Presentation Pre-Read Showcase IT Briefing Blender
Airgas an Air Liquide company
Confidential · Internal
IT Briefing
Pilot Plant · Infrastructure & Software Stack

Agentic AI for the
Air Separation Unit —
infrastructure & software brief.

Site
Pilot Plantsingle-site scope
Window
2026 — 20276-month gate
Operating Mode
Observationread-only OT
Compute
100% on-premedge inference
Helping customers advance their business performance and reach their full potential.

Network Posture · Purdue Reference Architecture (ISA-95 / IEC 62443)

L0 — L2
Process · Basic & Supervisory Control
Plant DCS, OPC-UA gateway — untouched. Read-only egress only.
L3.5
DMZ / IDMZ
Industrial firewall · one-way ACL pilot · hardware diode for fleet rollout.
L4
Site Operations · IT Network
Agent stack, inference rig, dashboards, historian — this is where we live.
L5
Enterprise
Airgas / Air Liquide AD federation · monitoring forward to Group SOC.
Per-plant CAPEX · OPEX
$103 – $143K CAPEX
+ $12 – $26K/yr subs
May 2026 defensive · supply-chain hardened
Models
Open-weight
Qwen 3.6 · Gemma 4
Egress
Whitelisted
weather · NTP
Stack
Open-source
Apache · MIT · BSD
IT Briefing · Pilot Plant
01 / 04
Airgas an Air Liquide company
Hardware BOM · Part 1
Edge Inference Node
Section I · Hardware

Per-plant edge inference rig — 2U on-premise.

Single 2U Supermicro chassis hosting the full agent stack, vLLM/SGLang inference, and the local Bronze/Silver/Gold data layer. Sized to run Gemma 4-31B FP8 with KV-cache headroom and the 18-agent swarm concurrently. Hot-spare GPU in the second slot for zero-downtime through the six-month pilot gate. Prices shown as ranges: low = current May 2026 estimate, high = defensive ceiling sized to absorb supply-chain volatility (memory shortage markups, GPU spot pricing, tariff / lead-time premiums).

Supermicro 2U GPU server
Supermicro 2U GPU Server
Server · Compute Chassis
Supermicro 2U GPU Server
Dual AMD EPYC · 256 GB DDR5 ECC RDIMM · redundant Platinum PSUs · 2× double-wide GPU slots · OCP 25 GbE NIC. Vendor-supported, on Group approved-vendor list.
Qty 1$10,500 – $13,500
NVIDIA RTX 6000 Ada
RTX 6000 Ada · 48 GB
GPU · Primary
NVIDIA RTX 6000 Ada
48 GB GDDR6 ECC · Ada Lovelace · FP8 Transformer Engine · blower-cooled, dual-slot 300 W. Hosts inference and the swarm runtime; vendor support included.
Qty 1$9,000 – $11,500
NVIDIA RTX 6000 Ada hot spare
RTX 6000 Ada · Spare
GPU · Hot Spare
NVIDIA RTX 6000 Ada
Identical card, second slot. Failover GPU for zero-downtime operation across the 6-month pilot gate. Drilled weekly. RTO target < 15 min.
Qty 1$9,000 – $11,500
NVMe U.2 SSD
NVMe U.2 · 7.68 TB
Storage
NVMe U.2 SSD · 7.68 TB
Enterprise U.2 PCIe Gen4 · 1 DWPD endurance · model weights, telemetry buffer, local log retention, and historian hot-tier. Bronze Parquet ~50 GB/yr/plant compressed.
Qty 2$3,800 – $5,000

The rig at a glance

GPU compute
2× RTX 6000
96 GB VRAM total
System memory
256 GB DDR5
ECC RDIMM
Local storage
15.36 TB NVMe
U.2 Gen4 · 1 DWPD
Fabric
25 GbE dual-port
OCP NIC · hardware TLS

End-to-end network topology · OT → DMZ → IT → HMI

EXISTING · PLANT OT untouched · owned by plant PILOT SCOPE — WHAT WE INSTALL & OWN data diode · firewall · ToR · 2U inference rig · UPS · PDU · cabinet NO INSTALL browser thin-client only PLANT FLOOR PURDUE L1 — L2 · OT INDUSTRIAL DMZ PURDUE L3.5 · HW DATA DIODE IT · INFERENCE STACK PURDUE L3 — L4 · ON-PREM OPERATOR HMI PURDUE L5 · CONTROL ROOM Data Origin from Process DCS bus · Modbus/TCP DCS Yokogawa CENTUM Safety PLC SIS · isolated OSI PI HISTORIAN tag store · 1 Hz EXISTING · OT-OWNED read-only tap point OT plant LAN switch OPC-UA · 1G EXTRACTION DIODE TX Owl / Waterfall DualDiode 100 SFP+ LC AIR GAP RX receive only SM fiber · 1310 nm photon-only no e- return Hardware data diode electrically one-way · UDP 10 Hz OPC-UA FORTIGATE 100F L3.5 SEGMENTATION FIREWALL ToR · 10/25 GbE switch SUPERMICRO 2U · INFERENCE Dual EPYC · 256 GB · NVMe 2× 7.68 TB GPU 1 · primary GPU 2 · spare 2× NVIDIA RTX 6000 Ada · 48 GB 24-port fiber/Cu patch panel RACK UPS · 6 kVA online Battery extension · 30 min SMART PDU · 208V 30A METERED 208V mains · 30A breaker P1 P2 P3 Telemetry Grafana + Prometheus GPU util · inf latency audit log · hash-chain Rack Env. Mon. temp · humidity · smoke no liquid cooling Hot/Cold Aisle containment + 600W headroom Compute envelope 2× 48 GB VRAM 96 GB Gemma 4 31B FP8 ~31 GB KV cache · 18 agents ~28 GB Headroom 37 GB Total power ~1.6 kW UPS load (40%) 2.4 kVA RECOMMENDATION QUEUE ▸ MAC trip risk · $42K ▸ Spot pull arb · $18K ▸ Boil-off vent flag ▸ Truck re-route · $7K ACCEPT REJECT Operator decides. Zero setpoints written. HMI thin client browser · TLS 1.3 · mTLS HTTPS · WS · 1 GbE accept/reject ack (audit only) No public-internet egress on-prem only · no cloud API
Compute subtotal — May 2026 estimate · single edge inference rig
$32,300 – $41,500
Hardware BOM · Edge Inference Compute
02 / 04
Airgas an Air Liquide company
Hardware BOM · Part 2
Network · Power · Services
Section I · Hardware (cont.)

Plant network, power, enclosure & services.

Plant-side network, power, and rack enclosure follow ISA / IEC-62443 zoning. All items per-plant. Includes one-time plant-side electrical install, structured cabling, environmental monitoring, field-engineer commissioning, year-1 hardware support, and a 15% hardware contingency.

Fortinet FortiGate 100F
FortiGate 100F
Network · IT/OT firewall
Fortinet FortiGate 100F
Purdue L3/L3.5 segmentation — non-negotiable for the OT bridge. Strict ACLs OT→IT one-way; zero IT→OT writes for Phase 2. Logs forward to Group SOC via syslog.
Qty 1$11,000 – $14,500
10/25 GbE TOR switch
10 / 25 GbE TOR Switch
Network · top-of-rack
10 / 25 GbE Managed Switch
Intra-rack networking and telemetry aggregation. SFP28 uplinks to the inference node and firewall. SNMP, sFlow, and 802.1X for operator HMI auth.
Qty 1$4,500 – $6,500
Structured cabling, fiber, patch panels
Cabling · Fiber · Patches
Network · cabling
Structured Cabling, Fiber, Patch Panels
Intra-rack copper and rack-to-firewall fiber runs. 1U fiber patch panel with SC/LC, splice trays, and labeled bundles. Documented as-built for plant IT.
Qty 1$2,000 – $3,000
Rack UPS 6 kVA online
Rack UPS · 6 kVA
Power · UPS
Rack UPS · 6 kVA Online
Online double-conversion · 3U rack form · pure sine ride-through for plant voltage events. Dual feeds to redundant PSUs. SNMP into Prometheus.
Qty 1$5,500 – $7,500
Smart rack PDU 208V 30A
Smart Rack PDU
Power · PDU
Smart Rack PDU · 208 V / 30 A
Metered per-outlet, remote-controlled, SNMP. Feeds the redundant PSUs. Per-outlet alerting wired into Alertmanager.
Qty 1$2,500 – $3,500
208 V · 30 A
IT-room electrical
Power · plant-side install
Plant-Side Electrical Install
Dedicated 208 V / 30 A circuit, breaker, conduit, labor. One-time work in the plant IT room. Coordinated with plant facilities ahead of rig delivery.
Qty 1$8,500 – $13,000
Rack airflow + environmental monitoring
Airflow · Env Monitor
Enclosure · environment
Rack Airflow + Env Monitoring
Blanking panels and airflow containment. Temperature, humidity, smoke sensors. SNMP to Prometheus + plant BMS. No liquid cooling at 300 W/card.
Qty 1$4,500 – $6,500
24U half-rack cabinet
24U Half-Rack Cabinet
Enclosure · cabinet
24U Half-Rack Cabinet
Lockable front and rear doors · cable management · blanking panels. Standard server rack for the plant IT room. Mounts directly above the UPS.
Qty 1$2,500 – $3,800

Services, support & contingency

Line itemFunctionCost / site
Monitoring stack Grafana + Prometheus dashboards for agent telemetry, GPU utilisation, inference latency, and rack environment. $3,000 – $4,500
Install & commissioning labor Third-party field engineer stand-up — 40 hours. Rack-and-stack, cabling, baseline configuration, smoke test against the digital twin reference. $8,000 – $12,000
Year-1 hardware support Supermicro / Dell ProSupport equivalent for chassis and GPU RMA. NBD on-site for the pilot duration. $5,500 – $8,000
Hardware contingency (15%) Covers RMA, cable re-work, plant-side remediation. Released to operations if unspent at month 6. $13,500 – $18,500
Total — May 2026 estimate · single-plant rig (compute + N/P/E + services + contingency)
$103,300 – $142,800
Hardware BOM · Network · Power · Services
03 / 04
Airgas an Air Liquide company
Software Stack
System-level only
Section II · Software

System-level software — what runs on the hardware.

Layers that connect directly to the rig hardware — base OS, GPU stack, container runtime, inference, observability, security, backup. All system-level software below is OSS or free-from-vendor. Anything with a license fee is listed at the bottom as a managed subscription. Application-layer Python / agent / data tooling is in the engineering runbook — out of scope here.

Base OS · GPU stack · container runtime

LayerComponentFunctionLicense
Base OSUbuntu 22.04 LTShardened · CIS benchmarkGroup baseline OS image. AppArmor enforced. Unattended security patching via Ubuntu Pro.
Init / servicessystemdService supervision, journaling, time sync (timesyncd → plant NTP).LGPL
GPU stackNVIDIA driver 550+ · CUDA 12.4+ · cuDNN · NCCLGPU device driver, compute runtime, comms library. Mirrored on internal artifact registry — no live external pulls.NVIDIA
GPU monitoringnvidia-smi · DCGMGPU health, ECC, thermals, power draw. Exporter feeds Prometheus.NVIDIA
Container runtimeDocker Engine · Docker Compose · TraefikContainer runtime + reverse proxy / TLS termination. Free Docker Engine on Linux (Docker Desktop is a separate paid item — see managed subs).Apache 2.0

Inference runtimes

LayerComponentFunctionLicense
Primary servingvLLMPagedAttention · continuous batchingPrimary serving runtime. OpenAI-compatible API. FP8 / AWQ quantization paths.Apache 2.0
Structured generationSGLangStructured generation, constrained decoding, agent deliberation. Speculative decoding via draft models.Apache 2.0
Accelerated · embeddingsNVIDIA TensorRT-LLM · Text Embeddings Inference (TEI)Optimized engine builds for low-latency production paths. TEI hosts bge-m3 + reranker for the RAG pipeline.Apache 2.0

Observability · metrics · logs

LayerComponentFunctionLicense
Metrics TSDBPrometheusPull-based metrics, 15s scrape. 30-day local retention; long-term forward to Group infra if requested.Apache 2.0
Exportersnode_exporter · DCGM exporter · snmp_exporterHost CPU/disk/net, GPU util/ECC/thermals, UPS / PDU / switch / firewall metrics.Apache 2.0
DashboardsGrafanaOperator and SRE dashboards. Pre-built panels for inference latency, GPU health, agent throughput.AGPL
Alerting · logsAlertmanager · Loki · PromtailAlert routing to Group on-call (webhook → Group SOC). Centralized container logs forwarded to Group SIEM via syslog.Apache 2.0 / AGPL

Identity · secrets · transport security

LayerComponentFunctionLicense
Identity · SSOSAML / OIDC → Airgas ADFederation against Group AD. RBAC on operator HMI, MCP admin, historian read endpoints.Group standard
Secrets · VPNHashiCorp Vault · WireGuardAll tokens, artefact keys, OPC-UA creds sealed in Vault (quarterly rotation). WireGuard for MFA-gated out-of-band access by on-call.
TransportTLS 1.3 · mTLS · cert-managerAll intra-stack and HMI traffic encrypted. Certs from Group internal PKI. Auto-renewal.Apache 2.0

Backup · disaster recovery

LayerComponentFunctionLicense
Backup engineRestic (encrypted)Daily Parquet snapshots, weekly full system backup. Encrypted at rest. Off-plant target if Group provides one.BSD
DB · syncpg_dump · pgBackRest · rcloneContinuous WAL archiving (PITR 5-min RPO) and rclone mirror to Group archival storage.PostgreSQL / MIT

Managed subscriptions — recurring OPEX (annualised, per plant)

SubscriptionWhat it coversYear-1 range
CIS-hardened image · AppArmor · 10-yr ESM · kernel livepatch. 2 rig nodes at ~$200–$750/node/yr.$500 – $1,500
Docker Desktop site license for the dev team (Airgas > 250 employees triggers commercial-use clause). 15 seats × $5–$24/mo. Rig runs free Docker Engine on Linux.$1,000 – $4,500
Vendor-supported GPU driver / CUDA / TensorRT-LLM. NBD on-site GPU support. 2 GPUs × ~$2.25–$4.5K/yr. Optional — TensorRT-LLM is free standalone.$4,500 – $9,000
Auto-unseal · namespaces · audit forward to Group SIEM. Small-team tier. Replaceable with OpenBao (Apache 2.0 fork) at zero cost.$2,000 – $5,000
Small SaaS / individual-seat subs accumulated through the pilot — observability add-ons, certs, GitHub seats, ad-hoc tooling. Conservative ~$300–$500/mo.$3,500 – $6,000
TOTAL · YEAR-1Recurring OPEX — separate from one-time CAPEX. Low = current May 2026 estimate, high = defensive ceiling.$11,500 – $26,000
Software · System-level stack · Managed subscriptions
04 / 04