- 1 Background
- 2 Objectives
- 3 Work on a project to deploy IT infrastructure in a data center in Germany: key milestones
- 4 Software licensing
- 5 Rent VS Purchase
- 6 Assigning licenses to USB keys
- 7 Secured connection
- 8 System configuring
- 9 Why the client required an additional VPN
- 10 Important notice
- 11 Infrastructure expansion
- 12 Storage for backups in the cloud
- 13 Storage for public documents
- 14 MikroTik for VPN
- 15 Data center in Germany: client benefits
- 15.1 IT reliability, saving on disk upgrades and maintenance costs
- 15.2 Saving on technical staff
- 15.3 Monitoring virtualization non-stop
- 15.4 Special conditions for large-scale projects
- 15.5 Client-initiated upgrade: fast and secure
- 15.6 Upgrading data center hardware: free of charge for clients
- 15.7 Complications
- 16 How long did it take to implement the project
- 17 Conclusion
Service providers usually have close partnerships with a large number of companies in different sectors of the economy. This often results in long-term mutually beneficial cooperation with the clients of business partners. This was the case with the project described in this article
As a service provider, we have mutually beneficial partnerships with a large number of companies in various sectors of the economy. They often recommend us to their clients and partners. This was the case with the project we want to tell you about in this case study.
One of the partner companies in its own country provides virtual and physical servers and performs the integration. And to ensure redundancy, it takes partial resources to Europe from a data center in Germany. Knowing from its experience what level of service the provider offers, the partner company offered another customer to deploy the infrastructure in this data center.
This choice for IT resources location was practical, because the office of the financial company (hereinafter – the client) was located in European country, and data center is located in Frankfurt, Germany. This location ensures availability of required resource, their security and reliability. The cooperation with the client, which started in 2016, is still ongoing, so this shows that the decision made at that time was the right one.
About the benefits of locating IT infrastructure in a data center located in the financial capital of Europe you can read here.
The company has only one system administrator on staff, who works part-time and deals with internal settings. Hosting IT resources in a data center in Germany allowed us to solve another problem: it was supposed to optimize some of the system administrator’s functions by transferring them to us.
After communicating with the provider’s business partner, the client had a clear vision of how the IT infrastructure should be organized, and he came with a specific task consisting of two components: hardware and software. He required virtualization (virtual machines) and assistance in selecting server hardware, in particular a physical router and VPN. In addition, the issue of connecting a large number of USB keys and licensing had to be solved, as well as selecting solutions for backing up and storing public documents.
Work on a project to deploy IT infrastructure in a data center in Germany: key milestones
● Provisioning of virtual infrastructure based on Oracle hypervisor.
● Customization of the basic configuration.
● Installation of operating systems (Microsoft Windows).
When the virtual machines were fully ready to work, the client’s system administrator was given access to the virtualization. And he was already engaged in further internal configuration: configuring domain zones, domain, group policies, Active Directory, Exchange mail, etc. If help was required during the configuration process – for example, to connect additional disks, RAM or more processors – the system administrator immediately received the necessary technical support.
As for the choice of physical server hardware, based on the client’s business needs, engineers selected two additional solutions for the financial company: for VPN and USB keys.
And now, here are some nuances of the project implementation.
The data center in Germany is a certified Microsoft partner under the Services Provider License Agreement (SPLA), which gives the right to license and lease the vendor’s software services and applications, as well as to provide customized services. The software can be hosted as part of the services offered to end users on a monthly basis (subject to a 3-year contract).
The management of the financial company preferred the products of this vendor and wanted the software to be licensed by the data center. Therefore, at the company’s request, licenses were issued for all installed system and application software so that it could receive direct updates from Microsoft, use the latest versions of the software, as well as use the rights to the previous version, and have access to the demo environment.
The company also had the opportunity to receive licenses for products from Adobe, AutoCAD, Acronis and 50+ other vendors as needed..
We have transferred MS Windows operating system licenses, MS SQL licenses, RDP CAL licenses to the client. The total number of licenses issued is presented in the table below:
|Quantity of licenses
|Microsoft Windows Server
|Microsoft Exchange Standard Plus SAL
|Microsoft RDS Cal
|Microsoft SQL SAL
|Microsoft Office Standard + Microsoft Office Language Pack
|Adobe Acrobat DC Professional Multiple Platforms, International English
|Adobe Acrobat DC Standard, Windows, International English
|ABBYY FineReader 12 Corporate Edition, Windows, multilingual
|ABBYY FineReader 12 Corporate Edition, Windows, multilingual
Rent VS Purchase
There are three models for using data center hardware and licensing: purchasing from a data center, renting on a month-to-month basis, and hosting your own hardware. These models are used both in Germany and across Europe. But not all European service providers offer a choice: many are ready to cooperate only on the license terms. It is very rare for a client to be offered to select an option that is most suitable to him. But this is exactly the position of the service provider with whom the client worked in this project.
All models have advantages and disadvantages, so purchase a license and use your license key, rent virtual resources in data center in Germany or host your own hardware: each client decides for himself, based on his goals, requirements and budget.
Renting virtual resources allows the client to flexibly manage his IT infrastructure. And there are at least three advantages here:
- monthly payments can be made in small amounts;
- client gets the right to use the data center support;
- if necessary, it is possible to change the number of licenses and cancel them when they are no longer required.
The last point requires clarification. Renting is one of the easiest ways to save money, for example, when a part of the staff is dismissed – by disconnecting unused licenses while the new staff is recruited.
Purchase of licensed software allows a client to:
- allocate budget for several years in advance and forget about paying for licenses during this time;
- recoup investment in about 2-3 years compared to renting.
The main disadvantage of purchasing is that if upgrade is required, you will have to purchase the license again. Renting is more flexible solution in this respect: the client simply orders the necessary upgrade from the service provider and continues to use already upgraded hardware as usual. In addition, not all companies can afford large one-time investments in licensing, while even an enterprise with a modest budget can afford to rent and pay small amounts every month.
What is more profitable: to purchase or to rent? On one hand, it is more profitable to take your own server, put it on colocation in a data center, deploy the IT infrastructure by your own efforts, and monitor it yourself. However, for this purpose you should have a staff of specialists responsible for maintaining the operability of the server and the network hardware, i.e. you should include the salaries of such employees in the budget.
In the European Union it is a common practice for staff to monitor the condition of hardware themselves. A full-time system administrator or an outsourcing company is called upon in extreme cases when there is a really serious breakdown or malfunction of hardware, network, or software. The level of computer competence of the staff in European companies is quite high. Simple issues, such as a non-working printer or lost connection to Wi-Fi, are resolved by the staff. The fact is that professional services are expensive (€100-150 per hour), plus waiting for the specialist to arrive and perform repairs means that all this time the work may be put on pause, and this is economically unprofitable for the business..
Therefore, there is no point in inviting a system administrator to check the computer’s cable connection or reboot the PC. Almost any employee in every office can do this. For this purpose, it is not necessary to urgently call a specialized company or an in-house specialist. Even updates are often done by employees or executed automatically in accordance with the terms and conditions of group policies: during reboot or at night. Naturally, when serious work is required (e.g., putting new hardware into operation or fixing a breakdown), professionals are called in.
With server hardware, the story is slightly different: you require a whole team of IT specialists to maintain the server infrastructure but not every enterprise has one.
When clients rent virtual machines, they are simply getting rid of some of the tasks that otherwise would be executed by their company. Here, they outsource these tasks to a service provider. In this case, instead of the cost of maintaining an IT staff, the funds are spent on rent, and all work is performed by the data center employees. The client is provided not only with the availability and reliable operation of the hardware but with 24/7 technical support as well.
If resources are rented for a short or indefinite period of time, as a rule, it is not advisable to buy licenses. It is better to rent them on a monthly basis.
Thus, it makes sense to purchase a license in the following cases:
- the company can afford large one-time expenses;
- there is a full-fledged IT department on the staff for independent purchase of new licenses, activation and renewal;
- it is planned to keep the hardware in the data center for a long time.
The client planned to keep the infrastructure in a data center in Germany for at least 3 years, and, from economic point of view, it was more profitable for him to buy licenses. But the company had only one incoming system administrator, who could not physically cope with the entire scope of work to maintain the IT infrastructure: to update, customize, and adjust it. Therefore, in this situation, the client made a choice in favor of renting virtual machines under the SPLA system. The licenses were taken from the data center and virtual machine availability was placed under the responsibility of the service provider.
Assigning licenses to USB keys
The most acute issue in this case was the connection of USB keys. It was necessary to connect machine-named licenses to USB keys, of which the client had many, to virtual servers.
After analyzing the situation, we recommended using the most suitable solution for the client: to connect USB keys via USB-Over-IP technology. And we selected the necessary physical hardware: DIGI ANYWHEREUSB PLUS (8 ports available, 6 USB keys are connected at the moment).
By installing this hardware, the issue of scalability, which may be required in the future as the business grows, was solved. If over time all the ports in DIGI are filled with USB keys, it will be possible to replace it with a hardware that has more ports or to install an additional hardware that will perform the same functionality. This hardware also allows you to connect keys to different machines.
As a certified Cisco distributor, the service provider is very familiar with this manufacturer’s devices. That is why the client was offered a secured connection to the IT infrastructure via Cisco Secure Firewall ASA router and Cisco ASA 5506 firewall for VPN connection via AnyConnect.
All the above physical devices were integrated into a virtualization network where we deployed 15 virtual machines with different CPU, RAM and Storage settings.
Configuring Cisco ASA is usually not difficult. Therefore, the service provider usually performs only preliminary configuring and then provides the company’s technical specialists with one of the following access options:
- via server to which Cisco ASA is connected through a console cable;
- via IP address so that you can get to it via SSH.
The client’s engineers configure everything as they require, after which the terminal server is shut down. In this case it was the same: the provider’s specialists performed the initial configuring, while the rest was handled by the system administrator of the client company.
Thus, the client received a fully managed system, which made it possible to provide centralized data storage and forward USB keys from critical software.
Why the client required an additional VPN
The servers located in data center in Germany allowed the company’s employees to connect to them and work with ERP system as well. A reasonable question arises: why did the client require an additional VPN? The fact is that the infrastructure built on virtual machines had no public IP addresses. That is, there was no direct connection to the servers, except for the physical Cisco router on which the VPN was built. . And then it was connected to the publicly available Internet via physical cable. Accordingly, they joined the network device via VPN, and later on, in accordance with certain rules, they could connect to the internal network. So, a closed network was built from the very beginning of the project in order to exclude any leaks.
General recommendation for all data center clients: never use virtual machines running on MS Windows with a public IP address because there are a lot of vulnerabilities and risks in such case.
For companies that require access to the public network, it is better to take a public address, which is issued through the Firewall. For example, when a client wants to open RDP port 3389 to a certain number of IP addresses, he simply has to tell to the provider which public IP addresses can be connected to that port.
We create an Access-list (White-list) where we add the allowed IP addresses and ports to be opened, access rules, TCP and UDP protocols. The list is approved by the client and a special document, called “Firewall Rules”, is drawn. And then these rules are put into effect, protecting the client’s information resources. If necessary, they can be adjusted.
In this case, the most appropriate way to secure the infrastructure from external threats was to use an additional VPN.
The client planned to deploy a full-fledged infrastructure in the data center, which would include such components as:
- Exchange mail;
- file server;
- domain controller;
- application server;
- database server.
And each service required a separate virtual machine with specific characteristics: there were precise requirements for memory, CPU and other parameters. Capacity expansion was performed as needed: CPUs and RAM to virtual machines were added and additional server hardware and software (at the client’s request all selected software products were developed by Microsoft: read below why this particular vendor was required) were selected as part of the planned expansion.
Having started in 2016 with a small number of resources rented from a service provider, the client was able to seriously expand and ended up with a rather large-scale, modern and smoothly operating IT complex. Over the past 7 years, the volume of resources has more than doubled.
At the moment, all planned implementations have been completed. The company continues to use the services of a data center in Germany and further expand his IT infrastructure. In particular, the latest updates were the preparation of storage facilities for backups and documents and software, as well as the solution for standby VPN.
Storage for backups in the cloud
Initially, we suggested using Acronis solution for backups, which allows to independently configure the necessary backup settings within the allocated backup storage quota. Besides, the additional independent Storage was enabled for the client to backup file data. Over time, the company required an additional solution for backing up full virtual server images as well as Microsoft SQL databases.
The company was provided with all the data necessary for backup and infrastructure for Acronis-based solution in one data center but separated into different independent storages. Scheduling backups and the organization of the backup process was handled by the company’s in-house IT specialist.
Storage for public documents
At a certain point, the client required a secure document exchange system in addition to a file server. The company works in the financial sector, and employees often have to send links to ready-made documents and contracts to the company’s customers. For this purpose, it was necessary to provide him a separate storage with public access.
A SaaS solution called Secured Document Sharing, already implemented on the resources of the data center, was proposed and the requested number of accounts was provided for secure data transfer and document storage.
Secured Document Sharing is a kind of analogue of cloud file storage, organized on the same principles: access via login/password, documents upload, access rights distribution (read, write, and upload), generation and transfer of public link to a document file for external users, etc.
MikroTik for VPN
Recently, the client also requested a MikroTik-based solution for a standby VPN, and it was successfully integrated it into MikroTik CHR virtualization.
MikroTik CHR (Cloud Hosted Router) is a full-fledged router designed to work in a cloud environment. CHR includes all RouterOS features by default but its licensing model differs from the other RouterOS versions.
Why Microsoft software
Like any other serious European company, the client prefers to use licensed software and gives preference to proven Microsoft products. There are several reasons for this choice:
- Licensing allows easy certification and it is required by financial companies for reporting.
- MS provides a large number of tools, which enable an enterprise to build an entire system for document management and communication.
- An official license is the opportunity to update software in a timely manner, to use the vendor’s support, and to contact the vendor in case any technical issue occur.
Commercial software, as opposed to open source solutions such as Linux, provides the service a company requires, covers a wide range of tasks, simplifies work, and increases the company’s efficiency.
Besides partnership with Microsoft, the service provider also cooperates with other vendors. In particular, the service provider is a certified distributor of Cisco and Juniper. This gives clients the opportunity to purchase hardware and licenses with good discounts, rely on extended assistance from partners, and support from technical specialists. And for many companies from Europe, which use the services of data center in Germany, it is convenient and profitable.
Data center in Germany: client benefits
In 2016 we deployed IT infrastructure according to initial requirements of the client. For more than 7 years it has been fully serviced by the service provider, which provides its support, uninterrupted operation of hardware and virtualization.
IT reliability, saving on disk upgrades and maintenance costs
Responsibility for the stable operation of resources and services lays entirely with the provider. The client is completely relieved of worries associated with updating and replacing outdated and worn out disks. For example, if a disk in RAID starts to fail during virtualization, technicians simply replace it, notifying clients after the fact.
The number of physical servers on which virtualization is deployed is also provided with a reserve. Even in the event of a hardware failure, the clients’ infrastructures are safe. In this case data is automatically migrated to another server.
Migrations, upgrades, and other technical works are performed with minimal coordination. Usually, only a time interval for modifications is specified in order not to disrupt the continuity of business processes.
Saving on technical staff
By concentrating the maintenance of information resources in one hand, the client saves on maintaining its own staff of IT specialists. For solving technical issues inside the office it is enough to have just one incoming system administrator who works only half a day. If issues are detected, the system administrator can easily and quickly contact the service provider’s technical support team.
Monitoring virtualization non-stop
The service provider uses pool of servers and central Storage. All information about the state of virtual machines is constantly monitored, and in case of anomalies, a notification is sent immediately. If resource consumption reaches a critical limit (for example, CPU reaches 90-95%), technicians immediately see which running processes caused it and take the necessary actions: stop them or restart them.
When virtual machines approach the maximum threshold of resource consumption or exceed the limit, the client is immediately notified and offered to increase the capacity. At the same time, the client can see the statistics on server resource consumption and CPU utilization in his personal cabinet and can contact support.
Special conditions for large-scale projects
This was a large-scale project, which included virtualization, selection of server hardware and many other works. Therefore, the estimate was calculated based on the total project cost: taking into account the purchase of physical hardware, rent of virtual server, combined colocation services and dedicated Internet.
This helped the client to save about 15-20% compared to the cost calculated on the basis of standard tariffs for individual types of hardware and services.
Client-initiated upgrade: fast and secure
The provider offers two types of storage: SSD and regular, slower disk. If a client has new hardware or software that has higher IOPS requirements and needs a higher performance drive, a time window for the upgrade is simply agreed upon and the data is migrated to the new storage.
The connectivity of data center in Germany is high. Everything is redundantly connected via 40-gigabit links, so the data transfer is very fast. And after the transfer is completed, the client receives his virtual machine on a new, more modern and faster storage. For regular clients and large contracts, there is not even a recalculation.
Upgrading data center hardware: free of charge for clients
When there is an upgrade in the data center, it happens without price changes. The transition to new hardware does not affect customers financially. The contract is not revised in the direction of cost increase: the service continues on the same terms.
Before the start of the project, a lot of time was spent on preliminary discussion of nuances – it took several months for approvals and preparation. In addition, the infrastructure was built from scratch, so there were no transitional stages, where surprises often occur. Therefore, there were no difficulties or disruptions in the project.
Everything went as planned and smooth: the technical specialists got together, agreed on the details, provider’s team launched and prepared the IT infrastructure for work. It was then handed over to the company’s system administrator, who made the necessary internal adjustments and now maintains it. The service provider maintains IT resources, ensuring virtualization and server hardware reliability and technical support. For example, when the need for a second VPN arose, the system administrator contacted the support team and a backup virtual server with MikroTik CHR pre-installed was promptly added.
How long did it take to implement the project
In total, the work on the project lasted several months. The approvals and organizational aspects took about 3 months. The infrastructure deployment in the data center was completed in two weeks.
Who was involved in the project
- Product manager handled all negotiations, coordination, contract preparation and all coordination issues.
- Two people, a network engineer and a system administrator, were involved in the infrastructure deployment from the service provider’s side. A technical architect also helped to build the infrastructure.
- On the client’s side, a network engineer and a server specialist participated in the project.
Advisory support was provided by a technical specialist from the company that recommended data center in Germany to the client.
Companies operating in different spheres come to the service provider with various needs and budgets. Technical directors’ perceptions of IT infrastructure model are different as well. The service provider’s team has to deal with a variety of tasks. In one project it has to migrate hardware to a data center (for example, from On premises to the cloud in Cloud Solution) or migrate from a local data center to Europe. Others, on the contrary, need to migrate from a cloud platform to an on-premises solution. Startups in general need to deploy resources from scratch. Some companies are expanding, others, on the contrary, are reducing the amount of hardware. The views on how to maintain IT infrastructure reliability are different as well. Sometimes a business requires 24/7 access to resources and support, and sometimes it’s important that maintenance work is done exclusively at night..
If a service provider’s team is constantly evolving, adapting to the market and following current trends, clients benefit first and foremost For example, since this project, there has been an increase in client requests for Firewall implementations, both physical and software (Software), from today’s leading brands such as Juniper, Cisco, NetGate, FortiNet, Mikrotik, and Sophos.
How to select a data center in Germany? Deals from top five data centers in Germany.
Download the checklist, compare quality of service and price levels.
How to select a data center in Germany? Deals from top five data centers in Germany.
Download the checklist, compare quality of service and price levels.
At the same time, it should be understood that there are no universal solutions: each client should be offered an individual option of cooperation, based on the company’s goals, plans and budget.
network engineer and a consultant in interactions with leading equipment vendors and manufactures