"I've always wanted to say this," Marcus Schoen, Cloud Solution Architect at comdivision, began, "due to national security reasons, we cannot disclose the name of our client." It might sound more dramatic than it is, but it's rare for such an agency to provide insights into its structure or infrastructure setup. However, they deal with financial management. Even without knowing the client's identity, Marcus has an interesting story to tell about maximizing standardization measures.
New security policies and outdated technology forced our clients to rethink their approaches to their data center infrastructure. They primarily relied on legacy infrastructure, which was highly standardized for security reasons. However, the virtualization environment had reached the end of its lifecycle (support end-of-life).
Having a state-of-the-art – software-defined – data center was their top priority. However, the project leader contended that “it had to be standardized and secured to anticipate future needs. We had a reference architecture in mind that would support future platform and application requirements without significant adjustments."
They further expounded that ”the central prerequisite for the new system was the design of the infrastructure stack, including hardware and the flexibility for various usage scenarios. Although we have internal expertise for routine operations, specialized knowledge was required here." This is where Marcus and his team came into play.
In addition to designing the infrastructure, it was necessary for all services, such as automation and monitoring of system services, to be provided directly by the platform.
The final blueprint required autonomy without external dependencies. The system needed to have a certain mobility, because, although it seems unlikely, in the event of a national crisis, it should be possible to relocate the technology without encountering incompatibilities with essential components like network cards (virtual or physical).
"With VMware Cloud Foundation, complimented by Tanzu, we already had a highly standardized foundation," Schoen asserted. However, it was necessary to document and review each component – from hardware to workflow – according to our requirement profile. When deficits were identified, we worked closely with our VMware contacts in Palo Alto to address them. For example, we had to adapt new technologies for network segmentation, incorporate external security solutions, and improve the flexibility and expandability of workload domain deployments – to name just a few challenges.
Schoen noted that "everything was recorded in a reference architecture that includes optional components depending on the area of application. The security aspects, autonomy, and the customization of the deployment process to include specific steps are particularly noteworthy.”
In summary, the client received a renewed infrastructure where:
· VMware Cloud Foundation ensures the character of blueprints and their repeatability,
· VMware Tanzu Kubernetes Grid is integrated as a "module" for specific application scenarios,
· VMware NSX-T is used in a high-load environment with many groups and rules,
· all end-user services are covered by VMware Aria Automation,
· VMware vRealize Operations is the keytool for the operation teams with custom health dashboards
· and finally, VMware Aria Log Insight acts as the central log receiver, transmitting data to the agency's central Security Information and Event Management (SIEM).
Over time, the system will be implemented hundreds of times and will be able to respond much more flexibly to new technologies like containers than the outdated system could."
