Architecture, Security, Availability & APIs
AWS GovCloud Hosting
1factory is a web application hosted on AWS GovGloud, an isolated AWS region designed to host sensitive data (e.g. ITAR) and regulated workloads in the cloud. This allows our customers to meet U.S. government compliance requirements, including International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud implements a stricter standard of access control and intrusion detection than ordinary AWS accounts.
1factory complies with ALL NIST-800-171 security requirements. 1factory maintains a SOC2 Type II certificate, and performs an annual penetration test. We are audited annually, and our most recent audit report is available upon request.
Data Encryption
Data Transfer: All customer data transfer from client to server is conducted over standard HTTPS/TLS 1.2, using a certificate with 2048-bit RSA public key / SHA-256 with RSA encryption.
Data at Rest: All customer data is encrypted at rest. Data (e.g. Part Numbers, Measurements etc.) are stored in an encrypted Amazon RDS instance. Drawings, Raw Material Certificates etc. are stored on encrypted Elastic Block Storage (EBS) volumes. Drawings and other documents are further individually encrypted, and keys are managed via a Key Management System.
Data Backup, High Availability and Disaster Recovery
1factory has been engineered to be highly reliable, scalable and available. Over 200 million parts have been inspected by customers using 1factory in 18 countries. The 1Factory deployment architecture is set up to support recovery if something untoward happens, with back-up and failover set ups for database, filesystem and servers.
Database: The production database has a failover instance maintained in a separate AWS availability zone, with all data replicated in real time from the main instance. In addition, we maintain system backups that allow us to recover a database in the same AWS region to its state from ~5 minutes prior to failure. We store daily db snapshot backups in an entirely separate AWS region, allowing us to recover a database in the event that both the failover DB and system backups are unavailable with a loss of at most 24 hours data.
Files: Files uploaded into one factory are stored on two separate, redundant encrypted physical drives. In the event that one drive fails we can restore all files from the other drive, with zero data loss. In the unlikely event that both drives fail, we also take daily backups of both drives, and store them in multiple AWS Regions, allowing us to recover with minimal loss of data.
Servers: Servers are actively monitored for CPU performance and errors, with automatic reboot when required. In the unlikely event of the loss of the entire AWS availability zone, or even region, we maintain hot-standby instances in separate AWS availability zones and regions that we can quickly launch to restore the application.
Up Time: The 1factory system has had an uptime of >99.99% over the last 8 years. We use a third-party service to monitor system uptime, and our customers can view our uptime and availability metrics in real time.
Access Control, Roles and User Logs
Roles & Permissions: Each user is provided a 1factory account with an assigned role (e.g. Read-Only, Inspector, Engineer, Administrator etc.) Each role has associated permissions that restrict the types of operations that user can perform.
Access Control: A user name and password are required for system access. 1factory provides configurable capabilities for Single Sign-On, Multi-Factor Authentication (via SSO), IP Address Whitelisting, and Password Complexity and Rotation Policies.
User Logs: 1factory maintains a URL access log that records every URL accessed by the users (with timestamp and IP address). 1factory records modifications to each object (Plan, Specifications, Measurements etc) with timestamp and user id. Also whenever any object is deleted - it is recorded in a delete history log.
Understanding the Domain: Quality Control Data
1factory vs ERP, PLM, MES: Traditional ERP, MES and PLM systems are designed to manage data at the Part Number level. These systems typically contain Part Masters, Bills of Materials, and Inventory Data (Quantity on Hand, On Order, In WIP etc.) The 1factory system, on the other hand, operates at a level below the Part Number level. Every part or product is defined by a number of parameters. These parameters might be dimensional (e.g. diameters, lengths, widths etc.), material and finish related (material compositions, anodization specifications, platings, coatings etc.), or functional (voltage, torque etc.). These parameters are verified during the manufacturing process to ensure that each part produced meets the required specifications.
Data Complexity: Data Structures for Quality Control are extremely complicated. Each Part Number will typically have multiple Part Revisions during its lifecycle. Each Part Number and Revision combination has an associated Inspection Plan. Inspection Plans in turn are Versioned, and a Plan can have multiple Versions during its lifecycle. In addition a Plan may reference one or more Industry Standards (Reference Libraries). And a Plan may be tabulated with multiple Part Numbers operating off the same drawing. Inspection Plans must be carefully synchronized with Part Tabulations, Part Revisions, Plan Versions and Reference Libraries resulting in complex logic that no other competitor can match.
Data Volume: Our customers typically deal with over 1000 unique Part Numbers, with some managing nearly a million Part Numbers. Each Part Number in turn can have anywhere from a hundred to a few thousand parameters. Thousands of units of each part are typically produced each year. Some or all of these parts are measured during the manufacturing process using many different types of inspection equipment. Each of these measurements is recorded in 1factory. As a result, the 1factory application carries millions of parametric measurements each year.
Estimating Data Volume: As an example, consider a machine shop that makes a 100 unique part numbers for its customers:
- Unique Part Numbers Produced: 100
- Parameters per Part: 100
- Quantity of each Part Number produced per Year: 1000
- Sampling: Every 10th part is verified (measured)
Total Data: 100 x 100 x 1000 x 1/10 = 1,000,000 (one million) measurements recorded each year
API and Integrations
1factory provides a set of pwerful APIs that allow our customers to create and query a number of objects in their 1factory account. Each API accepts and returns request and response bodies as JSON, using UTF-8 encoding.
Part Master Data: The Part Master API is used to send Part Master data (Part Numbers, Revisions, Descriptions, Bills of Materials etc.) to 1factory from an ERP or PLM system.
Work Order / Purchase Order Data: The Order API is used to send Order information such as Work Order Number, Lot Quantity or Purchase Order Number and Lot Quantity from an ERP to 1factory.
Inspections: The Inspections API is used to send Order information such as Order Number, Lot Quantity or Purchase Order Number and Lot Quantity from an ERP to 1factory and creates a New Inspection ready of data entry.
Inspection Results: The Results API can be used to request the status of an Inspection (e.g. Pending, Accepted, Rejected etc.) along with Quantity Pass and Quantity Fail from 1factory.
Measurements: The Measurements API can be used to retrieve measurement data and corresponding specifications.
Additional API information and sample data structures are available here.