Our Customer is a world-leading nuclear fuel fabrication plant, supplying more than 50 utilities in 19 countries around the world that has been in operation for more than 40 years.
They make a substantial contribution to the total global supply of nuclear energy, they have a considerable responsibility to maintain a level of production which will continue to service the industry.
Nuclear fuel production is a highly technical, scientific industry that uses world-leading technology but, like all manufacturing businesses with such a long, successful history, elements of their infrastructure need to be replaced and updated to keep operations running smoothly.
"Cost wise their estimates were accurate, invoices timely and any potential issues flagged up quickly and discussed in an open trusting context." - Nuclear Sector, Project Manager
The problem, outlined by the Engineering team, was that the active Ethernet network infrastructure that supports the manufacturing process was beginning to experience reliability issues. The network had been experiencing an increasing number of failures, and it was clear that the obsolete network hardware now had to be brought up to date.
In the case of a process communications path failure, the network service was always maintained as the legacy system provided redundant connectivity with automatic failover. The legacy failover process, while fast, was un-managed leaving operations staff unsure about the availability and effectiveness of their backup systems.
Improving plant network visibility for the control room was one of many opportunities for network enhancement.
While the plant’s fail-safe systems ensured an interruption in communication could never become dangerous, any interruption in communication that resulted in lost production could be enormously expensive. Therefore, the installation challenge was to migrate to the new network without affecting the manufacturing process.
Other challenges include:
- Refurbishment of the process-wide fibre optic infrastructure and related facilities.
- Integration of legacy 10Mbps fibre optic to AUI transceivers, brought to market in 1996, with modern network switching equipment supporting line speeds of up to 1Gbps.
- Creation of a resilient, high-speed, managed network backbone able to support multiple applications, legacy and new, without compromise. Providing a platform for future extension, expansion and change.
- Implementation of controls that would limit the impact and alert on a network failure and a management system that would, among other things, display them.
- Education of on-site engineering and support teams.
"IT4A very quickly integrated into my project team so successfully that we don’t consider them as sub-contractors but part of an integrated, high-performing group. They will be the first people I turn to for advice and help in the future." - Nuclear Sector, Project Manager
The IT4A Solution
With production outages measured in £M’s, the over twenty-year old network was probably the highest value asset IT4A have been asked to replace. While technical challenges were presented and overcome along the journey, it was how the project team came together that ultimately brought the level of success to the project. Migrating a live nuclear process control system demands competence and strict controls, but ultimately it is the trust, earned across many months and many activities that allowed the first steps of live migration to be taken.
Good design and risk management go hand in hand. Linking product and feature selection to project assessed risk and more specifically the risk mitigation results in security by design - an approach that ensures nothing gets missed and a mind-set that worked well on site.
"The preparation of the documentation and their systematic approach to the job in hand made the network migration run very smoothly" - Projects Testing and Handover Engineer
A critical part of the network upgrade was the preparation of the physical topology and environment within which the new network systems would exist. While not originally considered within scope, significant efforts were made to ensure the environment was optimised and the infrastructure validated. This is covered in the IT4A case study “Physical infrastructure, preparation for network migration.”
The network switches primary feature set dealt with all the project’s design constraints: resilience, segmentation and management.
Hardware and Feature Selection
In this case, IT4A selected Belden’s robust Industrial Ethernet Switches. The ability to effectively design an environmentally hardened product that combined any combination of legacy 10BASE-FL and 100BASE-FX with Gigabit Ethernet was invaluable. This meant IT4A engineers could design for current and future needs without compromise.
Overlaying this active Belden network on the IT4A certified fibre infrastructure required a robust and future-proof redundancy protocol. IT4A selected the standardised ‘Media Redundancy Protocol’ (MRP) resilience protocol (IEC 62439-2). MRP was chosen for its speed of recovery and more importantly the degree of scalability that made future expansion possible.
Segmenting networks by each autonomous application is good design practice; it enhances security and optimises performance. Sharing the same physical network backbone also reduces hardware cost and network complexity. Network segmentation was achieved using virtual LANs (VLANs) to divide the network into various sub-networks interconnected, if needed, through a router/firewall.
The final stage of the design was network management. The network management system (NMS) needed to be effective at administering the network yet be user-friendly. In the Nuclear sector, where the clarity of high-quality decision support systems is vital, the NMS implementation was critical. The Belden NMS provided evidence of network stability prior to migration and provided clarity of system-wide status postmigration – an excellent tool.
"Working with John French on a site based network commissioning task; Mark described IT4a as "A breath of fresh air", with regard to the thoroughness, knowledge, flexibility etc as opposed to other sub-contractors who don’t apply the same level of professionalism" - Projects Testing and Handover Engineer
The secondary network feature set provided a strong set of ‘nice to have’ capabilities, for example:
- A GPS-enabled network time-server to synchronise devices and their logs across the system
- Bandwidth controls that limit the impact of unforeseen misspatching and hardware failures
- SNMP that sends time-stamped messages relating to network related events and alerts
- A variety of further features facilitating network administration and troubleshooting
Once implemented, with supporting documentation in place and testing complete, the resultant active Ethernet infrastructure provided a networking platform that was deemed ‘Fit4Nuclear’ by all Urenco stakeholders and therefore, ready for live migration.
Live Network Migration
The approach to implementing the new network in parallel with the legacy network paid significant dividends when planning the live migration. The migration went incredibly smoothly, with no impact to manufacturing whatsoever. As the migration approach was not time-critical, we were able to stop whenever operational needs demanded. Further security resulted by keeping the legacy network intact and available for regression until full confidence in the new network had been gained.
The new IT4A engineered, managed network has brought one of the UK’s Nuclear fuel facilities up to date, using both modern standards and good practice. Significant improvements to the efficiency and reliability of operations have resulted. Equally important has been the peace of mind that the infrastructure supporting production is a scalable, engineered solution that is understood, documented and above all trusted.
From the certification of all fibre paths to the implementation of a fully configured network management system, IT4A’s approach to challenging every element of the design was fully justified. Urenco now has the robust solution they needed and, just as important, the guidance, assurances, education and support that ensures the new network solution is supportable and maintainable for many years to come.
IT4A are passionate about ‘critical network infrastructure’ and the protection of automation and site-wide security systems that rely upon it.
IT4A create bespoke Network Solutions that are secure by design we take proven, CPNI (www.cpni. gov.uk) recommended methodologies and apply them to critical automation systems and projects. Our 24/7 monitoring service can detect abnormal events and our expertise will help defend your business from misuse or attack.
Our Security ‘SC’ Cleared support and maintenance services have been delivering reliable and secure critical network infrastructures for over 18 years. IT4A is unique in its ability to combine proven ISO accredited service with leading brand product supply; IT4A’s main distributor status ensures best value is achieved every time.
Customers that need advice on challenges relating to critical network design, security, cyber-security, management and system monitoring, have come to trust in and rely upon IT4A. It is the combination of technology partnership and solutions provision that sets IT4A apart, it is why the nuclear sector selected IT4A.
- Overcome network obsolescence
- Accommodate legacy, current and future networking needs
- Document each stage of the solution to Nuclear quality standard
- Develop, perform and document extensive factory, integrated and site-based testing
- Migrate live systems to new network without any loss of production
- Ensure adequate future scalability
- Ensure all solutions are ‘Fit4Nuclear’
- High-security nuclear facility with controlled and supervised areas
- Continuous process with 24/7 plant operations
- Consultation and collaboration to determine needs and discuss options.
- Vendor-verified design, procurement, documentation and turnkey solution implementation.
- System tests including resilience, performance, security and manageability.
- GPS synchronised network time server