Biotech manufacturer Repligen makes sure it keeps contracts short and avoids lock-in, says infrastructure and operations chief Richard Richison
In an unpredictable world, sometimes, you get what you need through good planning, sometimes you get lucky, and sometimes it's a bit of both.
The pandemic played havoc with supply chains, with many commonplace items such as laptops suddenly in short supply. The related and ongoing chip shortage meant that other vital components were hard to come by too, with carmakers having to scale down production due to the shortage of parts.
Others were more fortunate - or better prepared. Biotech company Repligen was in the middle of five large facility build outs when the shutdowns started. Primarily a Cisco house for networking, the company also had a relationship with firewall vendor Fortinet, which fortunately was able to supply the required switch gear when the Cisco supply dried up.
"We were able to work with Fortinet to somehow get all of our switches just in the nick of time for our infrastructure builds," explained Richard Richison, Director, IT Infrastructure and Operations. "That was the key relationship that got us through what could have been potentially disastrous had we not been open."
It wasn't a one-off either. As soon as anything became available, Richison snapped it up.
"Whenever they had equipment available, we purchased it even if we didn't need it at that time," he said.
"I now have 15 switches and 100 access points in my storeroom, but that's fine as we can use them for acquisitions and to refresh older locations where our budget was reduced."
OT and IT
Repligen manufactures materials that are used by pharmaceutical companies to manufacture medicines. Headquartered in Waltham, Massachusetts in the US, its 2,200 employees are spread across 25 locations in seven countries, with the applications and infrastructure looked after by a small team of around 30 people.
As a manufacturer, it has the usual separation of operational and information technology (OT/IT), but collects and analyses data from both optimise efficiency and security. Richison likes to ensure he always has room for manoeuvre. This is easier in some areas than others.
On the operations side, for example, the production line machinery and associated systems offers fewer options for flexibility. It's not just the cost of replacing the devices, it's all the auditing and compliance checks that would go have to with it.
In those cases it's generally best to air gap them and leave as-is, said Richison, relying on suppliers to take the strain.
"We're not like a large pharmaceutical company that needs every bit of data that that piece of equipment is processing, so from that aspect we're fortunate, but we do have maintenance agreements for vendors for these components that are speciality. If something stops working, then they're on call to either fix it remotely or to go into a facility to fix it."
Not everything can be switched out on the IT side either. The company is still integrating a quarter of its manufacturing facilities into the AWS-hosted SAP S4/HANA ERP it introduced in 2018, replacing a former Microsoft Dynamics system. This is a major, long-term project that underpins many others, and thus it holds a special place.
"The SAP, I mean, that's not going anywhere, ever, or at least for the foreseeable future, because of the tens of millions of dollars we've invested in implementation so far," Richison explained.
So the ERP is a fixture, but flexibility is still possible through the contracts agreed with the MSPs that Repligen hires to manage, maintain and support the system and its rollout.
Using third parties saves the company having to hire the expertise and fly skilled technicians all over the world, said Richison, and the current outsourcing partners are mostly on three-year contracts, at least until the integration work is completed, when they will be reviewed.
Indeed, for mid-sized companies, the old five or 10-year contracts with a single supplier are long gone. In part, this is due to the as-a-service model. Repligen is cloud-first. It uses hyperconverged infrastructure from Nutanix, cloud data warehousing from Snowflake and Tableau analytics. These could be replaced if needs be, said Richison, and being able to draw on the external skills of partners provides the necessary flexibility, with short contacts adding agility.
"When buying equipment we'll typically get a three-year support agreement and then after that we renew one year at a time, but for all of my vendors I do a one-year contract," he said. "Almost all of my contracts now I do one year."
Richison prefers a best-of-breed approach and is wary of getting "handcuffed to one vendor".
"We try to leverage the best technology for the use case. So for our workstations we standardise on Dell, but as much as our Dell rep would like to sell us EMC and Dell switches, that's never going to happen."
So, switches are now by Cisco and Fortinet, with the latter also providing some of the hardware side of security. When it comes to the software, things are more flexible still. Repligen recently consolidated all its security tools and platforms into a single managed service security provider (MSSP), which offered SentinelOne endpoint detection and response (EDR) as part of the package.
"Some technology is disposable, in that it can easily be replaced in a month or two," Richison explained. "So we ripped out CrowdStrike and pushed out SentinelOne, and that was an easy migration because of the tools we have to automate it."
In the case of security, this is particularly advantageous as it means vendors cannot afford to sit on their laurels, he added.
"If a security vendor or technology vendor isn't advancing as fast as some of the other ones, we don't want to be locked into that, into something that's not moving forward."
A swappable, modular approach to provisioning, an emphasis on staying open and supplier flexibility, being able to move fast to adapt to new conditions - this sounds a bit like what Gartner calls composable architecture. The analyst firm suggests that this approach is becoming more applicable to the operational side of manufacturing as well as the IT, as the two merge thanks to the need for data driven analytics.
Asked whether he was following a strategy of composable architecture, Richison said he wasn't, and indeed that he hadn't heard of it.
"I guess it's a new term that they want to start getting out into the industry, which I suppose is a good thing because I'm so tired of vendors talking about shift left or digitalisation," he said wryly.
Composable architecture as a concept has its advocates, who say it can be applied in multiple areas, and its critics, who argue it is nothing new and practical applications a limited. We'll be covering composable architecture in a follow-up article shortly.