Isi

1.Top of Form

Bottom of Form

CHEVRON’S INFRASTRUCTURE EVOLUTION

Chevron Corporation (www.chevron.com) is one of the world’s leading energy companies. Chevron’s headquarters are in San Ramon, California. The company has more than 62,000 employees and produces more than 700,000 barrels of oil per day. It has 19,500 retail sites in 84 countries. In 2012, Chevron was number three on the Fortune 500 list and had more than $244 billion in revenue in 2011 [STAT12]. IT infrastructure is very important to Chevron and to better support all facets of its global operations, the company is always focused on improving its infrastructure [GALL12]. Chevron faces new challenges from increased global demand for its traditional hydrocarbon products and the need to develop IT support for new value chains for liquid natural gas (LNG) and the extraction of gas and oil from shale. Huge investments are being made around the world, particularly in Australia and Angola on massive projects of unprecedented scale. Modeling and analytics are more important than ever to help Chevron exploit deep water drilling and hydrocarbon extraction in areas with challenging geographies. For example, advanced seismic imaging tools are used by Chevron to reveal possible oil or natural gas reservoirs beneath the earth’s surface. Chevron’s proprietary seismic imaging

C6-2

technology contributed to it achieving a 69% discovery rate in 2011[CHEV12].

Supervisory Control and Data Acquisition (SCADA) Systems Chevron refineries are continually collecting data from sensors spread throughout the facilities to maintain safe operations and to alert operators to potential safety issues before they ever become safety issues. Data from the sensors is also used to optimize the way the refineries work and to identify opportunities of greater efficiency. IT controls 60,000 valves at Chevron’s Pascagoula, Mississippi refinery; the efficiency and safety of its end-to-end operations are dependent on advanced sensors, supervisory control and data acquisition (SCADA) systems, and other digital industrial control systems [GALL12]. SCADA systems are typically centralized systems that monitor and control entire sites and/or complexes of systems that are spread out over large areas such as an entire manufacturing, fabrication, power generation, or refining facility. The key components of SCADA systems include:  Programmable logic units (PLCs) that and remote terminal units (RTUs) connected to sensors that convert sensor signals to digital data and send it to the supervisory system  A supervisory computer system that acquires data about the process and sends control commands to the process  A human-machine interface (HMI) that presents process to the human operators that monitor and control the process.  Process meters and process analysis instruments  Communication infrastructure connecting the supervisory system and RTUs and PLCs. These are illustrated in Figure C6.1.

C6-3

Data acquisition occurs at the PLC or RTU level. This includes meter readings and equipment status reports that are sent to the supervisory system. The collected data is compiled and formatted by the HMI to enable the operator to make determine whether adjustments to normal PLC or RTU settings are needed. Current data may also be compared to historical data in a SCADA database to assess trends or perform analytical auditing.

C6-4

In addition to Chevron refineries, SCADA are extremely important in national infrastructures such as water supplies, pipelines, and electric grids. Because attacks or damage to SCADA systems can affect large numbers of people, ensuring adequate security is important.

Business Infrastructure Transformation Because of the complexity of its operational processes and the IT that is needed to support them, Chevron has traditionally been more infrastructure than business focused. SCADA systems and digital industrial control systems are critical IT infrastructure at Chevron’s refineries and will always play an important role in monitoring and managing facility-based processes. These also are among the first IT systems needed to support Chevron’s new value chains for LNG and shale oil extraction. However, like any large corporation, Chevron relies on a wide variety of business applications to run its businesses. As it is for most global businesses, SAP ERP is a key transaction processing system at Chevron. Chevron has been using SAP for more than two decades and it has played an important role in the development of SAP’s vertical solutions for the hydrocarbon industry. There are more than 50 instances of SAP used by Chevron [SCRI11]. Most of these run on Oracle databases. Some other key enterprise applications at Chevron include Ariba Buyer, EMC Documentum, Informatica, MicroStrategy, multiple Oracle applications [SCRI11]. Going forward, IT executives at Chevron would like to flip the company’s traditional IT priorities so that the majority of the IT staff’s time and attention is focused on improving business capabilities [GALL12]. To do this, Chevron’s IT leaders have increasingly turned their attention to Web services, software as a service (SaaS), and cloud computing to help it run its business. Chevron considers mobility to be a game changer in how it

C6-5

delivers information and provides solutions and it is convinced that it can do both without sacrificing security or reliability. IT infrastructure at Chevron pervades every facet of its operations. However, Chevron’s executives have not lost sight of the fact that IT is not the company’s core competency. By moving business solutions to the cloud, Chevron executives hope to help the company maintain its focus on its core competencies.

C6-6

Chevron has used business-oriented Web services for several years. Ariba Buyer, Salesforce.com, and Ketera’s price negotiation system are just a few of the SaaS solutions that Chevron has woven into its IT architecture. Chevron is interested in developing an integrated information network that includes all of its major supply chain partners, both upstream and downstream. Identify management has emerged as a priority at Chevron to ensure secure data transfer among its business partners. A generic example of an identify management system is illustrated in Figure C6.2. When users at Chevron partners need to access Chevron’s intranet and/or SaaS data or solutions, they are first cleared by an identity broker. The identity broker authenticates the user and transparently provides a single sign on (SSO) token that enables the partner to access Chevron’s intranet (2) or the company’s SaaS solution providers (3). Chevron hopes to better align its operations with those of its business partners via its migration of business applications to the cloud. It hopes that the business infrastructure transformation that is currently underway will also lead to better IT and business alignment. As a global company, the cloud may be an ideal platform for running the business. In the years ahead, Chevron’s IT leaders expect mobility, analytics and visualization, and social media to become critical aspects of its business infrastructure. At the facilities level, advanced sensors and deeper embedding of RTUs and PLCs within operations are foreseen [GALL12]. Technical appreciation of convergence network infrastructure will continue to be important, but business literacy/savvy will be most important to the longterm success of Chevron’s IT leaders. Discussion Points 1. Do some Internet research on Chevron’s use of seismic imaging technology. Briefly explain how it works and how it has helped Chevron discover new oil and gas reservoirs.

C6-7

2. Do some Internet research on security vulnerabilities associated with SCADA and digital industrial control systems. Summarize the major security concerns associated with these systems and steps than can be taken to enhance their security.

3. Discuss the pros and cons of moving enterprise-wide applications that have traditionally been supported on premises to the cloud.

4. Do some Internet research on identify management and single sign on systems. Briefly explain how these work and why they are important in business intranets and extranets.

5. Why is it increasing most important for a CIO or IT executive who oversees geographically distributed enterprise networks to be business literate?

Sources [CHEV12] Chevron.com “Seismic Imaging.” Retrieved online: at http://www.chevron.com/deliveringenegy/oil/seismicimaging.

[GALL12] Gallant, J. ”Chevron’s CIO Talks Transformation and Why IT Leaders Should Smile.” April 12, 2012. Retrieved online at: http://www.cio.com/article/print/704095.

[SCRI11] Scribd.com. “Chevron Corporation CRUSH Report.” August 17, 2011. Retrieved online at http://www.scribd.com/doc/62481977/ChevronCRUSH-Report-09A1.

[STAT12] Statistic Brain. “Chevron Company Statistics.” February 12, 2102. Retrieved online at: http://www.statisticbrain.com/chevron-companystatistics

2. ST. LUKE'S HEALTH CARE SYSTEM

Hospitals have been some of the earliest adopters of wireless local area networks (WLANs). The clinician user population is typically mobile and spread out across a number of buildings, with a need to enter and access data in real time. St. Luke's Episcopal Health System in Houston, Texas (www.stlukestexas.com) is a good example of a hospital that has made effective use wireless technologies to streamline clinical work processes. Their wireless network is distributed throughout several hospital buildings and is used in many different applications. The majority of the St. Luke’s staff uses wireless devices to access data in real-time, 24 hours a day. Examples include the following:

• Diagnosing patients and charting their progress: Doctors and nurses use wireless laptops and tablet PCs to track and chart patient care data. • Prescriptions: Medications are dispensed from a cart that is wheeled from room to room. Clinician uses a wireless scanner to scan the patient's ID bracelet. If a prescription order has been changed or cancelled, the clinician will know immediately because the mobile device displays current patient data.

C9-2

• Critical care units: These areas use the WLAN because running hard wires would mean moving ceiling panels. The dust and microbes that such work stirs up would pose a threat to patients. • Case management: The case managers in the Utilization Management Department use the WLAN to document patient reviews, insurance calls/authorization information, and denial information. The wireless session enables real time access to information that ensures the correct level of care for a patient and/or timely discharge. • Blood management: Blood management is a complex process that involves monitoring both patients and blood products during all stages of a treatment process. To ensure that blood products and patients are matched correctly, St. Luke’s uses a wireless bar code scanning process that involves scanning both patient and blood product bar codes during the infusion process. This enables clinicians to confirm patient and blood product identification before proceeding with treatment. • Nutrition and diet: Dietary service representatives collect patient menus at each nursing unit and enter them as they go. This allows more menus to be submitted before the cutoff time, giving more patients more choice. The dietitian can also see current patient information, such as supplement or tube feeding data, and view what the patient actually received for a certain meal. • Mobile x-ray and neurologic units: St. Luke’s has implemented the wireless network infrastructure necessary to enable doctors and clinicians to use mobile x-ray and neurologic scanning units. This makes it possible to take x-rays or to perform neurological studies in patient rooms. This minimizes the need to schedule patients for neurology or radiology lab visits. The mobile units also enable equipment to be brought to the bedside of patients that cannot be easily moved. The wireless neurology and x-ray units have also helped to reduce the time between diagnosis and the beginning patient care.

C9-3

Original WLAN St. Luke's first WLAN was deployed in January 1998 and made the hospital an early pioneer in wireless health care applications. St. Luke’s first wireless LAN was implemented in a single building using access points (APs) made by Proxim (www.proxim.com). A principal goal of this initial installation was to improve efficiency. However, sometimes the WLAN had the opposite effect. The main problem was dropped connections. As a user moved about the building, there was a tendency for the WLAN to drop the connection rather than performing the desired handoff to another access point. As a result, a user had to reestablish the connection, log into the application again, and reenter whatever data might have been lost. There were physical problems as well. The walls in part of the building were constructed around chicken wire, which interfered with radio waves. Some patients' rooms were located in pockets with weak radio signals. For these rooms, a nurse or doctor would sometimes lose a connection and have to step out into the hallway to reconnect. Microwave ovens in the kitchenettes on each floor were also a source of interference. Finally, as more users were added to the system, the Proxim APs, with a capacity of 1.2 Mbps, became increasingly inadequate, causing ongoing performance issues.

Enhanced LAN To overcome the problems with their original WLAN and reap the potential benefits listed earlier in this case study, St. Luke's made two changes [CONR03, NETM03]. First, the hospital phased out the Proxim APs and replaced them with Cisco Aironet (www.cisco.com) APs. The Cisco APs, using IEEE 802.11b, operated at 11 Mbps. Also, the Cisco APs used direct

C9-4

sequence spread spectrum (DSSS), which is more reliable than the frequency-hopping technique used in the Proxim APs.

The second measure taken by St Luke's was to acquire a software solution from NetMotion Wireless (netmotionwireless.com) called Mobility. The basic layout of the Mobility solution is shown in Figure C9.1. Mobility software is installed in each wireless client device (typically a laptop, handheld, or tablet PC) and in two NetMotion servers whose task is to maintain connections. The two servers provide a backup capability in case

C9-5

one server fails. The Mobility software maintains the state of an application even if a wireless device moves out of range, experiences interference, or switches to standby mode. When a user comes back into range or switches into active mode, the user's application resumes where it left off. In essence, Mobility works as follows: Upon connecting, each Mobility client is assigned a virtual IP address by the Mobility server on the wired network. The Mobility server manages network traffic on behalf of the client, intercepting packets destined for the client's virtual address and forwarding them to the client's current POP (point of presence) address. While the POP address may change when the device moves to a different subnet, from one coverage area to another, or even from one network to another, the virtual address remains constant while any connections are active. Thus, the Mobility server is a proxy device inserted between a client device and an application server.

Enhancing WLAN Security In 2007, St. Luke’s upgraded to Mobility XE mobile VPN solution [NETM07]. This migration was undertaken to enhance security and compliance with HIPPA data transmission and privacy requirements. Mobility XE server software was deployed in the IT department’s data center and client software was installed on laptops, handheld devices, and tablet PCs. With Mobility XE running on both clients and servers, all transmitted data passed between them is encrypted using AES (Advanced Encryption Standard) 128-bit encryption. Mobility XE also serves as an additional firewall; devices that are not recognized by the Mobility XE server are not allowed to access the network. This arrangement helped St. Luke’s achieve its IT goal of having encryption for all wireless data communications. Mobility XE also enables the IT department to centrally manage all wireless devices used by clinicians. This allows them to monitor the

C9-6

applications currently being used by any device or user, the amount of data being transmitted, and even the remaining battery life of the wireless device. If a Mobility XE device is stolen or lost, it can be immediately quarantined by network managers. IT executives at St. Luke’s view wireless networking as key lever in their quest to increase clinician productivity and improved patient care. Mobile EKG units have been deployed bringing the total of wireless devices in use to nearly a 1,000.

Discussion Questions 1. Visit the NetMotion Web site (www.netmotionwireless.com) and access and read other Mobility XE success stories. Discuss the patterns that can be observed in the benefits that Mobility XE users have realized via its deployment and use.

2. Do some Internet research on the security implications of HIPPA requirements for hospital networks. Discuss the major types of security mechanisms that must be in place to ensure hospital compliance with HIPPA requirements.

3. Do some Internet research on the use of VLANs in hospitals. Summarize the benefits of using VLANs in hospitals and identify examples of how St. Luke’s could further enhance its wireless network by implementing VLANs.

Sources [CONR03] Conery-Murray, A. “Hospital Cures Wireless LAN of Dropped Connections.” Network Magazine, January 2003.

[NETM03] Netmotion Wireless, Inc. “NetMotion Mobility: Curing the Wireless LAN at St. Luke’s Episcopal Hospital. Case Study, 2003. Netmotionwireless.com/resources/case_studies.aspx.

[NETM07] Netmotion Wireless, Inc. “St. Luke’s Episcopal Health System: A Case Study in Healthcare Productivity.” 2007. Retrieved online at: http://www.netmotionwireless.com/st-lukes-case-study.aspx