PGH Networks is a Pittsburgh-based managed services provider delivering IT support for small manufacturers in Pittsburgh and the surrounding metro, within 75 miles of 15220 — including Allegheny, Washington, Westmoreland, Butler, and Beaver counties. This case study describes an anonymized engagement with a small precision-machining shop that came to us with an aging shop-floor network, an unstable ERP, and a CMMC flow-down clause from a Department of Defense prime contractor.
The client is a 60-person job shop running two shifts, roughly 18 CNC machines, a handful of legacy PLCs, and an Epicor/JobBOSS ERP environment. They had outgrown a break/fix relationship and needed a Pittsburgh manufacturing MSP that understood both the office stack and the plant floor.
The buyer scenario
The shop's controller called after a four-hour ERP outage halted job routing during a hot order for a Tier-1 aerospace customer. Their internal "IT person" was a CAD administrator wearing a second hat. They had one flat /24 network where office PCs, CNC controllers, a Mazak cell, the ERP server, and guest Wi-Fi all shared the same broadcast domain. Backups were a USB drive rotated "most Fridays." And the prime contractor had just sent a letter requiring CMMC Level 2 alignment within twelve months.
A flat network that mixes CNC controllers with office email is the single most common root cause we see behind unplanned downtime at small Pittsburgh manufacturers.
The challenge
Three problems had to be solved in parallel, not sequentially.
First, shop-floor reliability. The CNC machines used a mix of Windows XP-embedded and Windows 7 controllers that could not be patched and could not be retired without five- and six-figure capital expense. They needed to keep talking to the ERP and the DNC file shares without becoming the soft underbelly of the network.
Second, ERP stability. The JobBOSS/Epicor instance ran on an aging Hyper-V host with no monitoring, no tested restore, and a SQL database that had never been reindexed. Job travelers printed slowly; MRP runs occasionally hung. Operators had learned to "just restart it," which masked the underlying I/O contention.
Third, CMMC and NIST 800-171 readiness. As a sub-tier supplier handling Controlled Unclassified Information (CUI) drawings, the client needed a defensible path to CMMC Level 2. They did not have an SSP, a POA&M, asset inventory, MFA, or audit logging — the foundational controls assessors look for first.
How it was solved
TL;DR: PGH Networks delivered IT support for small manufacturers in Pittsburgh by segmenting the shop floor, stabilizing the ERP, and putting a defensible CMMC Level 2 roadmap in place — in that order.
We began with a two-week discovery: full asset inventory across IT and OT, packet capture on the plant network, ERP performance baseline, and a NIST 800-171 gap assessment mapped to all 110 controls.
Network segmentation. We replaced the flat network with a segmented design: separate VLANs for office endpoints, servers, CNC/PLC controllers, building systems, and guest Wi-Fi, with a next-gen firewall enforcing east-west policy. Legacy CNC controllers were placed behind a tightly scoped OT VLAN that allowed only the specific DNC and ERP traffic they required. This let unpatchable Windows XP-embedded machines keep running without sitting on the same broadcast domain as a salesperson's laptop.
ERP stabilization. We migrated the JobBOSS/Epicor SQL workload to a properly sized host with NVMe storage, implemented SQL maintenance plans, and added monitoring on the ERP service, database, and print queues. We documented a tested restore procedure with both image-level and SQL-native backups replicated to an out-of-region target.
CMMC Level 2 readiness. We authored the System Security Plan, populated the POA&M, deployed Microsoft 365 GCC-aligned tenants with conditional access and phishing-resistant MFA, enabled centralized logging, and implemented a CUI enclave so that drawing files from the prime were handled in a scoped environment rather than across the whole network. We mapped every control to a named owner and an evidence artifact.
Backup and DR. Image-based backups every four hours, immutable cloud copies, and a documented 4-hour RTO / 1-hour RPO for the ERP, validated by a quarterly tabletop restore.
Outcomes
Over the first nine months of the engagement:
- Unplanned ERP downtime dropped from a measured 14 hours per quarter to under 1 hour per quarter.
- Helpdesk ticket volume fell roughly 40% after segmentation eliminated broadcast-storm-driven "slowness" tickets.
- The shop passed a prime-contractor-led CMMC pre-assessment with zero critical findings and a documented POA&M for the remaining moderate items.
- Backup restores moved from "untested" to a verified 38-minute ERP recovery during a tabletop exercise.
- Cyber insurance premium renewed at a 12% reduction after MFA, EDR, and logging evidence were submitted.
The combination of segmentation, ERP stabilization, and CMMC evidence is what unlocked both insurance savings and continued eligibility for DoD-adjacent work.
Takeaway for other Pittsburgh manufacturers
If you run a 25- to 200-person shop anywhere from Cranberry to Monroeville to Washington, PA, the pattern above is probably familiar: a flat network that grew organically, an ERP nobody wants to touch, and a compliance letter that just landed on the controller's desk. IT support for small manufacturers in Pittsburgh is not the same engagement as supporting a downtown professional-services firm — the OT side, the ERP specifics (Epicor, JobBOSS, E2, Global Shop), and the CMMC/NIST 800-171 obligations all change the work.
PGH Networks operates as a Pittsburgh manufacturing MSP for exactly this profile. If you'd like a gap assessment against the same framework used in this engagement — network segmentation, ERP health, backup/DR, and CMMC Level 2 readiness — we can scope one in a single site visit. Reach us through pghnetworks.com to start the conversation.