Client Background:
Client: A global conglomerate offering solutions across locks, doors, gates, entrance automation, and hotel security
Industry: Manufacturing
Area of operations: Europe, North America, China, and Oceania.
Employees: 48,353 (2018)
Revenue: 7,613.7 crores SEK (2017)
Challenges:
For this particular global conglomerate, migrating their legacy data center to a software-defined data center was crucial to accommodating the growth of their newly acquired entities. However, extending network and security policies across heterogeneous hypervisors, clouds, and application frameworks such as VMs, containers, and bare metal presented a challenge. The client was finding it difficult to integrate and monitor physical and cloud data centers across the globe using a single monitoring tool while also ensuring zero-touch provisioning (ZTP). Additionally, they found it difficult to manage network security because their IT infrastructure was equipped with a single-perimeter firewall. However, it was also expensive to manage the large number of physical firewalls as well as the complex matrix of rules.
The client wanted to migrate their existing physical network to a new SDDC setup and integrate third-party vendor solutions such as Palo Alto and F5 the with software-defined network (SDN).
Solution:
Key highlights of the solution include:
- Designed and built a new state-of-the-art Software-Defined Data Center (SDDC) and migrated their existing on-premise legacy network
- Implemented new SDDC-based solutions including VMware NSX-T for overlay network management with VROPS for monitoring and VRA for automation
- Provisioned cloud vision for an underlay Arista Spine-Leaf architecture
- Implemented the SDDC solution with GENEVE to provide overlay capability in NSX-T to create an isolated, multi-tenant broadcast domain across data center fabrics and enabled clients to create elastic and logical networks that span across physical network boundaries
- Implemented three types of POD, consisting of management, edge, and computing
- Provided NSX-T Data Center support with multisite deployments to manage all sites from one NSX manager cluster
- Provided active-active and disaster recovery with multisite deployments
- Facilitated micro-segmentation for a centrally controlled, operationally distributed firewall to be attached directly to workloads within an organization’s network
- Implemented a distribution of the firewall for the application security policy to protect individual workloads
- Designed service insertion with Palo Alto VM-300 firewall and configured application-level security
- Offered role-based access control with VMware Identity Manager (vIDM)
- Deployed VROPS monitoring tools for the operation of NSX-T and identified failures in the network setup
- Deployed high-end Arista switches as the underlay using VXLAN across the DC for fast cut-through switching technology and ultra-low-latency performance
- Employed CVP and CVX for zero-touch provisioning and monitoring of the undelay infrastructure
Business Benefits
- Enabled easy third-party integrations
- Automated pull, push, and update configurations across the tenant through API calls
- Ensured granular application security and isolation
- Delivered seamless network failover between availability zone one and availability zone two in a region
- Created an intangible pool and network of resources
- Improved performance, ease of management, and centralized monitoring.
- Built a modular, scalable, and resilient architecture
- Minimized the risk and impact of data breaches
- Ensured zero-touch site provisioning
- Sped up IT services delivery and accelerated time to market
- Enabled micro segmentation and built multitenant architecture with Hybrid cloud support including private and public cloud