Jellinbah mine
Strategic Workshop — Thursday 21 May 2026

Jellinbah
IT & OT
Strategy

More than a managed service — a strategic technology partnership. This workshop marks a new chapter: rebuilding full visibility of Jellinbah's IT & OT environment and delivering the infrastructure, security, and operational resilience a multi-billion-dollar mining operation demands.

Scroll
Workshop Overview

Agenda

Seven sessions for the Smile IT and Jellinbah leadership workshop — Thursday 21 May 2026.

01
10 mins
Opening, Introductions & Purpose
Align both teams on attendees, roles, and the purpose of today's workshop.
02
15 mins
Business & Technology Context
Jellinbah strategy, Smile IT identifying technology risks and capability & capacity.
03
15 mins
Current State Assessment
What is working vs what needs improving — on both sides.
04
20 mins
Future State Vision
Where we want to be — infrastructure, security, OT, and the technology environment Jellinbah needs to grow.
05
30 mins
Recommendations
Short-term (1 year), medium-term (1–2 years) & long-term (2+ years) — including innovations.
06
30 mins
Future Roadmap & Resourcing
How do we get to the future state? Sequencing, dependencies, and the team behind delivery.
07
45 mins+
Managed Services Agreement
Inclusions, exclusions, commercial review, proposed Shield Max structure, and path to a renewed agreement.
08
15 mins
Confirm Next Steps
Agree on actions, owners, and timelines coming out of today's workshop.
Workshop Participants

Introductions

S

Smile IT

Anthony Niven
Head of Business Development (Account Manager)
Angus Broadfoot
Service Delivery Manager
Trevor Burne
Head of Projects, Consulting & AI
Stephen Donald
Project System Engineer
Peter Drummond
Director
Cameron de Witte
Not Attending
Head of Security — Smile IT & Client Security Operations
J

Jellinbah Group

Kate Green
Chief Financial Officer
Mark Anthony
Head of Technology
Greg Sultana
Information Systems Manager
Brent Williams
Electrical Engineering Manager
Dan Lyons
Former Head of IT
2. Business & Technology Context

Current State Assessment

The Vernetzen Network Review (Luke King, Principal Consultant) identified six critical findings across Bluff and Plains operations. While the network successfully supports current operations, significant gaps threaten future growth and operational continuity.

IT/OT Network Topology
Bluff & Plains Operations
IT/OT Network Overview

Six Critical Findings

F1

In-Pit Connectivity & Reliability

Critical
F2

No Network Visibility or Monitoring

High
F3

No IT/OT Strategy or Architecture

High
F4

Operational Model Challenges

Medium
F5

Low Standards Maturity

Medium
F6

Limited IT/OT Knowledge Among Decision Makers

Medium

Tower Infrastructure Recommendations

Fixed towers provide stable backhaul for mobile trailers, with permanent fibre connections and backup power. Four towers are recommended across Bluff and Plains operations. Ramp 7 has been completed since the Vernetzen assessment, and Mac North is currently underway.

LocationHeightTypeStatus
Ramp 760mGuyedCompleted
Mac North40mGuyed / Self-supportingUnderway
Plains South30mGuyed / TransportablePlanned
Central South40mGuyed / Self-supportingPlanned
Communications tower at mine site
Infrastructure
Fixed towers provide stable backhaul for mobile trailers
Current State · Field Intelligence — April 2026

Operational Impact

On-site Smile IT engineers are witnessing network degradation firsthand. The following is a direct account from a Smile IT field engineer following a site visit in April 2026, corroborated by supervisor feedback across four departments.

Mine Has Effectively Tripled Its Permanent Workforce Since 2023

Jellinbah now operates at multi-billion-dollar scale. The current network infrastructure was not designed for this level of concurrent users, applications, and safety-critical workflows. On rain days — when outdoor work stops and all staff move indoors — the network slows to a crawl or stops entirely.

HST

Critical
Mobilise MeLearning ModulesConference Rooms

Regular failures on rain days. Conference rooms non-functional. Safety inductions blowing out by up to 50%.

CHPP

High
File AccessMEXiVolve

File access, MEX, and iVolve performance heavily degraded. Operations staff unable to complete workflows during peak load.

Tech Services

High
File ServerMaptek

File server access delays. Maptek running extremely slow — directly impacting mine planning and survey workflows.

Maintenance

Moderate
iVolveMEX

iVolve and MEX often slow or inoperable during peak load. Maintenance scheduling and work order management impacted.

Safety Workflow Impact

Delayed safety form submissions across multiple departments
Contractor inductions blowing out by up to 50% due to platform failures
Some users unable to use workstations or core applications at all during peak load

Recommended Starting Point

Based on field observations and input from Smile IT's senior engineers, the most productive initial investigation should focus on latency profiling and bottleneck identification across the site WAN and core switching infrastructure. The symptoms — rain-day degradation, application-specific slowdowns, and peak-load failures — are consistent with bandwidth saturation, QoS misconfiguration, or upstream ISP contention.

Latency Profiling
Baseline and peak-load latency across all site segments
Bandwidth Utilisation
Identify saturation points on WAN links and core switches
QoS Review
Validate traffic prioritisation for safety-critical applications
Current State · Infrastructure Risk

Redundancy & Resilience

Today, Jellinbah's entire technology stack — servers, domain controllers, storage, and core switching — sits in a single data centre at one site. A single point of failure at that location takes down both Bluff and Plains operations simultaneously.

Current State — Single Point of Failure

All production servers, domain controllers, and core network infrastructure currently reside in a single data centre at one site. There is no secondary cluster, no geographic failover, and no automatic recovery path. An extended power outage, hardware failure, or physical incident at that location would render both mine sites operationally blind — no SCADA, no domain authentication, no business applications.

Four Layers of Redundancy Required

Current State

Redundant internet connections are confirmed in place across all Jellinbah sites — diverse carrier paths providing failover capability.

Risk

Ongoing monitoring and periodic failover testing is required to ensure redundancy remains active and functional as the network evolves.

Recommendation

Maintain dual-ISP configuration. Schedule periodic failover testing (at minimum annually) to validate that automatic switchover operates as expected. Document carrier contacts and escalation paths.

Current State

Multiple fibre runs exist across site, but path diversity is limited in key areas — at MacNorth, both redundant paths run along the same road, meaning a single excavation or equipment strike could sever both. Non-fibre backup paths (microwave/wireless) exist in some areas but their operational status is not fully confirmed.

Risk

Untested or unverified redundancy is not redundancy. A single incident on a shared corridor could sever inter-site connectivity with no confirmed fallback.

Recommendation

Confirm with site comms technicians whether backup path testing has already been completed. Where testing has not been done, schedule formal failover tests under realistic conditions. Map all fibre routes, identify shared-path vulnerabilities, and prioritise diverse physical routing between critical buildings.

Current State

The current in-pit mesh (Ivolve) is built on 2.4GHz Wi-Fi using OLSR (Open Link State Routing) — a protocol designed for fixed neighbourhood meshes circa 2010. With 400+ mobile devices, every device movement triggers a broadcast, consuming airtime for routing overhead rather than application traffic. The mesh is technically self-healing but is not fit for purpose at this scale.

Risk

Bandwidth is consumed by routing protocol overhead, not application data. As the pit grows and device count increases, performance degrades further. Real-time SCADA and collision-avoidance systems cannot rely on this architecture.

Recommendation

Commission a desktop study and RF coverage design to identify all gaps and model alternatives. Options include next-generation Kinetic Mesh (technology-agnostic), Private LTE/5G, or a hybrid architecture. A decision cannot be made without a full site survey and findings report.

Current State

All servers in a single data centre at one site. Domain controllers, file servers, SCADA historians, and business applications all co-located.

Risk

Single site failure = complete loss of authentication, file services, SCADA data, and all business applications across both mine sites.

Recommendation

Implement the original stretched cluster design: split the server cluster across two physically separate locations at site (e.g., main admin building + mine operations centre). Windows Server Failover Clustering (WSFC) or VMware vSAN Stretched Cluster provides automatic failover with near-zero RTO.

Current State · In-Pit OT Wireless — Action Required

In-Pit OT Wireless Review

The in-pit OT wireless network is not performing. This issue has surfaced repeatedly across tickets, operational feedback, and the independent network review. Before any technology is selected, Smile IT recommends a structured desktop study and coverage design to understand the full scope of the problem — and to ensure the right solution is chosen for Jellinbah’s specific environment.

Voice of Operations — Zared Crosby, Mobile Tech Supervisor

Recurring themes from Zared's ticket and email traffic paint a clear operational picture: repeated network drop-outs are affecting VIMS downloads, KPAR telemetry, and iVolve/Titan systems. He is a strong advocate for Rajant Kinetic Mesh as the path forward for in-pit connectivity, and is frustrated that the strategic decision continues to slip. There is also ongoing tension over what is covered under the MSA versus project work, and multi-vendor coordination delays are creating single points of failure in the field.

In-pit reliability failuresRajant mesh advocacyBAU vs project scope frictionMulti-vendor coordination delays
Why This Can’t Be Deferred Further
OT Network Not Performing

Haul trucks, SCADA sensors, and autonomous systems depend on continuous, low-latency wireless. Current infrastructure cannot reliably cover a dynamic, deepening open-cut pit.

Repeatedly Flagged

Wireless coverage gaps have been raised across multiple reviews and operational discussions. Every deferral compounds the risk — and the cost of reactive fixes when systems fail mid-operation.

Komatsu AHS Integration at Risk

The Komatsu autonomous haulage workstream requires a wireless backbone capable of vehicle-to-vehicle (V2V) communication. The current infrastructure cannot reliably support this.

Our Recommended Approach

Before selecting a technology, we need to understand the full picture

Phase 1 — Desktop Study & Coverage Design

Smile IT will engage specialist wireless design partners to conduct a full desktop study of the Bluff and Plains operations. This will produce a detailed coverage design showing all current gaps, terrain challenges, and the infrastructure requirements for each candidate technology — giving Jellinbah an evidence-based foundation for the investment decision.

Coverage Gap Analysis

Identify all areas of the pit where current wireless infrastructure fails to meet OT requirements — mapped against haul routes, SCADA sensor locations, and autonomous vehicle paths.

Terrain & Propagation Modelling

Desktop RF propagation modelling across the dynamic pit geometry, accounting for depth progression, bench heights, and equipment obstructions.

Findings & Options Report

A formal report presenting the coverage gaps, technology options, indicative node counts, and a cost/performance comparison — ready for board-level investment decision.

Technology Options Under Consideration

Smile IT is technology-agnostic — the desktop study will determine which option, or combination, best fits Jellinbah’s environment and budget

Option A
Kinetic Mesh
Self-forming, self-healing mobile mesh
Strengths
Nodes mount directly on haul trucks — the network moves with the fleet
No single point of failure — self-healing if a node goes offline
Native vehicle-to-vehicle (V2V) communication — critical for autonomous haulage
Proven in Australian open-cut coal mining environments
Scales as the fleet grows — each node adds capacity, not load
Considerations
Higher upfront hardware cost per node vs. traditional Wi-Fi
Requires specialist RF design and commissioning
Option B
Private LTE / 5G
Licensed spectrum, tower-based cellular
Strengths
Wide-area coverage from fewer fixed infrastructure points
Familiar technology model for IT and operations teams
Supports standard LTE/5G devices without specialised hardware
Suitable for voice, data, and IoT sensor traffic
Considerations
Asymmetric bandwidth — optimised for download, not upload-heavy OT workloads
Tower direction must be manually adjusted as the pit deepens
No native V2V — all traffic routes through a central tower
Capacity degrades as subscriber count grows
Option C
Hybrid Architecture
Kinetic Mesh + Private LTE working together
Strengths
LTE provides wide-area coverage for surface and access roads
Kinetic Mesh covers the dynamic pit floor and moving fleet
Each technology operates in its optimal zone
Provides a migration path from existing infrastructure
Redundancy at the network level — if one layer degrades, the other continues
Considerations
More complex to design, commission, and manage
Requires clear traffic segmentation policy between layers
Smile IT Position

Technology-Agnostic. Evidence-Led. Right Solution for Jellinbah.

Smile IT does not have a preferred vendor outcome for this decision. We have access to specialist partners across all three technology categories and will engage the right expertise to conduct the desktop study. The findings report will present a clear, evidence-based recommendation — including indicative costs, node counts, and a phased deployment plan — so Jellinbah can make an informed investment decision with confidence.

Step 1
Commission the desktop study & coverage design

Proposed Engagement Steps

01
Agree to Proceed

Confirm at this workshop that a formal desktop study and coverage design will be commissioned. Agree scope, timeline, and budget envelope.

02
Desktop Study & Design

Smile IT engages specialist wireless design partners to conduct RF propagation modelling, coverage gap mapping, and technology option analysis across Bluff and Plains.

03
Findings & Options Report

Delivery of a formal report presenting all coverage gaps, technology options (A, B, or C), indicative costs, and a recommended architecture with supporting evidence.

04
Investment Decision & Pilot

Jellinbah reviews the findings and selects a technology direction. Smile IT scopes and delivers a pilot deployment to validate the design before full rollout.

Current State · SCADA Security & OT/IT Segmentation

Security Review

Kate Green has previously flagged the need for a SCADA security review. The absence of formal IT/OT network segmentation at Jellinbah is not just a best-practice gap — it is a material risk to operational continuity and safety. Here is the evidence base.

65
Global mining sector cyber incidents in FY2025
KPMG Australian Mining Risk Forecast 2025
5
Of those attacks targeted Australian mining companies specifically
KPMG / Group-IB, 2025
10×
More costly to react to a cyber incident than to be proactive
CyberNode / S&P Global, Jul 2025
P1

Safety is Paramount

OT systems control physical processes. Unlike IT, a cyber incident in an OT environment can directly threaten human life, plant equipment, and environmental safety. Paying a ransom is not an option when SCADA integrity cannot be verified.

Jellinbah Context

Jellinbah operates heavy mobile equipment, conveyors, and electrical systems controlled by OT/SCADA. A compromised SCADA system is a safety incident, not just an IT incident.

P2

Know Your Business

Organisations must identify vital systems, understand OT process dependencies, and create architecture that defends those systems from other internal and external networks.

Jellinbah Context

Jellinbah likely maintains OT schematics and communications diagrams under their EEM for SCADA/PLC systems. However, a formal IT/OT architecture document and documented system dependencies have not been independently reviewed or audited. Recommendation: commission a third-party audit of existing IT documentation to validate completeness and currency.

P3

OT Data Must Be Protected

OT data — including SCADA historian data, equipment telemetry, and process control configurations — must be protected from unauthorised access and exfiltration. While operational production data (tonnes, haul cycles) is not highly sensitive in isolation, control system configurations and historian data represent high-value targets for sabotage or competitive intelligence.

Jellinbah Context

KPAR telemetry, VIMS data, and iVolve/Titan operational data are OT data assets. A formal data classification framework for OT systems is not in place. Priority focus should be on protecting control system configurations and historian access — not operational metrics.

P4Most Urgent

Segment & Segregate OT

OT must be segmented and segregated from all other networks. This is the most operationally critical principle. The Purdue Model and IEC 62443 require a defined DMZ between corporate IT and OT control networks — not just VLAN separation, but firewall-enforced zone boundaries with explicit allow-lists.

Jellinbah Context

Jellinbah's IT and OT networks are not physically separated — VLANs through a single FortiGate firewall are the only logical boundary. There is partial physical separation in that an edge router sits between the FortiGate and the iVolve network, however an edge router is not an appropriate control for OT/IT segmentation. Recommendation: replace the edge router with a dedicated next-generation firewall (e.g. FortiGate) positioned in the OT DMZ, enforcing strict zone boundaries with explicit allow-lists between corporate IT and OT control networks. This is the priority gap to address to meet IEC 62443 and ACSC OT Principles.

P5

Supply Chain Must Be Secure

Vendors and third-party integrators with access to OT systems represent a significant attack surface. Each vendor connection is a potential entry point.

Jellinbah Context

Komatsu, Auto Elects, and Smile IT all have access to OT-adjacent systems. Vendor access controls, remote access policies, and connection monitoring are all required.

P6

People Are Essential

No amount of technology investment mitigates OT cyber risk without trained personnel who can identify, respond to, and recover from incidents. OT-specific skills are distinct from IT security skills.

Jellinbah Context

Smile IT's proposed cybersecurity uplift (3 dedicated seats + credentials) directly addresses this principle. OT-specific training for site operations staff is also required.

Source: ASD's ACSC, "Principles of Operational Technology Cyber Security", October 2024. Co-sealed by CISA, NSA, FBI, NCSC-UK, Cyber Centre Canada, NCSC-NZ, BSI Germany, NCSC-NL, NISC Japan, NIS Korea.

L5
Enterprise Network
Email, file storage, corporate IT
IT
L4
Business Logistics
ERP, reporting, business applications
IT
DMZ
Demilitarised Zone
Firewall + data diode. The critical boundary between IT and OT. All traffic filtered here.
BOUNDARY
L3
Site Operations
Historians, alarm servers, plant analytics
OT
L2
SCADA / HMI
Supervisory control, operator interfaces, alarms
OT
L1
Control Devices
PLCs, RTUs — direct equipment control
OT
L0
Physical Process
Sensors, actuators, conveyors, mobile equipment
OT

Purdue Enterprise Reference Architecture (PERA) / IEC 62443 Zones & Conduits model. Source: Palo Alto Networks, Dragos, NIST SP 800-82 Rev.3.

Jellinbah Current State — Flat Network Risk

Without formal IT/OT segmentation, Jellinbah's SCADA systems, KPAR telemetry, and iVolve/Titan operational data share network adjacency with corporate IT systems. A ransomware infection, compromised credential, or malicious insider on the IT network has a direct path to OT systems — including SCADA.

No DMZ between IT and OTNo formal zone definitionsShared network adjacencyNo OT-specific firewall rules
IEC 62443 Recommended Architecture
1

Define Security Zones: Group all OT assets (SCADA, PLCs, historians) into a dedicated OT zone. Corporate IT remains in a separate IT zone.

2

Implement a DMZ: Deploy a firewall-enforced DMZ between IT and OT. All data exchange (e.g., SCADA historian to business reporting) must pass through the DMZ — never directly.

3

Define Conduits: All communication paths between zones must be explicitly defined, documented, and monitored. Uncontrolled lateral movement is eliminated.

4

Apply Security Levels: IEC 62443 defines Security Levels (SL1–SL4). For a coal mining operation with SCADA, SL2 is the minimum target — protection against intentional violation using simple means.

5

Continuous Monitoring: Deploy OT-specific network monitoring (passive, non-intrusive) to detect anomalies without disrupting time-critical control messages.

Source: IEC 62443-3-3, ISA/IEC 62443 Series. Endorsed by NIST SP 800-82 Rev.3 and ASD's ACSC OT Principles.

Kate Green's SCADA Security Review — Recommended Scope

A formal OT security review is required to establish a defensible baseline. The following scope has been recommended based on the current environment assessment.

Identify and document all OT assets (SCADA, PLCs, historians, HMIs) across Bluff and Plains

Map all current IT/OT network connections and data flows

Assess current segmentation state against IEC 62443 and ACSC OT Principles

Design and implement a DMZ between IT and OT environments

Establish vendor remote access controls for Komatsu, Auto Elects, and other OT integrators

Deploy passive OT network monitoring (non-intrusive, safe for SCADA environments)

Develop an OT-specific incident response playbook

ACSC Essential Eight

E8 Alignment — Why It Matters

The Australian Cyber Security Centre's Essential Eight is the baseline mitigation framework for all Australian organisations. Aligning to E8 is not just best practice — it is increasingly a requirement for cyber insurance, government contracts, and supply chain compliance. For an operation of Jellinbah's scale and criticality, achieving a documented E8 maturity baseline is a foundational step.

Cyber Insurance AlignmentSupply Chain ComplianceBoard-Level DefensibilityACSC Endorsed
Smile IT Cyber Investment

Our Commitment to Security

Smile IT has made a significant investment in dedicated cybersecurity capability — expanding the team with 3 new cyber specialists and appointing Cameron to oversee security operations for both Smile IT and all clients. This is not a bolt-on service; it is a core capability we are building to protect the organisations we support.

3 New Cyber Specialists
Dedicated to client security operations
Cameron — Head of Security
Overseeing Smile IT & all client security
E8 Assessment Capability
Formal assessments with remediation roadmaps
Future State · Vision

Where We Want to Be

A clear picture of the technology environment Jellinbah needs to operate safely, efficiently, and at scale — across infrastructure, OT, security, and people.

Infrastructure

Resilient, Redundant Infrastructure

A stretched server cluster across two physically separate on-site locations eliminates the single point of failure. Dual-ISP internet with tested failover. Fibre routes with diverse physical paths between critical buildings. No single incident — excavation, equipment strike, or hardware failure — takes the business offline.

Security

Secure, Segmented OT/IT Environment

A dedicated OT DMZ firewall enforcing strict zone boundaries between corporate IT and SCADA/control networks. All remote access through authenticated, audited pathways. ACSC Essential Eight maturity at ML2 across all critical systems. SCADA historian and process control data protected from exfiltration.

OT Wireless

Purpose-Built OT Wireless

An in-pit wireless network designed for the mine environment — not adapted from fixed-site technology. Whether Kinetic Mesh, Private LTE/5G, or a hybrid architecture, the solution is selected on evidence from a formal desktop study and RF survey. 400+ mobile devices connected reliably. SCADA and collision-avoidance systems operating without bandwidth contention.

Operations

Proactive, Predictable Operations

Ticket volume driven by planned maintenance, not recurring failures. Scheduled patching, firmware reviews, disk hygiene automation, and monthly health reporting. A formal proactive maintenance framework under the MSA breaks the reactive cycle. Site operations staff spend time on mine operations — not IT troubleshooting.

Visibility

Full Visibility & Knowledge Transfer

Complete documentation of all IT and OT systems — architecture diagrams, VLAN designs, firewall configurations, fibre topology, SCADA integrations. A single source of truth that survives staff changes. Smile IT re-onboarded with full operational visibility across both Bluff and Plains sites.

Growth

A Platform for Growth

Technology infrastructure that scales with the mine's expansion — not one that constrains it. Automation-ready OT networks. Cloud-integrated business systems. A formal MSA that reflects the true scope of delivery and provides a commercial framework for new workstreams as Jellinbah grows.

Note: This section is a starting point for discussion. The future state vision should be validated and expanded with Jellinbah's leadership during the workshop — particularly around automation priorities, growth timelines, and technology investment appetite.

Future State · Operational Excellence

Technology Standardisation

Jellinbah currently operates a mixed, non-standardised technology estate across Bluff, Plains, and Head Office. Inconsistent hardware and software platforms create hidden costs, security gaps, and support inefficiencies that compound over time.

What Standardisation Delivers
1 image

Single Windows deployment image — any device, any site, consistent in 30 minutes

1 vendor

Single hardware vendor relationship — volume pricing, priority support, next-business-day parts

1 policy

Unified security policy across all firewalls, WAPs, and switches — no configuration drift

1 dashboard

Centralised monitoring and management — Smile IT sees every device across every site from a single pane of glass

Future State · Technology Investment Plan

Future Roadmap

A structured programme of work to address the six critical findings, modernise the IT/OT environment, and position Jellinbah for operational automation and future growth.

In-Pit Network

Decision Required
In-Pit Wireless Desktop Study
Commission a full site coverage design and RF study to identify all gaps and model technology options. A decision on the OT wireless architecture cannot be made without this evidence base.
Recommended
Fixed Tower Programme
Ramp 7 completed. Mac North underway. Plains South and Central South to be scoped and approved. Total indicative investment: $375k–$830k across all four sites.
Recommended
Wi-Fi Standards Uplift
Replace non-Wi-Fi 4 (802.11n) equipment. Limit trailer hops to no more than two from any root access point. Suitable for iVolve data only — not real-time business applications.
Future
Private LTE / IoT
Explore low-cost wide-area IoT network technologies for SCADA, collision avoidance, and remote equipment control. Dedicated standalone projects required.

IT/OT Governance

Immediate
IT/OT Strategy Document
Develop a formal integration strategy with clear vision, roadmap, and defined IT/OT boundaries. Establish dedicated IT/OT leadership role or governance group.
Immediate
Network Monitoring Platform
Deploy centralised monitoring for proactive issue identification. Implement systematic performance data collection — latency, utilisation, error rates. Monthly management reporting.
Recommended
Documentation Programme
Implement live documentation systems. Establish formal change control. Eliminate reliance on individual knowledge through structured knowledge management.
Recommended
Act on Existing Audit Findings
Jellinbah has had multiple network audits over the past three years. The problem is not a lack of findings — it's a lack of action. Develop a prioritised remediation register from existing reports and assign owners and timelines. The Vernetzen full report (with detailed maps and prioritised recommendations) is still outstanding — chase Luke King.

Security & Innovation

Immediate
Cybersecurity Uplift
Elevate Smile IT's cyber positioning: 3 dedicated seats plus Cam, credentials, and Flyn. Prioritise cybersecurity training and risk mitigation to protect critical OT/SCADA assets.
Recommended
Domain Controller Resilience
Address domain controller dependency on internet connectivity — internet outage creates operational risk. Multi-site cluster architecture proposed (design prepared 3 years ago).
Recommended
Gallagher / CCTV Review
Review access control and CCTV integration requirements across both sites.
Future
SharePoint & Collaboration
Gather requirements from Cam. Assess SharePoint deployment for document management and cross-site collaboration.

Komatsu / KPAR Workstream

Active

KPAR/Nexis data transfer issues are ongoing (PO #294968 raised). Wi-Fi capability gaps are being chased with site. Cam met Zared and Auto Elects (Chris) on site to align. VIMS downloads (ticket 778547) remain a recurring friction point. Multi-vendor sequencing between Komatsu, Auto Elects, and Smile IT is slowing field outcomes — a single point of accountability for in-pit communications is needed.

Mining operations control room
Target State
Centralised visibility across all IT/OT systems — Bluff and Plains
05 · Recommendations

Recommendations

Prioritised actions across short-term (0–6 months), medium-term (6–18 months), and long-term (18+ months) horizons — drawn from the current state assessment findings.

Short-Term — Immediate to 6 Months

Server Infrastructure

Implement Stretched Server Cluster

Split the server cluster across two physically separate on-site locations (main admin building + mine operations centre). Windows Server Failover Clustering (WSFC) or VMware vSAN Stretched Cluster provides automatic failover with near-zero RTO. Eliminates the current single point of failure for all production workloads.

OT/IT Segmentation

Replace Edge Router with Dedicated OT Firewall

Deploy a next-generation firewall (e.g. FortiGate) in the OT DMZ, replacing the edge router currently providing limited traffic control between the corporate network and iVolve. Enforce strict zone boundaries with explicit allow-lists to meet IEC 62443 and ACSC OT Principles.

Internet Connectivity

Maintain Dual-ISP & Schedule Failover Testing

Maintain the dual-ISP configuration across all Jellinbah sites. Schedule periodic failover testing (minimum annually) to validate automatic switchover. Document carrier contacts and escalation paths.

Fibre & Backhaul

Validate Backup Path Diversity at MacNorth

Confirm with site comms technicians whether backup path testing has been completed. Where not done, schedule formal failover tests. Map all fibre routes, identify shared-path vulnerabilities, and prioritise diverse physical routing between critical buildings.

Medium-Term — 6 to 18 Months

OT Wireless

Commission In-Pit Wireless Desktop Study

Engage specialist partners to conduct a full site coverage analysis — RF propagation modelling, gap mapping, and a findings report presenting technology options (Kinetic Mesh, Private LTE/5G, or hybrid). A decision cannot be made without evidence. This is the prerequisite to any wireless investment.

Security

Conduct Formal SCADA Security Review

Commission a formal SCADA security review covering remote access controls, patch management, authentication, network segmentation, and incident response. Produce a prioritised remediation plan. Validate that IT/OT physical separation is correctly configured at each site.

Standardisation

Establish Technology Standardisation Framework

Define approved hardware and software standards across all Jellinbah sites. Eliminate vendor fragmentation. Implement a firmware and patch management cadence. Standardise endpoint builds to reduce the recurring ticket volume driven by configuration drift.

Documentation

Commission Third-Party IT Documentation Audit

Engage a third party to audit existing IT documentation — architecture diagrams, VLAN designs, system dependencies, SCADA integrations — to validate completeness and currency. Establish a live asset and document library as the single source of truth.

Long-Term — 18+ Months

OT Wireless

Deploy Purpose-Built In-Pit Wireless Network

Following the desktop study findings, deploy the recommended wireless architecture across Bluff and Plains. Decommission the legacy iVolve OLSR mesh. Deliver a network purpose-built for mobile mining equipment, SCADA, and collision-avoidance systems.

Security

Achieve Essential Eight ML2 Across Critical Systems

Progress Essential Eight maturity to ML2 across all critical systems — prioritising application control, patch management, and multi-factor authentication. Implement OT-specific security training for site operations staff.

People

OT-Specific Training for Site Operations Staff

No amount of technology investment mitigates OT cyber risk without trained personnel. Deliver OT-specific security training to site operations staff who interact with SCADA, iVolve, and control systems. OT security skills are distinct from IT security skills.

Growth

Automation-Ready Infrastructure Platform

Position the technology environment to support operational automation initiatives — from SCADA historian analytics to autonomous equipment integration. Infrastructure decisions made today should be evaluated against this long-term automation roadmap.

Restore the Village Support Agreement

Smile IT designed, built, and commissioned this entire network. The infrastructure is Smile IT’s work — the documentation, the VLAN design, the FortiGate configuration, the fibre topology. When the previous IT Manager removed this from the MSA, ongoing support became fragmented and accountability unclear. The new agreement must formally include the Bluff Village network under Smile IT’s managed services scope. This is not a new engagement — it is restoring what was always ours to support.

Future State · Standard Stack

SmileTel — Voice & Data

SmileTel is Smile IT's carrier-grade telecommunications division, providing wholesale voice and data services directly to clients. By consolidating connectivity and voice under a single managed provider, Jellinbah gains faster support, better pricing, and deep integration with the broader IT environment.

SmileTel Data
Connectivity
Tier 1 Wholesale Relationships
Direct wholesale agreements with Telstra, ABB, Vocus, Superloop, Starlink and other Tier 1 providers — best-in-market pricing passed directly to Jellinbah.
Wholesale Direct Support
Bypass retail queues entirely. SmileTel's wholesale status means direct carrier support access and significantly faster fault resolution.
LUCID Platform Integration
Direct API outage monitoring and link health data integrated into LUCID — Smile IT's internal network operations platform — providing real-time visibility across all circuits.
Direct Route to Microsoft
Dedicated direct routing to Microsoft 365 and Azure tenants, reducing latency and improving reliability for cloud-dependent workloads.
SmileTel Voice
Telephony
Tier 1 Wholesale Voice
Wholesale voice agreements with Tier 1 carriers delivering best-in-market trunk and call pricing — no retail margin on top.
5 PABX Platforms
Five PABX platforms available to match any site requirement — from small remote offices to large multi-site operations like Bluff and Plains.
CarrierConnect Teams Calling
Best-in-country Microsoft Teams calling integration via CarrierConnect — native Teams dialling with full PSTN connectivity and no third-party overhead.
AI Voice Capability
AI-powered voice solutions for auto-attendants, call routing, transcription, and operational scenarios — purpose-built for mining and industrial environments.
SmileTel Support
Dedicated Service Team
Local & Remote Technicians
Dedicated SmileTel technicians available both on-site and remotely — the same team that knows your environment, not a rotating helpdesk.
Proactive Monitoring
24/7 circuit and device monitoring with automated alerting. Faults are identified and escalated before they impact operations.
Single Point of Accountability
One team manages both the connectivity layer and the managed IT environment — no finger-pointing between your ISP and your MSP.
SmileTel Starlink
Satellite Connectivity
Authorised Starlink Reseller
SmileTel is an authorised Starlink reseller — hardware procurement, activation, and ongoing management handled end-to-end.
Service Platform & Monitoring
Starlink devices are enrolled in the SmileTel service platform for real-time health monitoring, usage tracking, and proactive fault management.
Data Pooling
Pooled data plans across multiple Starlink services — ideal for Jellinbah’s multi-site and remote pit operations where individual caps are inefficient.
Why SmileTel for Jellinbah

Consolidating voice and data under SmileTel eliminates the gap between your connectivity provider and your managed IT partner. A single point of accountability means faster fault resolution, proactive outage notification, and commercial leverage across all circuits — with full visibility in the same platform that monitors your servers, endpoints, and OT network.

People & Capability

Smile IT Team

70
Full-Time Staff
Across Service Delivery, Projects, Cyber Security, and Operations — with a dedicated account leadership layer for Jellinbah.
14
Dedicated Team Members
Across all three practice areas
2
Account Leaders
ACM + SDM dedicated to Jellinbah
3
Practice Areas
Service Delivery · Projects · Cyber
24/7
Support Coverage
Brisbane after-hours support

Account Leadership

AN
Anthony Niven
Account Client Manager (ACM)

Primary relationship owner for the Jellinbah account. Responsible for strategic alignment, commercial oversight, and executive-level engagement with Jellinbah leadership.

AB
Angus Broadfoot
Service Delivery Manager (SDM)

Owns service quality, SLA performance, and escalation management. The operational bridge between Jellinbah's day-to-day needs and the Smile IT delivery team.

Practice Area 1
Dedicated Blue Team

The core BAU delivery team assigned exclusively to the Jellinbah account. Handles day-to-day service desk, field support, and systems administration.

AP
Ashlee Power
Network Field Technician
Onsite networking, cabling, field infrastructure
DS
Dave Sheehan-Dunne
Systems Engineer
Windows, Azure, server infrastructure
LN
Lachlan Needham
Service Desk Analyst
L1/L2 support, ticketing, user management
JW
Jack Williams
Systems Engineer
Systems administration, virtualisation, backup
Practice Area 2
Project Engineers

Specialist project delivery capability for infrastructure upgrades, network deployments, and technology transformations. Engaged on a project basis, separate from BAU scope.

TB
Trevor Burne
Head of Projects
Project governance, delivery oversight, escalation
RE
Ryan Edwards
Solutions Consultant
Solution design, pre-sales, architecture
SD
Stephen Donald
Project Systems Engineer
Systems integration, server & cloud projects
FV
Franco Vollgraaff
Project Network Engineer
Network design, deployment, OT/IT convergence
FC
Flynn Chambers
Solutions Consultant
Solution design, cyber-aligned architecture
MM
Manish Mehra
Network Systems Engineer
Network systems, wireless, infrastructure
Practice Area 3
Cyber Security

A dedicated security practice with a focus on Essential Eight compliance, threat detection, and incident response. Directly supports Jellinbah's security uplift roadmap.

CdW
Cameron de Witte
Security Lead
Security strategy, E8 compliance, risk management
CB
Conlan Beal
Cyber Security Specialist
Threat detection, SOC operations, service delivery
CH
Connor Hutchinson
Junior Cybersecurity Analyst
Monitoring, incident triage, vulnerability scanning
FC
Flynn Chambers
Solutions Consultant
Cyber-aligned solution design, cross-practice

Certifications & Vendor Partnerships

Microsoft
Microsoft Solutions Partner
  • Microsoft 365 — Deployment, administration, and security (E3/E5/Copilot)
  • Azure — Infrastructure, Sentinel SIEM, NetApp, Log Analytics
  • Windows 365 — Cloud PC provisioning and management (100+ seats)
  • Intune / Entra ID — Device management and identity governance
  • Microsoft Copilot — AI productivity deployment and change management
Fortinet
Fortinet Authorised Partner
  • FortiGate — Firewall deployment, HA clustering, VPN (100F, 60F, VM-04V)
  • FortiAnalyzer / FortiManager — Centralised logging and policy management
  • FortiSwitch — Managed switching integrated with FortiGate fabric
  • FortiEDR — Endpoint detection and response
  • SD-WAN — Multi-link WAN management across Bluff, Brisbane, and Lake Vermont
Rajant
Rajant Authorised Reseller & Integrator
  • BreadCrumb mesh radio deployment — OT and mining environments
  • Kinetic Mesh networking for mobile and fixed assets
  • Integration with OT/SCADA systems
Cisco
Cisco Partner
  • Meraki — Cloud-managed switching, wireless, and security
  • Catalyst switching — Enterprise LAN design and deployment
  • Cisco networking design and configuration
HPE / Juniper
HPE Partner
  • HPE ProLiant — Physical server deployment and cluster management
  • HPE iLO — Remote management and monitoring
  • Juniper EX Series — Switching at Bluff mine site

How We Deliver

Onsite Cadence
2 weeks/month

Dedicated field presence at Bluff and Plains operations

Remote Coverage
Brisbane NOC

24/7 monitoring, after-hours support, and proactive maintenance

Project Delivery
Separate scope

Project engineers engaged outside BAU — no MSA scope drift

Security Operations
Dedicated team

Dedicated cyber practice with E8 compliance focus

Our Partnership Promise

Our Commitment
to Jellinbah

“You can get a helpdesk from any provider. What Jellinbah needs — and what Smile IT is built to deliver — is a partner that listens, understands your operation, advises with expertise, and stands beside you through every challenge. That is the relationship we are here to rebuild.”

Listen First

We start by understanding your operation — the mine, the village, the OT environment, the people. No assumptions, no templates. Every recommendation is grounded in what we observe at Jellinbah.

Advise with Evidence

Our recommendations are evidence-based and vendor-neutral where possible. We will tell you what you need to hear, not what is easiest to sell. The Vernetzen review is an example of that commitment.

Partner for Outcomes

We measure success by your outcomes — uptime, security posture, operational continuity — not by SLA metrics. If Jellinbah's operations are running well, we are doing our job.

Full Transparency

No blind spots. We will give you complete visibility across IT and OT — device inventory, billing, security posture, and service delivery. You will always know what you are paying for and what you are getting.

14+
Team Members
Dedicated to your success
24/7
Monitoring
Always watching, always ready
3
Practice Areas
Support · Projects · Cyber
Contract & Commercial

MSA Discussion

The Master Services Agreement requires renewal to reflect the significant expansion in scope and delivery since 2022. The gap analysis reveals material differences between what is contracted and what is currently being delivered.

2022 MSA Value
$39,087
per month excl. Azure, MS licensing & Acronis
Original contract scope — basic IT support across Jellinbah operations
May 2026 Draft MSA
$67,012
per month excl. Azure, MS licensing & Acronis
Scope Growth
+71%
≈ 1.7× increase
Driven by operational expansion and new technology workstreams
2022 Contract Value2026 Draft Value
$39,087/mo$67,012/mo

Note — Azure, Microsoft licensing, and Acronis sit outside this MSA. The figures above reflect the managed services agreement only and exclude Acronis backup licensing ($20,135/mo), Azure infrastructure consumption, and Microsoft 365 / licensing costs, all of which are billed separately. Total technology spend across all Smile IT-managed services and licensing is higher than the figures shown.

Key MSA Discussion Points

Asset Review for Contract Renewal

Conduct a full asset review to ensure the renewed MSA accurately reflects the current technology estate across Bluff and Plains. This forms the baseline for scope definition.

Gaps in Current MSA

The gap analysis identifies several services currently being delivered that are not formally captured in the MSA. This creates 'BAU drift' risk — scope creep without commercial recognition.

Draft vs Invoice vs Current Delivery

Reconcile the May 2025 draft MSA against current invoicing and actual service delivery. Ensure the renewed agreement reflects what is genuinely being provided today.

Project vs BAU Scope Clarity

Zared Crosby has flagged ongoing tension over what is covered under the MSA versus project work. Clear delineation is needed to manage expectations and protect both parties.