shift in product complexity has resulted in more than 8.4B connected “things” signing
online in 2017 with 20.4B online by 2020. To conquer product complexity, manufacturers are
undergoing a digital transformation to develop and market connected products and remain
competitive.
As companies undergo digital transformation, they are realizing that their tools and
processes were designed for a simpler, more mechanically focused era and are unable to
accommodate the demands of modern product development—especially as more of product
design is outsourced to external suppliers and partners.
This white paper will explore how to improve collaboration between suppliers, partners, and
manufacturers via Product Innovation Platforms.
3 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
THE GROWTH OF OUTSOURCING In the last couple of decades, two major trends have played out in manufacturing companies
across all discrete manufacturing industries—e.g. automotive, aerospace, industrial, and
electronics—increasing product complexity and the growing role of the supply chain in design
and manufacturing. The convergence of these trends has created a significant challenge
that impacts productivity and operational excellence every day—design collaboration with
outsourced manufacturing partners.
In the last decade, many products have evolved into software-driven systems, driven by the
availability of ubiquitous networking, ultra-fast, low cost processors, cloud processing, and
storage. At the same time, new materials such as composites, and manufacturing techniques
such as additive, are changing the way the products are designed, manufactured, and
serviced. Many observers view the trends as being interrelated—the increase in product
complexity has been enabled and accelerated by the deep expertise within the supply base.
However, OEMs retain responsibility for the overall product—requirements, high-level design,
quality, safety, compliance, customer experience, etc. This mandates that they must be
closely involved in every aspect of the product design—either undertaking design themselves
or collaborating with suppliers to vet their designs.
According to a recent report published by Supply Chain Management Review, companies that
outsource manufacturing have realized valuable improvements (see figure):
• For nearly half (44 percent)
of respondents, operating
margins have grown
seeing earlier new product
introductions
However, the same report also notes that “one continuing challenge is increased lead times”
but adds that “improved collaboration could help companies manage to this constraint.”
benefits have accrued from outsourcing, suppliers
and partners have struggled with data sharing,
communication, and alignment for decades. Legacy
systems put into place failed to establish secure,
efficient workflows and, in their absence, home grown
tools and workarounds became the standard way
of working. Today, most design data, drawings, CAD
files, etc. are shared via manual approaches involving
email, FTP, and file sharing services.
These approaches may have been adequate before,
but as product complexity has risen, more of product
design has been outsourced; therefore, the amount
of data shared between suppliers, partners, and
manufacturers has increased exponentially. Using
these manual approaches has resulted in:
• Increased product development costs due to
product quality issues, increased cycle times, and
more scrap parts
that is out of date, or from sourcing sending the
wrong version
To close the disconnect and resolve these costly
issues, manufacturers need to connect disparate
systems internally and develop a secure approach to
sharing data that adheres to security standards.
5 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Step 1: Rethink tools, data, and processes across disciplines
Before data can be shared externally, it’s critical to ensure that the organization has
internally developed the tools and processes that ensure data is stored effectively. For
example, this means storing data with appropriate context and having effective change
management protocols to ensure accuracy.
Organizations with disparate systems and
multiple instances of PLM should rethink
their strategy and implement an enterprise-
wide foundation to connect all producers and
consumers of product lifecycle information.
Product Innovation Platforms provide a unified
environment that allows all users of product
information to collaborate around a single
set of processes and data. Once this type of
environment is established, it becomes possible
to break down the disconnect between suppliers,
partners, and manufacturers.
Step 2: Connect suppliers and partners via a secure, efficient portal
Once a single environment for data has been achieved, the next step is to configure a secure
means of sharing the information that is easy to access for partners and suppliers. Best
practice dictates that all data and files are accessed and created as normal PLM items, in
conjunction with access restrictions needed to keep sensitive data and company intellectual
property (IP) secure.
With this approach, partners and suppliers can access data directly from within PLM,
ensuring that they are receiving up-to-date information. Manufacturers can also implement
their specific processes and data structures, without imposing artificial restrictions in the
way data is exchanged.
6 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
THE ARAS PLM PLATFORM WITH SECURE EXTERNAL ACCESS Aras offers a flexible approach for connecting partners, suppliers, and manufacturers to the
heart of product information: the Product Innovation Platform.
Secure External Access (SEA) with the Aras PLM Platform connects external partners to
PLM data, while providing highly secure access controls for IP. Conceptually, SEA provides
direct data access, with no artificial data packaging, allowing natural access to data and
processes. To the external user, it appears just as simple as this:
After appropriate access is granted by the main company’s IT administration, external users
are able to access items and files, update items and files, and participate in processes such
as workflow and collaboration.
7 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
THREE DIMENSIONS OF FLEXIBILITY To achieve this deceptively simple data access, Aras offers three dimensions of data control
that support a variety of possible portal architectures, all of which will satisfy modern IT
requirements. These three dimensions are Data Access, Data Location, and Client Access.
Each of these represents a specific capability of the Aras PLM Platform. Experience has
shown that leveraging the advanced capabilities of at least two of these dimensions
simultaneously provides a satisfactory level of access control. Think of this as the “belt and
suspenders” approach to controlling IP access from outside your four walls.
Dimension 1 - Data Access
The Data Access dimension involves the access granted to a user, based on the user’s
authentication and on controls defined on the data itself. There are three types of access
control supported by the Aras PLM Platform, which in order of increasing sophistication are:
Standard permissions, Mandatory Access Control (MAC Policy), and Domain Access Control
(DAC).
Standard Permissions: The Aras standard permission model is a form of Role Based Access
Control and sets permissions based on the user’s defined identities. These permissions
are additive based on the full set of identities (role, groups, etc.) that apply to the user,
and specify whether actions like Get, Update, and Delete can be performed by members
of specific identities for a certain state on a certain type of item (object). While this is
perfectly suitable for most access control within an organization, it is generally regarded as
insufficient to serve as the basis of external access control.
8 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Mandatory Access Control: The next level up is known as Mandatory Access Control or “MAC
Policy.” It is a form of Attribute Based Access Control, and is commonly used by government
organizations such as the military. The basic premise of MAC Policy is that the clearance
level of the subject (the user) must meet or exceed the classification level of the item (object)
being accessed. Of course, this means that items have to be identified with their classification
level and rules have to be established. Aras provides the capabilities to do so. Users are
granted access to items only if both the MAC Policy rules and standard permissions permit.
MAC Policy is one viable option to support external access control.
Domain Access Control: The most sophisticated
level of access control is known as Domain
Access Control or “DAC.” It is a form of
Relationship Based Access Control, whereby
security can be inferred based on the
relationships of items to other items, rather
than being specified directly as in MAC Policy.
DAC involves the establishment of domains or
“Compartments” which are described using
derived relationship families. The derived
relationship families are defined using Aras
Query Definitions—a powerful technology for
defining all kinds of relationships between items. This approach is well suited to project-
based work and so is typically best suited to be used for external access control.
9 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Dimension 2 - Data Location
The Data Location dimension of SEA describes where the data that the external user
accesses is physically located, either inside or outside your company’s firewall. The choice
for this dimension tends to be strongly dictated by corporate policy, and necessarily drives
decisions about the other two dimensions.
Inside the Firewall - Single Database: Data is contained
in a single database inside of the firewall, meaning that
external users are directly accessing your internal Aras
PLM database. This approach can be very powerful, but
the most advanced options of the other two dimensions
should be used to ensure adequate protection.
Outside the Firewall - Multi-Database: This approach involves setting up a separate Aras
server and database instance in a location outside the firewall, either in the DMZ (an isolated
network positioned between the
or in the cloud. Data required for
the external users is physically
copied to the Aras server via the
Aras Data Synchronization Service.
This platform service provides
administrator functions to identify, submit, and monitor the data being synchronized. Note
that this is not a complete “database replication,” but rather a selected data synch based
on identification of the necessary data. As with DAC, the Aras Query Definition capability is
employed here to specify complex, relationship-based definitions of the sets of data to be
shared. Both uni-directional and bi-directional synch are possible. Uni-directional (from
internal to external server) is perfectly adequate for read-only portals and is easier to set up,
while bi-directional supports data updates by partners, as well as process integration using
workflow and collaboration (including Aras Visual Collaboration view and markup). Many
architecture options are possible with Data Synchronization Service, depending on the need
to separate partners from each other, rather than from the internal server. For example, you
can have one Aras server and one database, one server and multiple databases (one for each
partner), or multiple servers each with multiple databases.
10 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
Dimension 3 - Client Access
clients are predominantly used, although other types
are possible, including mobile clients and authoring
tool connectors such as CAD Connectors. The types
described here are intended for general-purpose
access to PLM data.
client, suppliers and partners can make use of full
functionality within Aras, including access to all Aras
item types (including those with complex editors such
as Tech Docs and Quality Planning) and web-based
file viewing, markup, and collaboration provided by
Visual Collaboration. This approach is simplest to
implement, however due to the inherent openness of
AML communication (Aras’ XML syntax), this option
is not recommended for use if the “Single Database”
approach for Data Location is chosen—that is if
external users are coming in through your firewall.
Web Services Portal Client: This alternative provides partners access for simple browsing,
searching, and downloading/uploading of files. By using a web service for communication
across the firewall instead of AML, additional filtering is provided such that no unintended
data can be accessed. Overall, this results in a more secure option for client access, with
another benefit being the ability to provide a simpler user experience for those cases where
the full Aras web client is not necessary.
By combining these three dimensions, a wide variety of architectures can be supported for
Extended Enterprise Access. Aras can work with your organization to find the best fit for you.
Below are some specific examples already in place at a few of Aras’ leading customers.
11 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
PRACTICAL CONFIGURATIONS USING SECURE EXTERNAL ACCESS An American multinational technology company
leverages the Aras PLM Platform with Secure
External Access to share data with suppliers and
partners. They configured their solution using:
• Data Access: Domain Access Control (DAC)
• Data Location: Single Database
A multinational corporation in Japan, manufacturing heavy equipment and aerospace and
defense equipment, configured Secure External Access to work with partners with:
• Data Access: Domain Access Control (DAC)
• Data Location: Synchronized Multi-Database
The external server configuration is
one server with multiple databases.
Synchronization is initially uni-
directional but moving to bi-directional
in the Phase 2 implementation.
12 Making the Connection: The How-To’s of Connecting Suppliers, Partners, and Manufacturers
A BETTER WAY TO PARTNER The Aras PLM Platform provides a unified environment that allows all users of product
information to collaborate around a single set of processes and data. With a Platform
approach, manufacturers can trust that data is up-to-date and maintained in context,
ensuring partners and suppliers receive accurate data. With Secure External Access using
the Aras PLM Platform, manufacturers can create a secure means of transferring this data
while adhering to their unique IT requirements.
For more information, we encourage you to contact us at www.aras.com.
competitive edge. Aras’ open, flexible, scalable, and upgradeable PLM
platform and applications connect users in all disciplines and functions
to critical product information and processes across the extended
enterprise. Aras customers include Airbus, BAE Systems, GE, GM,
Hitachi, Honda, Kawasaki Heavy Industries, and Microsoft.
Download Aras Innovator today.
978.691.8900 | [email protected] | www.aras.com
© 2018 Aras. All rights reserved. This document is for informational purposes only. Aras and Aras Innovator are either registered trademarks or trademarks of Aras Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. REQ-0152-1810