Case study: How to reduce business costs in Europe by 15% by moving IT infrastructure to the Frankfurt data center
Contents
- 1 Background
- 2 Objectives
- 3 Work on a project to deploy IT infrastructure in a data center in Germany: key milestones
- 4 Software licensing
- 5 Rent VS Purchase
- 6 Assigning licenses to USB keys
- 7 Secured connection
- 8 System configuring
- 9 Why the client required an additional VPN
- 10 Important notice
- 11 Infrastructure expansion
- 12 Storage for backups in the cloud
- 13 Storage for public documents
- 14 MikroTik for VPN
- 15 Data center in Germany: client benefits
- 15.1 IT reliability, saving on disk upgrades and maintenance costs
- 15.2 Saving on technical staff
- 15.3 Monitoring virtualization non-stop
- 15.4 Special conditions for large-scale projects
- 15.5 Client-initiated upgrade: fast and secure
- 15.6 Upgrading data center hardware: free of charge for clients
- 15.7 Complications
- 16 How long did it take to implement the project
- 17 Who was involved in the project
- 18 Conclusion
As a service provider, we have mutually beneficial partnerships with a large number of companies in various sectors of the economy. They often recommend us to their clients and partners. This was the case with the project we want to tell you about in this case study.
Background
One of our business partners is engaged in similar activities in another country: like us, he provides virtual and physical servers for hosting and performs integrations. He takes partial resources to Europe for resource redundancy from our data center (DPC) and knows very well how we operate and the level of service we provide. Therefore, having done his part of the work for another client, he offered to deploy client resources in our data center in Germany.
This choice for IT resources location was practical, because the office of the financial company (hereinafter – the client) was located in European country, and our data center is located in Frankfurt, Germany. This location ensures availability of required resource, their security and reliability. The cooperation with the client, which started in 2016, is still ongoing, so this shows that the decision made at that time was the right one.
We wrote already about the benefits of locating IT infrastructure in a data center located in the financial capital of Europe here.
The company has only one system administrator on staff, who works part-time and deals with internal settings. Hosting IT resources in a data center in Germany allowed us to solve another problem: it was supposed to optimize some of the system administrator’s functions by transferring them to us.
Objectives
After talking to our business partner, the client had a clear vision of how the IT infrastructure should be organized and came to us with a specific task that consisted of two components: hardware and software. We had to provide virtualization (virtual machines) and assistance in selecting server hardware, in particular a physical router and VPN. In addition, we had to solve the issue of connecting a large number of USB keys and licensing, as well as to select solutions for backup and storage of public documents.
Work on a project to deploy IT infrastructure in a data center in Germany: key milestones
- We provided a virtual infrastructure based on Oracle hypervisor.
- Customized the settings of the basic configuration.
- Installed the operating systems (MS Windows).
When the virtual machines were fully ready to work, we provided the client’s system administrator access to the virtualization. And he was already engaged in further internal configuration: configuring domain zones, domain, group policies, Active Directory, Exchange mail, etc. If our help was required during the configuring process, for example, to connect additional disks, RAM or increase the number of processors – we provided prompt technical support.
As for the choice of physical server hardware, based on the client’s business needs, our engineers selected two additional solutions for the financial company: for VPN and USB keys.
And now, here are some nuances of the project implementation.
Software licensing
Our data center in Germany is a certified Microsoft partner under the Services Provider License Agreement (SPLA), which entitles us to license and lease the vendor’s software services and applications as well as to provide customized services. The software can be hosted as part of the services offered to end users on a monthly basis (subject to a 3-year contract).
The client preferred the products of this company and wanted the software to be licensed from our side. Therefore, at his request, we issued licenses for all the system and application software installed by us, so that the company could receive direct updates from Microsoft, use the latest versions of software (if necessary, to obtain rights to the previous version), and get the demo environment at his disposal.
In addition to Microsoft licenses we also provide licenses for Adobe, AutoCAD, Acronis and 50+ other vendors.
We have transferred MS Windows operating system licenses, MS SQL licenses, RDP CAL licenses to the client. The total number of licenses issued is presented in the table below:
Product | Quantity of licenses |
---|---|
Connecting Anyconnect | 100 |
Microsoft Windows Server | 10 |
Microsoft Exchange Standard Plus SAL | 10 |
Microsoft RDS Cal | 6 |
Microsoft SQL SAL | 10 |
Microsoft Office Standard + Microsoft Office Language Pack | 10 |
Microsoft Visio | 6 |
Adobe Acrobat DC Professional Multiple Platforms, International English | 5 |
Adobe Acrobat DC Standard, Windows, International English | 4 |
ABBYY FineReader 12 Corporate Edition, Windows, multilingual | 8 |
ABBYY FineReader 12 Corporate Edition, Windows, multilingual | 8 |
Rent VS Purchase
There are three models for using data center hardware and licensing: purchasing from a data center, renting on a month-to-month basis, and hosting your own hardware. These models are used both in Germany and across Europe. But not all European service providers offer a choice: many are ready to cooperate only on the license terms. Our position is different, we offer our clients to select the option that is more suitable for them.
All these options have advantages and disadvantages, so purchase a license and use your license key, rent virtual resources in our data center in Germany or host your own hardware: each client decides for himself, based on his goals, requirements and budget.
Leasing virtual resources allows you to flexibly manage your IT infrastructure. And there are at least three advantages here:
- monthly payments can be made in small amounts;
- client gets the right to use the data center support;
- if necessary, it is possible to change the number of licenses and cancel them when they are no longer required.
The last point requires clarification. Renting is one of the easiest ways to save money, for example, when a part of the staff is dismissed – by disconnecting unused licenses while new staff is recruited.
Purchase of licensed software allows you to:
- allocate budget for several years in advance and forget about paying for licenses during this time;
- recoup investment in about 2-3 years compared to renting.
The main disadvantage of purchasing is that if upgrade is required, you will have to purchase the license again. Renting is more flexible solution in this respect: the client simply orders the necessary upgrade from the service provider and continues to use already upgraded hardware as usual. In addition, not all companies can afford large one-time investments in licensing, while even an enterprise with a modest budget can afford to rent and pay small amounts every month.
What is more profitable: to purchase or to rent? On one hand, it is more profitable to take your own server, put it on colocation in a data center, deploy the IT infrastructure by your own efforts, and monitor it yourself. However, for this purpose you should have a staff of specialists responsible for maintaining the operability of the server and the network hardware, i.e. you should include the salaries of such employees in the budget.
In the European Union it is a common practice for staff to monitor the condition of hardware themselves. A full-time system administrator or an outsourcing company is called upon in extreme cases when there is a serious breakdown or malfunction of devices, network, or software. The level of computer competence of the staff is quite high. Simple issues, such as a non-working printer or lost connection to Wi-Fi, are resolved by the staff. The thing is that professional services are expensive (€100-150 per hour) plus waiting for a specialist to arrive means that all this time the work is put on pause.
Therefore, there is no point in inviting a system administrator to check the computer’s cable connection or reboot the PC. Almost any employee in every office can do this. For this purpose, it is not necessary to urgently call a specialized company or an in-house specialist. Even updates are often done by employees or executed automatically in accordance with the terms and conditions of group policies: during reboot or at night. Naturally, when serious work is required (e.g., putting new hardware into operation or fixing a breakdown), professionals are called in.
With server hardware, the story is slightly different: you require a whole team of IT specialists to maintain the server infrastructure but not every enterprise has one.
When clients rent virtual machines, they are simply getting rid of some of the tasks that otherwise would be executed by their company. Here, they outsource these tasks to a service provider. In this case, instead of the cost of maintaining an IT staff, the funds are spent on rent, and all work is performed by the data center employees. The client is provided not only with the availability and reliable operation of the hardware but with 24/7 technical support as well.
If resources are rented for a short or indefinite period of time, in our opinion, it is not advisable to buy licenses. It is better to rent them on a monthly basis.
Thus, it makes sense to purchase a license in the following cases:
- the company can afford large one-time expenses;
- there is a full-fledged IT department on the staff for independent purchase of new licenses, activation and renewal;
- it is planned to keep the hardware in the data center for a long time.
Our client planned to keep the infrastructure in a data center in Germany for at least 3 years, and, from economic point of view, it was more profitable for him to buy licenses. But the company had only one incoming system administrator, who could not physically cope with the entire scope of work to maintain the IT infrastructure: to update, customize, and adjust it. Therefore, in this situation, the client made a choice in favor of renting virtual machines under the SPLA system. The licenses were taken from us, and the availability of virtual machines was transferred to us within our responsibility.
Assigning licenses to USB keys
The most acute issue in this case was the connection of USB keys. It was necessary to connect machine-named licenses to USB keys, of which the client had many, to virtual servers.
After analyzing the situation, we recommended using the most suitable solution for the client: to connect USB keys via USB-Over-IP technology. And we selected the necessary physical hardware: DIGI ANYWHEREUSB PLUS (8 ports available, 6 USB keys are connected at the moment).
By installing this hardware, the issue of scalability, which may be required in the future as the business grows, was solved. If over time all the ports in DIGI are filled with USB keys, it will be possible to replace it with a hardware that has more ports or to install an additional hardware that will perform the same functionality. This hardware also allows you to connect keys to different machines.
Secured connection
Our company is a certified distributor of Cisco, we know well the devices of this manufacturer. That is why we offered the client to provide secure connection to the IT infrastructure via Cisco Secure Firewall ASA router and Cisco ASA 5506 firewall for VPN connection via AnyConnect.
System configuring
We integrated all of the above physical hardware into the virtualization network where we deployed 15 virtual machines with different CPU, RAM and Storage settings.
Configuring Cisco ASA is usually not difficult. Therefore, as a rule, we do only a preliminary configuring. Then we provide the company’s technical specialists with one of the following access options:
- direct;
- via server to which Cisco ASA is connected through a console cable;
- via IP address so that you can get to it via SSH.
The client’s engineers configure everything as they require, after which the terminal server is shut down. In this case it was the same: we did the initial configuration, and the rest was handled by the system administrator of the client company.
This way, we provided the client with a fully managed system that allowed for centralized storage and transfer of USB keys to mission-critical software.
Why the client required an additional VPN
The servers located in our data center in Germany allowed the company’s employees to connect to them and work with ERP system as well. A reasonable question arises: why did the client require an additional VPN? The fact is that the infrastructure built on virtual machines had no public IP addresses. That is, there was no direct connection to the servers, except for the physical Cisco router on which the VPN was built. And then it was connected to the publicly available Internet via physical cable, which was coming from us, where we were the provider. Accordingly, they joined the network device via VPN, and later on, in accordance with certain rules, they could connect to the internal network. So, a closed network was built from the very beginning of the project in order to exclude any leaks.
Important notice
We always recommend our clients not to use virtual machines on MS Windows with a public IP address because there are a lot of vulnerabilities and risks in such case.
For companies that require access to the public network, we have a special service: we issue a public address through our Firewall. For example, a client comes to us and says that he wants to open RDP port 3389 for certain number of IP addresses. And he tells us which public IP addresses should be connected to that port.
We create an Access-list (White-list) where we add the allowed IP addresses and ports to be opened, access rules, TCP and UDP protocols. We coordinate the list with the client and make a special document, so-called “Firewall Rules”. And then these rules are put into effect, protecting the client’s information resources. If necessary, they can be adjusted.
In this case, the most appropriate way to secure the infrastructure from external threats was to use an additional VPN.
Infrastructure expansion
The client planned to deploy a full-fledged infrastructure in the data center, which would include such components as:
- Exchange mail;
- file server;
- domain controller;
- application server;
- database server.
And each service required a separate virtual machine with specific characteristics: there were precise requirements for memory, CPU and other parameters. Capacity expansion was performed as needed: we added CPUs and RAM to virtual machines and we selected additional server hardware and software (at the client’s request all selected software products were developed by Microsoft: read below why this particular vendor was required), as part of the planned expansion.
Having started in 2016 with a small number of resources, with our help the client was able to seriously expand and as a result got a fairly large-scale, modern and smoothly operating IT complex. Over the past 7 years, the volume of resources has more than doubled.
At the moment, all planned implementations have been completed. The company continues to use the services of our data center in Germany and further expand his IT infrastructure. In particular, the latest updates were the preparation of storage facilities for backups and documents and software, as well as the solution for standby VPN.
Storage for backups in the cloud
Initially, we suggested using Acronis solution for backups, which allows to independently configure the necessary backup settings within the allocated backup storage quota. Besides, the additional independent Storage was enabled for the client to backup file data. Over time, the company also required an additional solution for backing up full virtual server images as well as Microsoft SQL databases.
We provided all the data and infrastructure required for backup for the Acronis-based solution in one data center but separated into different independent storages. An in-house IT specialist of the company was responsible for scheduling the backup launch and organizing the backup process.
Storage for public documents
At a certain point, the client required a secure document exchange system in addition to a file server. The company works in the financial sector, and employees often have to send links to ready-made documents and contracts to the company’s customers. For this purpose, it was necessary to provide him a separate storage with public access.
We offered him a SaaS solution called Secured Document Sharing, which was already implemented on our resources. We provided the requested number of accounts for secure data transfer and document storage.
Secured Document Sharing is a kind of analogue of Dropbox file storage, organized on the same principles: access via login/password, documents upload, access rights (read, write, and upload), distribution, a public link to a document file generation and transfer for external users, etc.
MikroTik for VPN
Recently, the client also requested a MikroTik-based solution for a standby VPN, and we successfully integrated it into our MikroTik CHR virtualization.
MikroTik CHR (Cloud Hosted Router) is a full-fledged router designed to work in a cloud environment. CHR includes all RouterOS features by default but its licensing model differs from the other RouterOS versions.
Why Microsoft software
Like any other serious European company, our client prefers to use licensed software and gives preference to proven Microsoft products. There are several reasons for this choice:
- Licensing allows easy certification and it is required by financial companies for reporting.
- MS provides a large number of tools, which enable an enterprise to build an entire system for document management and communication.
- An official license is the opportunity to update software in a timely manner, to use the vendor’s support, and to contact the vendor in case any technical issue occur.
Commercial software, as opposed to open source solutions such as Linux, provides the service a company requires, covers a wide range of tasks, simplifies work, and increases the company’s efficiency.
In addition to our partnership with Microsoft, we also cooperate with other vendors. In particular, we are a certified distributor of Cisco and Juniper. This gives our clients the opportunity to purchase hardware and licenses with good discounts. And for many companies from Europe, which use the services of our data center in Germany, it is convenient and profitable. Buying from us, clients can count on our assistance and extended partner support.
Data center in Germany: client benefits
In 2016 we deployed IT infrastructure according to initial requirements of the client. For more than 7 years it has been under our full service: we maintain and ensure smooth functioning of hardware and virtualization.
IT reliability, saving on disk upgrades and maintenance costs
We take full responsibility for resource availability and maintenance. We save the client from the worries associated with updating and replacing outdated and worn out disks. For example, if a disk in RAID starts to drop out on virtualization, we simply replace it, usually notifying clients after the fact.
The number of physical servers on which virtualization is deployed is also provided with a reserve. Even in the event of a hardware failure, our clients‘ infrastructures are safe. In this case data is automatically migrated to another server.
Migrations, upgrades, and other technical works are performed with minimal coordination. Usually, we only agree with the client on the time interval for modifications in order not to disrupt the continuity of business processes.
Saving on technical staff
By concentrating the maintenance of information resources in our hands, the client saves on maintaining its own staff of IT specialists. For solving technical issues inside the office it is enough to have just one incoming system administrator who works only half a day. At the same time, we are in close contact with the client: if any technical issue occurs, the system administrator can easily contact our support team.
Monitoring virtualization non-stop
We use a pool of servers and central Storage. All information about the state of virtual machines is constantly monitored. In case of anomalies we are immediately notified. If resource consumption reaches its critical limit (for example, CPU reaches 90-95%), we immediately see which running processes caused it and take the necessary actions: stop them or restart them.
When virtual machines approach the maximum threshold of resource consumption or exceed the limit, we contact the client and offer to increase their capacity. At the same time, the client also sees statistics on server resource consumption and CPU utilization in his personal cabinet and contacts us.
Special conditions for large-scale projects
We always work with clients on an individual basis. This was a large-scale project, which included virtualization, selection of server hardware and many other works. That’s why we calculated the estimates on the basis of the total project cost: taking into account the purchase of physical hardware, renting of virtual servers, combined hosting services and dedicated Internet. This helped the client to save about 15-20% compared to the cost calculated on the basis of standard tariffs for individual types of hardware and services.
Client-initiated upgrade: fast and secure
We have two types of storage: SSD and regular, slower disk. If a client has a new hardware or software that has higher IOPS requirements and requires a higher-performance drive, we simply agree on a time interval for the works and transfer data to the new storage.
The connectivity of our data center in Germany is high. Everything is redundantly connected via 40-gigabit links, so the data transfer is very fast. And after the transfer is completed, the client receives his virtual machine on a new, more modern and faster storage. For regular clients and large-scale contracts we don’t even do the budget recalculation.
In general, we work with each client on a personal basis. If, for example, the cooperation has been going on for several years and the client company requests improvement, we can make a favorable individual offer for the client.
Upgrading data center hardware: free of charge for clients
When upgrade takes place, we do it without changing the price. When we switch to a new hardware in the data center, it does not affect the client financially. We do not revise the contract in the direction of an increase in cost but continue maintenance on the same terms.
Complications
Before we started implementation, we spent a lot of time discussing the nuances beforehand: it took us several months for approvals and preparations. In addition, the infrastructure was built from scratch, so there were no transitional stages, where surprises often occur. Therefore, there were no difficulties or disruptions in the project.
Everything went as planned and smooth: the technical specialists got together, agreed on the details, our team launched and prepared the IT infrastructure for work. Then we handed it over to the system administrator, who made the necessary internal settings and now keeps it up and running. For our part, we maintain IT resources, ensuring virtualization and server hardware reliability and technical support. For example, when the need to add a second VPN arose, the system administrator contacted our technical support team and we added a reserved virtual server with pre-installed MikroTik CHR.
How long did it take to implement the project
In total, the work on the project lasted several months. The approvals and organizational aspects took about 3 months. The infrastructure deployment in the data center was completed in two weeks.
Who was involved in the project
- Our product manager handled all negotiations, coordination, contract preparation and all coordination issues.
- Two people, a network engineer and a system administrator, were involved in the infrastructure deployment from our side. A technical architect also helped to build the infrastructure.
- On the client’s side, a network engineer and a server specialist participated in the project.
Advisory support was provided by a technical specialist from the company that recommended our data center in Germany to the client.
Conclusion
Companies operating in different spheres come to us with various needs and budgets. Technical directors‘ perceptions of IT infrastructure model are different as well. As a service provider, we have to deal with a variety of tasks. Some projects need to migrate hardware to a data center (for example, from On premises to the cloud in Cloud Solution) or migrate from a local data center to Europe. Others, on the contrary, need to migrate from a cloud platform to an on-premises solution. Startups in general need to deploy resources from scratch. Some companies are expanding, others, on the contrary, are reducing the amount of hardware. The views on how to maintain IT infrastructure reliability are different as well. Some businesses require 24/7 access to resources and support, while others want maintenance to be performed only at night.
Our team is constantly evolving, adapting to the market and implementing relevant solutions. For example, after implementation of this project and in response to the client requests, we started offering Firewall solutions, both physical and software (Software) by leading modern brands such as Juniper, Cisco, NetGate, FortiNet, MikroTik and Sophos.
We do not have universal solutions: we offer each client an individual option of cooperation, based on the company’s goals, plans and taking into account its budget.