“I always wanted to say that” started Marcus Schoen, Cloud Solution Architect at comdivision “for reasons of national security we cannot disclose the customer name”. It isn’t quite as dramatic, but hardly any government agency would disclose who they are and how their respective infrastructure is set up. Let’s just say they are in the field of governing finances and similar stuff. However, even without exactly knowing who the customer is, Marcus has a good story to tell, a story about taking standardization to the extreme.
New security regulations and outdated hardware requiredour customer to rethink their approach to thedatacenter infrastructure. They were relying largely on legacy infrastructurein the past, that was very standardized to ensure security. But thevirtualization environment reached support end of life.
“Astate-of-the-art software defined datacenter was very desirable for us” saidthe customer’s project lead “but it had to be standardized and secured, whileforeseeing future needs. What we had in mind was a reference architecture thatwould enable future platform and application requirements without significantchanges to its architecture.”
The project leadcontinued “key requirement for new environment is blueprinting of theinfrastructure stack including the hardware and its portability for differentuse cases. We have experts in our team for our day-to-day operations, but thisis something that required expert help” this is where Marcus and team came in.
“Besides the blueprinting of the infrastructure, allservices, like infrastructure service automation and monitoring, needed to be servedby the platform itself” said Schoen, lead architect on the case “the disaster recoveryto a second cold by datacenter had to include all components such as security policies,cloud management, monitoring, and logging.”
The final blueoprint had to be self-sufficient, so thatit had no external dependencies. “In a way, the system had to be portable”explained Schoen “although not likely, but if – literally – the nations ability to act isdepending on it, you want to be able to take the system and roll it outsomewhere else and not discover that the, let’s say network interface cards(virtual or physical) are not compatible.”
“Through VMware Cloud Foundation with Tanzu we alreadyhad a highly standardized base” said Schoen “but we had to document and verfiyevery component, from hardware to workflow against our requirement profile, andif there were gaps, we worked closely with our contacts at VMware in Palo Altoto solve the issues” he explained, and continued “for network segmentation forexpample, we had to adapt new technologies, we also had to integrate externalsecurity components and increase the flexibiliy of and expand the workloaddomain deployments, to name a few.”
“Everything was written down in a referencearchitecture that also contains optional modules depending on the application.A special feature is the security, the self-sufficiency and the expansion ofthe provisioning process by customer-specific steps” Schoen added.
In summary, the customer got a new infrastructure where
· VMware Cloud Foundation ensures theblueprint and repeatability character
· VMware Tanzu Kubernetes Grid was integratedfor certain use cases as a "module"
· VMware NSX-T was integrated in ahigh-load environment with a high number of groups and rules
· All end-user services are consumablefrom VMware vRealize Automation
· VMware vRealize Operations is the keytool for the operation teams with custom health dashboards
· and finally, where VMware vRealizeLog Insight serves as central log receiver that forwards the information to theagencies’ central security information and event management (SIEM)
“Eventually, the system will be rolled out hundreds of time and canreact much more flexible to new technologies such as containers then the oldsystem could” concluded Schoen.