Share this
Securing the Computer Supply Chain with Design & Life Cycle Management
by Jason Barr on Jun 29, 2021 10:26:50 AM
Photo: Rigorously managing the computer design and life cycle management processes should be a primary focus in every high-performance computer manufacturer's supply chain security plan.
Recent high-profile security breaches in government and industry have underscored the importance of a secure computer supply chain.
At Trenton Systems, we control components and suppliers down to the resistor level.
The motherboards and processor boards in our high-performance computing solutions are populated in the USA, and our domestic suppliers purchase board-level components through authorized distributors from our approved vendor list (AVL).
The following is a closer look at how we oversee the design and life cycle management processes associated with our overall supply chain security plan.
Graphic: Bills of materials (BOMs) should be assessed and graded during the prototyping phase of the computer life cycle to determine component risk levels. This helps manufacturers prevent material shortages and potentially counterfeit components from impacting end customers.
Building & Grading BOMs
During the design process, our engineers specify in a standard bill of materials (BOM) the components needed to construct our boards. The BOM can consist of hundreds of discrete parts, each at a different stage of its product life cycle.
During the prototype phase, we perform a BOM grading exercise that assesses the overall health of that BOM based on four primary criteria: component life cycle, sourcing, inventory, and environmental considerations.
The component life cycle is based on published information from the manufacturer. The typical life cycle status is one of the following:
- Active – the product is actively being produced with no current end-of-life (EOL) planned.
- Not recommended for new development (NRND) – the components are not yet on a last-time buy but are nearing the end of a typical product life cycle.
- Last-time buy (LTB) – components are still available through authorized distributors but have an end-of-life date, after which availability is uncertain.
- Obsolete – the manufacturer is no longer producing the component.
The product life cycle status is the most heavily weighted factor in BOM grading, but it doesn't tell the whole story. Two somewhat related factors are sourcing and inventory considerations.
The sourcing factor assigns a risk level based on the number of sources that currently offer the component. A component with an active life cycle status but that is only available through a single source poses risks. Adverse weather events, COVID-19 lockdowns, and supplier financial struggles are just a few.
Beyond the number of sources, we look at the amount of inventory available in the supply chain. If we have multiple sources but each is carrying a low level of inventory, then the supply chain is still at risk.
The final element we use for BOM grading is an environmental risk assessment, during which we look at the RoHS/REACH status of each part to determine its compliance with the applicable standard. Obviously, a part is useless to Trenton if it's widely available from numerous sources but does not meet the necessary environmental requirements.
Once a risk level is assigned to component life cycle, sourcing, inventory, and environmental considerations, we can then determine the overall risk level for each component. These determinations are then combined into a BOM grade for the board.
Graphic: Proactively monitoring and preparing for life cycle changes is vital to acquiring proper form, fit, and function replacements in a timely manner and protecting customers from counterfeit electronic parts, which jeopardize security, functionality, and mission success.
Managing the Computer Life Cycle
In addition to performing the BOM grading exercise during product development, we can also run our BOM grading report at any time. For example, if a customer is interested in a particular board for a new program, we can perform BOM grading to determine the longevity of their product and make changes proactively if necessary.
Our system also provides us with automated alerts any time the supplier issues a notification about the life cycle status of any component on our board BOM. For example, if a supplier issues an end-of-life notice on an active component, we will be notified of the upcoming status change along with the latest date we can place an order for that component before it reaches end-of-life.
This supply chain visibility affords us the opportunity to proactively address component constraints. We can work with our customers to prepare an optimal plan, which generally comprises one or more of the following:
- Last-time buys – we can place a one-time order on components prior to their EOL date. This will allow us to continue producing our customers’ boards without any changes to the components for a specified time period.
- Specifying alternate components – a form, fit, or function-compatible alternate component that is readily available can replace components at the end of their life cycle.
- Board redesigns – if no form, fit, or function alternate is available, and the customer is interested in extending the life cycle of the board, we have the option of redesigning the board to incorporate readily available components.
Graphic: BOMs, life cycle statuses, sourcing, environmental considerations... what does it all mean for the servicemember of the future and the computers they need to succeed?
What Does This Mean for Our Customers?
So, why would you care about our supply chain resilience and visibility efforts?
The availability of electronic components is constantly in flux. The typical challenges faced when managing component life cycles have been exasperated by the COVID-19 pandemic, transportation delays, and extended lead times.
In the absence of active supply chain management, these challenges translate to component shortages. These shortages can lead to delivery delays or may even result in the inability to procure components through authorized channels after they reach EOL. Once components are no longer available through authorized channels, the possibility of counterfeit parts entering the supply chain increases significantly.
Not only does BOM grading help reduce finished product lead times, but it also helps protect your products from sub-standard components being sold from less reputable sources. In some cases, these components would not offer the longevity that you expect, and in extreme cases, nefarious agents could jeopardize the security of your product.
This is why we deploy a BOM grading strategy. Our main goal is to keep our supply chain, products, and ultimately, our customers, secure.
Share this
- High-performance computers (42)
- Military computers (38)
- Rugged computers (32)
- Cybersecurity (25)
- Industrial computers (25)
- Military servers (24)
- MIL-SPEC (20)
- Rugged servers (19)
- Press Release (17)
- Industrial servers (16)
- MIL-STD-810 (16)
- 5G Technology (14)
- Intel (13)
- Rack mount servers (12)
- processing (12)
- Computer hardware (11)
- Edge computing (11)
- Rugged workstations (11)
- Made in USA (10)
- Partnerships (9)
- Rugged computing (9)
- Sales, Marketing, and Business Development (9)
- Trenton Systems (9)
- networking (9)
- Peripheral Component Interconnect Express (PCIe) (7)
- Encryption (6)
- Federal Information Processing Standards (FIPS) (6)
- GPUs (6)
- IPU (6)
- Joint All-Domain Command and Control (JADC2) (6)
- Server motherboards (6)
- artificial intelligence (6)
- Computer stress tests (5)
- Cross domain solutions (5)
- Mission-critical servers (5)
- Rugged mini PCs (5)
- AI (4)
- BIOS (4)
- CPU (4)
- Defense (4)
- Military primes (4)
- Mission-critical systems (4)
- Platform Firmware Resilience (PFR) (4)
- Rugged blade servers (4)
- containerization (4)
- data protection (4)
- virtualization (4)
- Counterfeit electronic parts (3)
- DO-160 (3)
- Edge servers (3)
- Firmware (3)
- HPC (3)
- Just a Bunch of Disks (JBOD) (3)
- Leadership (3)
- Navy (3)
- O-RAN (3)
- RAID (3)
- RAM (3)
- Revision control (3)
- Ruggedization (3)
- SATCOM (3)
- Storage servers (3)
- Supply chain (3)
- Tactical Advanced Computer (TAC) (3)
- Wide-temp computers (3)
- computers made in the USA (3)
- data transfer (3)
- deep learning (3)
- embedded computers (3)
- embedded systems (3)
- firmware security (3)
- machine learning (3)
- Automatic test equipment (ATE) (2)
- C6ISR (2)
- COTS (2)
- COVID-19 (2)
- Compliance (2)
- Compute Express Link (CXL) (2)
- Computer networking (2)
- Controlled Unclassified Information (CUI) (2)
- DDR (2)
- DDR4 (2)
- DPU (2)
- Dual CPU motherboards (2)
- EW (2)
- I/O (2)
- Military standards (2)
- NVIDIA (2)
- NVMe SSDs (2)
- PCIe (2)
- PCIe 4.0 (2)
- PCIe 5.0 (2)
- RAN (2)
- SIGINT (2)
- SWaP-C (2)
- Software Guard Extensions (SGX) (2)
- Submarines (2)
- Supply chain security (2)
- TAA compliance (2)
- airborne (2)
- as9100d (2)
- chassis (2)
- data diode (2)
- end-to-end solution (2)
- hardware security (2)
- hardware virtualization (2)
- integrated combat system (2)
- manufacturing reps (2)
- memory (2)
- mission computers (2)
- private 5G (2)
- protection (2)
- secure by design (2)
- small form factor (2)
- software security (2)
- vRAN (2)
- zero trust (2)
- zero trust architecture (2)
- 3U BAM Server (1)
- 4G (1)
- 4U (1)
- 5G Frequencies (1)
- 5G Frequency Bands (1)
- AI/ML/DL (1)
- Access CDS (1)
- Aegis Combat System (1)
- Armed Forces (1)
- Asymmetric encryption (1)
- C-RAN (1)
- COMINT (1)
- CPUs (1)
- Cloud-based CDS (1)
- Coast Guard (1)
- Compliance testing (1)
- Computer life cycle (1)
- Containers (1)
- D-RAN (1)
- DART (1)
- DDR5 (1)
- DMEA (1)
- Data Plane Development Kit (DPDK) (1)
- Defense Advanced Research Projects (DARP) (1)
- ELINT (1)
- EMI (1)
- EO/IR (1)
- Electromagnetic Interference (1)
- Electronic Warfare (EW) (1)
- FIPS 140-2 (1)
- FIPS 140-3 (1)
- Field Programmable Gate Array (FPGA) (1)
- Ground Control Stations (GCS) (1)
- Hardware-based CDS (1)
- Hybrid CDS (1)
- IES.5G (1)
- ION Mini PC (1)
- IP Ratings (1)
- IPMI (1)
- Industrial Internet of Things (IIoT) (1)
- Industry news (1)
- Integrated Base Defense (IBD) (1)
- LAN ports (1)
- LTE (1)
- Life cycle management (1)
- Lockheed Martin (1)
- MIL-S-901 (1)
- MIL-STD-167-1 (1)
- MIL-STD-461 (1)
- MIL-STD-464 (1)
- MOSA (1)
- Multi-Access Edge Computing (1)
- NASA (1)
- NIC (1)
- NIC Card (1)
- NVMe (1)
- O-RAN compliant (1)
- Oil and Gas (1)
- OpenRAN (1)
- P4 (1)
- PCIe card (1)
- PCIe lane (1)
- PCIe slot (1)
- Precision timestamping (1)
- Product life cycle (1)
- ROM (1)
- Raytheon (1)
- Remotely piloted aircraft (RPA) (1)
- Rugged computing glossary (1)
- SEDs (1)
- SIM Card (1)
- Secure boot (1)
- Sensor Open Systems Architecture (SOSA) (1)
- Small form-factor pluggable (SFP) (1)
- Smart Edge (1)
- Smart NIC (1)
- SmartNIC (1)
- Software-based CDS (1)
- Symmetric encryption (1)
- System hardening (1)
- System hardening best practices (1)
- TME (1)
- Tech Partners (1)
- Total Memory Encryption (TME) (1)
- Transfer CDS (1)
- USB ports (1)
- VMEbus International Trade Association (VITA) (1)
- Vertical Lift Consortium (VLC) (1)
- Virtual machines (1)
- What are embedded systems? (1)
- Wired access backhaul (1)
- Wireless access backhaul (1)
- accredidation (1)
- aerospace (1)
- air gaps (1)
- airborne computers (1)
- asteroid (1)
- authentication (1)
- autonomous (1)
- certification (1)
- cognitive software-defined radios (CDRS) (1)
- command and control (C2) (1)
- communications (1)
- cores (1)
- custom (1)
- customer service (1)
- customer support (1)
- data linking (1)
- data recording (1)
- ethernet (1)
- full disk encryption (1)
- hardware monitoring (1)
- heat sink (1)
- hypervisor (1)
- in-house technical support (1)
- input (1)
- integrated edge solution (1)
- international business (1)
- licensed spectrum (1)
- liquid cooling (1)
- mCOTS (1)
- microelectronics (1)
- missile defense (1)
- mixed criticality (1)
- moving (1)
- multi-factor authentication (1)
- network slicing (1)
- neural networks (1)
- new headquarters (1)
- next generation interceptor (1)
- non-volatile memory (1)
- operating system (1)
- output (1)
- outsourced technical support (1)
- post-boot (1)
- pre-boot (1)
- private networks (1)
- public networks (1)
- radio access network (RAN) (1)
- reconnaissance (1)
- secure flash (1)
- security (1)
- self-encrypting drives (SEDs) (1)
- sff (1)
- software (1)
- software-defined radios (SDRs) (1)
- speeds and feeds (1)
- standalone (1)
- storage (1)
- systems (1)
- tactical wide area networks (1)
- technical support (1)
- technology (1)
- third-party motherboards (1)
- troposcatter communication (1)
- unlicensed spectrum (1)
- volatile memory (1)
- vpx (1)
- zero trust network (1)
- August 2024 (1)
- July 2024 (1)
- May 2024 (1)
- April 2024 (3)
- February 2024 (1)
- November 2023 (1)
- October 2023 (1)
- July 2023 (1)
- June 2023 (3)
- May 2023 (7)
- April 2023 (5)
- March 2023 (7)
- December 2022 (2)
- November 2022 (6)
- October 2022 (7)
- September 2022 (8)
- August 2022 (3)
- July 2022 (4)
- June 2022 (13)
- May 2022 (10)
- April 2022 (4)
- March 2022 (11)
- February 2022 (4)
- January 2022 (4)
- December 2021 (1)
- November 2021 (4)
- September 2021 (2)
- August 2021 (1)
- July 2021 (2)
- June 2021 (3)
- May 2021 (4)
- April 2021 (3)
- March 2021 (3)
- February 2021 (9)
- January 2021 (4)
- December 2020 (5)
- November 2020 (5)
- October 2020 (4)
- September 2020 (4)
- August 2020 (6)
- July 2020 (9)
- June 2020 (11)
- May 2020 (13)
- April 2020 (8)
- February 2020 (1)
- January 2020 (1)
- October 2019 (1)
- August 2019 (2)
- July 2019 (2)
- March 2019 (1)
- January 2019 (2)
- December 2018 (1)
- November 2018 (2)
- October 2018 (5)
- September 2018 (3)
- July 2018 (1)
- April 2018 (2)
- March 2018 (1)
- February 2018 (9)
- January 2018 (27)
- December 2017 (1)
- November 2017 (2)
- October 2017 (3)
No Comments Yet
Let us know what you think