QAAD Vietnam
Back to list

Smart Factory Architecture Done Right: Headroom for Edge AI, NAS, HA, Firewall

Published: April 20, 2026By: QAAD Engineering
Smart Factory Architecture Done Right: Headroom for Edge AI, NAS, HA, Firewall

Piecemeal factory IT is the single biggest reason Edge AI, MES, and digital-twin rollouts become expensive. QAAD designs a layered architecture with 5–7 years of headroom, led by engineers who truly understand FDI/EPE manufacturing operations.

A common reality in Vietnamese factories: IT infrastructure is built piecemeal — buy a switch when ports run out, add a server when an app lags, plug a PC in when a new machine arrives. Three to five years later, when the business wants to roll out Edge AI, MES, or a digital twin, the flat L2 network cannot be segmented, core bandwidth is saturated, the racks are full, and swapping a single switch takes a whole day of downtime. Retrofit costs grow exponentially.

Designing it right on day one doesn't cost much more — but in five years it saves hundreds of thousands of dollars and hundreds of production hours.

A layered architecture for the smart factory

A multi-line plant is a compact data centre. You need five clear layers — from the shop floor to the cloud:

FLOOR PLC · CNC · Camera · Microphone · IoT sensors PLC Camera Mic PoE sens SCADA EDGE Edge AI box · IoT Gateway · Local cache Edge AI – ScanEye Edge AI – SoundAI IoT Gateway DISTRIBUTION Access switch · VLAN segmentation · PoE++ Access Sw. A (PoE++) VLAN 10/20/30 Access Sw. B (spare) 20% ports reserved CORE HA Firewall · HA Core Switch · NAS + DR · EDR console Firewall HA active / passive Core Sw. HA MLAG / VSS NAS + Snap DR off-site EDR / SIEM Trend Micro + log CLOUD / DR — dashboards, ML training, off-site backup
Fig. 1. QAAD's 5-layer reference: Floor → Edge → Distribution → Core (HA + NAS + EDR) → Cloud/DR. Each layer has a distinct role.

The four pillars you cannot skip

  • NAS + DR + Snapshot: Production data (machine logs, camera feeds, AI models) must not be lost. Large-capacity NAS + hourly snapshots + off-site DR.
  • HA (High Availability): Dual firewalls (active/passive), dual core switches (MLAG/VSS). A single point of failure halts the whole plant — unacceptable.
  • Segmented Firewall: Separate OT network from IT office; VLANs for cameras, Edge AI, guest Wi-Fi. A single ransomware-infected PC doesn't take the plant down.
  • Endpoint Security (EDR): Trend Micro Apex One or equivalent on every endpoint, feeding a SIEM. Attacks are caught early.

Edge AI — why you must leave headroom

When a line needs AI Inspection or Sound Inspection, the model must run right at the edge — never through the cloud:

  • Latency: < 100 ms to reject a defective unit at the right position. A cloud round-trip is seconds.
  • Privacy: Line camera/audio is trade-secret data — it must not leave the plant.
  • Reliability: Losing Internet cannot stop production.
  • Cost: Millions of inferences/day × cloud API = not viable.
Production line → Station 1 · Camera Edge AI · ScanEye OK Station 2 · Mic Edge AI · SoundAI NG Station 3 · PLC IoT Gateway Central MES · Data Lake Analytics aggregated metrics Inference tại biên: quyết định NG/OK trong < 50 ms — không phụ thuộc cloud, không phụ thuộc Internet
Fig. 2. Edge AI placed at the station: camera → ScanEye, mic → SoundAI, PLC → IoT Gateway. Local NG/OK decisions; only aggregated metrics flow up.

Design headroom so Edge AI fits in later:

  • Core bandwidth provisioned at 2× current demand.
  • 20% spare switch ports on every rack.
  • PoE++ on access switches so AI cameras don't need separate power.
  • Reserved VLANs / IP ranges for Edge AI, IoT, SCADA separation.
  • Racks with dual power + UPS and room for 2–3U Edge AI boxes.

A central data system — the prerequisite for plant-wide AI

BI · Dashboards · ML training Central Data Lake · MES · Historian Edge AI · local cache · protocol bridge Sensors · PLC · CNC · Camera · Mic Nguyên tắc • Dữ liệu chảy lên • Lệnh chảy xuống • Edge xử lý latency • Cloud xử lý trend • NAS central + DR
Fig. 3. The data pyramid: sensors/PLCs → Edge AI → central Data Lake → dashboards & ML training. Data flows up, commands flow down.

Without a central data lake, every line is a silo — you can't train statistically meaningful models, can't do predictive maintenance, can't produce plant-wide reports. QAAD insists on a data architecture from day one: raw (machine logs) → processed (MES) → analytics (BI / ML).

Process digitisation — not "putting paper forms in an app"

  • Video SOPs in multiple languages (see this post).
  • MES directly wired to PLC / SCADA — no manual entry.
  • Audit trails auto-generated for ISO 9001 / IATF 16949 / GMP.
  • Integration: ERP ↔ MES ↔ WMS ↔ QMS — not islands.

The cost of getting it wrong — hard numbers

Chi phí tích luỹ → Năm vận hành → Year 1 Year 2 Year 3 Year 4 Year 5 Thiết kế vá víu → phình to Design-first → tuyến tính + rewire whole floor + replace flat L2 → segmented + downtime lớn cho Edge AI
Fig. 4. Cost curve: piecemeal design (red) grows exponentially because of rewire/rethink; design-first (green) is linear and forecastable.

Real numbers we've witnessed:

  • Rewiring a 5,000 m² factory from flat L2 to segmented L3 ≈ 150–300K USD + 1–2 weeks downtime.
  • Low-end NAS bought year one, replaced year three = ~40K USD + data-migration risk.
  • No HA firewall: a single 4-hour outage on a charger line ≈ 80K USD lost output + FDI-customer penalties.
  • No VLAN segmentation: one ransomware event → 3 days of full plant downtime; recovery bill in six figures.

QAAD — not a hardware reseller, but a complete architecture partner

Our difference: a team that understands how a factory actually operates, not just the technology. QAAD engineers have walked the floors of FDI/EPE plants in Bac Ninh, Phu Tho, Binh Duong, Dong Nai — understanding the process from "first shift sample" to "end-of-line acceptance".

More importantly, QAAD delivers a single end-to-end stack, not just a pile of equipment:

  • Infrastructure hardware: Cisco networking (switches/firewalls), NAS, servers, UPS, Edge AI boxes, GPU clusters, endpoint security appliances.
  • Business software: MES, WMS, QMS, SOP training system, BI dashboards, ERP integration — built in-house or delivered through our partners.
  • Specialised AI models: AI Inspection (machine vision), Sound Inspection (acoustic), Predictive Maintenance — built for each customer problem, not shrink-wrapped products.
  • Operation & handover: SLAs, internal IT training, operations runbooks.

One partner, accountable from the first metre of cable to the final AI model — no finger-pointing between five or six different vendors when something breaks.

QAAD's smart-factory consulting covers:
  • As-is assessment: infrastructure, processes, people, 5-year plan.
  • Reference architecture: network, data, AI, security, software — clearly layered.
  • Detailed BOM: Cisco networking, Trend Micro security, NAS, AI servers, GPU boxes.
  • Software stack: MES / SOP / BI / AI inference — build vs. buy decisions.
  • Phased rollout plan so production never stops.
  • In-house IT training — clean handover.

Our mission

Quality Assurance · Active Development — our customers don't pay for a pretty deck. They pay for an architecture that lives 5–7 years, ready to accept Edge AI, MES, IoT, or a digital twin whenever they decide.

If you're building a new plant, expanding a line, or preparing to deploy AI — talk to QAAD before signing hardware POs. A single free consultation can save you a six-figure mistake.