Imagine being on the moon; surrounded by hundreds of thousand ft² of space. Most of the activity you see is robotic -automated material-handling systems moving things from point A to B. The few people around are wearing "bunny suits" [1] and masks. They look like astronauts -they are not. You are not in space, you are in the clean room of one of Intel's chip manufacturing facilities.

These facilities are sophisticated, controlled environments where disruptions are extremely costly. In here, we produce state of the art microchips, where a single chip can be made of 28 billion transistors. One hour of downtime can cost us up to $5M in revenue loss, which is why a lot of these factories run for years without any downtime. Nevertheless, our cutting-edge facilities require modern, state-of-the-art infrastructure, which creates a conundrum:

How do you modernize your infrastructure with zero-downtime? 

This year, my team won the CX Customer Hero of the Year Award for our infrastructure modernization project. In this blog, I explain why.    

Intel's Foundry Shift: Architecting for a New Era

In 2021, Intel announced its intention to become a "foundry" for the semi-conductor market, opening our facilities to external customers to manufacture their products.

This move meant that we needed to scale up and modernize our manufacturing capacity. It also required advancing our security posture to protect our and our customers' intellectual property from bad actors' increasingly elaborate security threats.

Historically, we relied on Virtual Access Control Lists (VACLs) to manage the traffic flow between thousands of tools. These VACLs had grown into incredibly long and complex lists, difficult to manage, and incapable of scaling to the intricate demands of our new foundry business. We needed a complete re-architecture.

In collaboration with Cisco, we decided to adopt Cisco's Application Centric Infrastructure (ACI). This allowed us to move to a more modern, streamlined approach for controlling traffic flows using Endpoint Groups (EPGs) and Contracts. This new model enables us to create granular security policies and apply them to specific tool sets, precisely controlling data flow between them. While our initial thought was to implement ACI everywhere, covering both the factory floor and our data centers, through open, transparent discussions with Cisco we pivoted toward a hybrid model: ACI now manages the intricate traffic within the factory floor, securing our 2,700+ VLANs and 1,100+ tool types, while firewalls handle the East-West[2] traffic between the data center and the factory floor, providing critical deep packet inspection.

Crucially, the migration of these thousands of VLANs was a monumental task, and this is where Cisco CX stepped in, providing the automation expertise to characterize our complex traffic flows, converting them into the EPGs and contracts essential for our new ACI environment.

Deploying with Confidence: The Critical Role of Solution Validation Services

Given the unforgiving nature of our factories, when we deploy new capabilities in a factory, we want to ensure things will work right the first time around. This is why Cisco's Solution Validation Services (which are available via Professional Services) were critical for us, allowing rigorous testing of all significant new capabilities before they went live.

Cisco built a lab that mirrors our factory environment, with configurations and network component integrations that were a true reflection of our production setup, tuned over years to stay in sync. This pre-deployment validation gave us a high degree of confidence that any potential issues had been identified and resolved in the lab, ensuring our manufacturing plants remained secure and operational.

From Oregon to the World: Scaling to our Global Network

While having an award-winning deployment is a big win, this project is a multi-year investment for us. Our Oregon facility -where this deployment happened -is the main hub where all first-kind installs are done before being rolled out to the rest of the factories worldwide.

We are currently deploying ACI across all our factories worldwide, which also involves uplifting our switch and routing platforms to the latest Cisco Nexus technology.

Automation will be a key enabler, and Cisco CX is helping us with that. In Oregon, CX brought in experts to do the characterization and help us automate our workflow -something we didn't have the bandwidth or the resources to do ourselves. What really impressed me was that they took the time to understand the problem -and even reshape the nature of their support according to our needs. They didn't just provide the technology framework; they supported us programmatically too, which gave us the momentum to move forward.

Securing the Future of Chip Manufacturing in the West

Zooming out, the broader context for our efforts is the surging global demand for chips, largely fueled by the explosion of AI.

In my view, it's critical to strengthen our supply chains in the West -the pendulum has moved too far offshore increasing risks, with important security implications. Intel has been a strong advocate and investor in addressing these concerns, building new wafer fabrication facilities and expanding existing ones in the US and Europe.

However, with bad actors increasingly targeting critical infrastructure, the industry must adopt a world-class security posture. This means continuous modernization of our technology infrastructure, implementing robust "defense in depth" strategies -like our ACI project -to protect these vital assets and ensure uninterrupted production against sophisticated threats.

Read more:

IT@Intel Whitepaper: Transforming Industrial Manufacturing with Software-Defined Networking

[1] Lab gowns

[2] East-West traffic refers to network communication that occurs laterally between servers, applications, or devices within the same data center or, in this case, factory network.