Section §8
Integration inventory
File imports/exports, APIs, third-party touchpoints, scheduled jobs.
This section catalogues every data exchange between MES-Plus and an external system, plus every scheduled job that runs inside the customer’s environment to support those exchanges. The inventory is the source for §11 risk items relating to the broker and the integrations more broadly.
8.1 Inventory
| # | Name | Direction | Counterparty | Format | Transport | Frequency | Owner |
|---|---|---|---|---|---|---|---|
| 1 | Bank A payment out | Out | Bank A | ABO 1.2 | SFTP, key auth | Weekly Fri 16:00 | Broker |
| 2 | Bank A statement in | In | Bank A | MT940 | SFTP, key auth | Daily 06:00 | Broker |
| 3 | Bank B payment out | Out | Bank B | MultiCash | SFTP, password | Ad-hoc | Broker |
| 4 | Bank C payment out | Out | Bank C | ISO 20022 pain.001 | HTTPS API + cert | Ad-hoc | Broker |
| 5 | Bank D payment out | Out | Bank D | ABO 1.2 | SFTP, key | Ad-hoc | Broker |
| 6 | Bank E payment out | Out | Bank E | ABO 1.2 | SFTP, key | Ad-hoc | Broker |
| 7 | Customs portal | In/Out | ČNB-equivalent | XML, signed | HTTPS web service | Per declaration | Broker |
| 8 | EDI partner #1 — INVOIC out | Out | Large customer #1 | EDIFACT D.96A | SFTP | Per invoice batch (typically 1×/day) | SSIS |
| 9 | EDI partner #1 — ORDERS in | In | Large customer #1 | EDIFACT D.96A | SFTP | Daily 02:00 | SSIS |
| 10 | EDI partner #1 — ORDRSP out | Out | Large customer #1 | EDIFACT D.96A | SFTP | Daily 04:00 | SSIS |
| 11 | EDI partner #2 — orders | In | Large customer #2 | Custom CSV | SFTP | Daily 03:00 | SSIS |
| 12 | EDI partner #2 — invoices | Out | Large customer #2 | Custom CSV | SFTP | Daily 03:30 | SSIS |
| 13 | EDI partner #3 — orders | In | Large customer #3 | Custom CSV | SFTP | Daily 03:00 | SSIS |
| 14 | EDI partner #3 — invoices | Out | Large customer #3 | Custom CSV | SFTP | Daily 03:30 | SSIS |
| 15 | BI export | Out | AWS S3 bucket → BI warehouse | CSV (12 files) | AWS CLI, IAM key | Daily 02:00 | SSIS + .bat |
| 16 | Payroll export | Out | Payroll vendor system | Custom CSV | Manual upload via browser | Monthly | Manual |
| 17 | Tax-filing export | Out | Accountant’s office | PDF + XML | Monthly | Manual | |
| 18 | Engineering BOM/routing intake | In | Engineering file share | Manual entry | Manual UI entry | Per engineering change | Manual |
Eighteen integrations total. Fifteen automated (entries 1–15), three manual (entries 16–18).
8.2 The broker — what it is, what it does
The custom integration broker is a single Windows Service on APP01:
- Implemented in C#, .NET Framework 4.7 (not .NET Core / .NET 5+)
- Approximately 18 000 lines of customer-written code, plus two referenced third-party DLLs (
SecureBlackboxfor SFTP andAspose.Cellsfor spreadsheet manipulation) - Persistent state in three database tables (
broker_queue,broker_log,broker_config) - Configuration via XML file (
broker.config.xml) plus thebroker_configtable - Logs to
broker.log(flat file) plusbroker_log(database) - Email-on-error to
it@customermailing list
The broker handles entries 1–7 of §8.1 (bank and customs). It does not handle EDI (those are SSIS) or BI export (also SSIS).
Authentication and secrets: SFTP keys and customs-portal certificates live on disk in a folder readable only by the service account (svc_broker). Passwords in broker.config.xml are AES-encrypted with a key derived from the machine ID; the key is not externally backed up. A machine rebuild without prior export of this key would render the secrets unrecoverable. [Sev-2, R-07]
Failure handling: per-integration retry counts and backoff are configurable. Failures past the retry threshold land in broker_log with status failed; an email is sent. No alerting beyond email.
Source code provenance: the customer holds the C# source in an internal git repository (since 2018; before that, on a network share with versioned filename copies). The two third-party DLLs are licensed; SecureBlackbox is still maintained by its vendor, Aspose.Cells likewise.
8.3 SSIS estate
Seven SSIS packages handle entries 8–15:
| Package | Function | Schedule | Source last touched |
|---|---|---|---|
edi_in_orders | EDI partners #1, #2, #3 — order intake | 02:00–03:00 | 2022 |
edi_out_acks | EDI partner #1 — order acknowledgements | 04:00 | 2019 |
edi_out_invoices | EDI partners #1, #2, #3 — invoice output | 03:30 | 2022 |
bi_export_master | Daily CSV export of master-data deltas | 02:00 | 2024 |
bi_export_trans | Daily CSV export of transactional deltas | 02:15 | 2024 |
data_archive | Quarterly archive of old inventory transactions to inventory_transactions_archive | Quarterly | 2018 |
stats_refresh | Weekly statistics rebuild for query plans | Sunday 04:00 | 2016 |
The 2018 and earlier packages use older SSIS components (some deprecated). They still run on the SQL Server 2014/2019 hosts but warn in the SSIS log at every run. [DOC]
Owner: customer’s IT (the same person who maintains the broker). External SSIS expertise is available regionally but has not been retained.
8.4 Inbound vs outbound — coupling profile
| Class | Count | Failure of this class blocks… |
|---|---|---|
| Inbound (data into MES-Plus) | 5 (entries 2, 7, 9, 11, 13) | Sales process for EDI customers (entries 9, 11, 13); cash application for entry 2; customs clearance for entry 7 |
| Outbound (data out of MES-Plus) | 10 | Payment for entries 1, 3–6; customer invoicing for entries 8, 12, 14; BI dashboard for entry 15 |
| Bidirectional | 3 (entries 7, plus EDI pairs treated as one logical relationship) | as above |
The customer’s most fragile dependency is on EDI partner #1 — the largest customer by revenue, with a strict SLA on EDIFACT INVOIC turnaround (invoice must arrive by 06:00 same day as goods are received in their warehouse). Two missed SLAs in 12 months trigger a chargeback clause. [DOC, customer-supplied contract excerpt]
8.5 Manual / un-automated touchpoints
Three integration points are not automated:
- Payroll export (entry 16) — the HR administrator runs a custom report, exports CSV, logs into the payroll vendor’s portal, uploads. Monthly. Documented but error-prone (auditor observed one re-upload during the audit window due to a misformatted column).
- Tax-filing export (entry 17) — accountant exports PDFs and XMLs, emails them to the external tax accountant who files with authorities. Monthly.
- Engineering changes (entry 18) — engineer enters BOM and routing changes manually into MES-Plus screens. The audit observed a backlog of approximately 30 pending changes at the time of audit; this is partly because the engineer responsible has been on extended leave. [INT, OBS]
The manual touchpoints are candidates for §12 modernisation; they are not currently broken, but each has fragility.
8.6 Integration risk concentration
Two structural risks dominate:
- Single-person broker knowledge. The integration broker has one maintainer who retires in 2027. Broker rewrite (or at least documentation extraction) is the highest-priority finding in §11. [Sev-1, R-02]
- Encrypted secrets without external key escrow. The
broker.config.xmlencryption key is machine-bound and not backed up off-machine. A loss of APP01 without prior key export would force the customer to obtain all SFTP credentials and certificates fresh from every counterparty — a multi-week task. [Sev-2, R-07]
§11 catalogues these and other risks; §12 maps them to remediation tiers.