Cloud and Consulting: Case for Private Cloud Migration
Not so long ago, we, as an IaaS provider, began to talk about the myths [ Part 1 , Part 2 ] that developed around cloud technologies, and tried to dispel them. This time we would like to tell you about a company that has rejected all doubts and decided to take advantage of the cloud.
In today's article, we want to share the history of the IT development of one of our clients, Progress-Neva Group, and talk about their path to cloud technologies: from the creation of the first VPS terminal server to the almost complete migration to a private cloud .
The company " Progress-Neva Group " is engaged in engineering and economic design, auditing and consulting, and works with large amounts of critical data. Regular interaction with government customers imposes on it a number of strict restrictions on information processing procedures. When making decisions on technical modernization, such companies need, first of all, to build on formal requirements, and not only on their own initiatives.
')
During the first years of working with "iron" everything was in order. But by 2013, the company began to actively develop, and the number of employees and the load on equipment - to grow. There is a need to upgrade the database server / files and deploy the remote desktop host. It was necessary to set up a safe working environment for employees from any place and from different devices (PCs, laptops and tablets) so that they could work with resource-intensive software tied to the Windows platform.
At the same time, it was necessary to increase and decrease the characteristics of the system under the current load, since for the company it is not constant and is particularly high only a couple of months a year.
All this gradually forced the company to think about renting a remote server to configure Terminal Services on it.
Choosing a provider for renting a VPS server from several options, Progress-Neva stopped at our service 1cloud.ru . The decisive factors, according to the director of the company, were the availability of round-the-clock technical support and the ability not only to increase the capacity of the equipment, but also to reduce:
In parallel with the start of its cloud path, Progress-Neva upgraded the “iron” file / database server: the RAM was increased (up to 16GB) and SAS RAID 5 was implemented. »I had to attract 1C technical support specialists.
Against the background of positive impressions of using a virtual server, the company decided to move fully to the cloud, especially since the number of users was constantly growing. Convinced of the stability of the terminal server on VPS from 1cloud, Progress-Neva deployed a private cloud of virtual servers. It included an existing terminal server, database server, file server, main domain controller, virtual router / Firewall pfSense.
In the process of consultations prior to the migration to the provided cloud, we suggested that the client differentiate the roles of the machines, increasing their number, but choosing modest enough configurations to reduce the risk of failure of several logical infrastructure elements at once.
To isolate VPS servers from the outside world, it was decided to connect them to a private network and install a virtual pfSense router on its border. In the office, the client left only one machine, which was assigned the role of a backup domain controller and backup storage of the entire virtual and physical infrastructure.
As we noted earlier, the specifics of the Progress-Neva Group work is not only the nonlinearity of loads on workers and equipment, but also the need to attract a considerable number of agents for project employment. At the same time, the involved parties often require distributed access to certain segments of the Progress-Neva corporate infrastructure (as a rule, a file server and certain databases).
Manually sharing files and uploads is inconvenient and insecure; the company is not ready to provide unprotected and uncontrolled access to third parties, as it is not sure about the safety of devices and channels on their part. Manually setting up a VPN connection on every external client that needs access is expensive, at least in time.
Therefore, Progress-Neve needed a solution that would allow it to quickly set up a stable secure channel to connect a large number of external clients without the need to configure each client device. As a solution to the problem, we in 1cloud.ru suggested setting up a Site-to-Site VPN and sending step-by-step instructions on how to implement it based on a separate pfSense virtual server connected to our main pfSense gateway.
As a result, Progress-Neva Group received a separate VPN server for third-party employees. Manual configuration of each client connected to it is not required, since pfSense can automatically generate OpenVPN installation packages for Windows, to which the necessary settings have already been added. For other operating systems, automatic generation of client settings files is possible.
It remains only to send the program's installation file to the partner and provide the password for his account - after a couple of clicks in the web interface, the new user already has access to the required network segments with clearly defined boundaries. You can also, for example, create multiple client configurations at once, and then simply send out ready-made information for clients to connect.
The partner virtual router is connected to the main pfSense gateway through a separate VPN channel (Site-to-Site VPN). From our client’s side, for this channel, the rules of access to the internal network (nodes and ports to which connection can be made) are configured. At any time guest connection can be closed by simply disabling Site-to-Site VPN from the side of the main network.
Having certain experience in server hardware maintenance, Progress-Neva Group decided to make a virtualization choice: first, VPS-server for terminal services, and then - almost complete migration of corporate machines to the private cloud 1cloud.ru.
As a result, our collaboration with the client allowed us to deploy an effective technical solution for servicing secure virtual private networks, including Site-to-Site VPN, which meets the requirements of the client company. We in 1cloud hope that in the future we will be able to offer suitable ways to solve the emerging technological problems of our customers. To this end, we are constantly working to improve our own services and analyze our past experience .
In today's article, we want to share the history of the IT development of one of our clients, Progress-Neva Group, and talk about their path to cloud technologies: from the creation of the first VPS terminal server to the almost complete migration to a private cloud .
The company " Progress-Neva Group " is engaged in engineering and economic design, auditing and consulting, and works with large amounts of critical data. Regular interaction with government customers imposes on it a number of strict restrictions on information processing procedures. When making decisions on technical modernization, such companies need, first of all, to build on formal requirements, and not only on their own initiatives.
')
“Initially, when building our IT infrastructure, we were guided by the traditional approach, so we acquired physical servers under a small load at that time. We did not have a full-time system administrator, so a visiting system administrator was brought in for the initial configuration of the servers and the network, which later served our company.
Based on 11 employees, the initial infrastructure included: Active Directory domain controller (Core 2 Duo, 2 GB RAM, SATA RAID 1, Windows Server 2008), database server / file storage (Xeon E3110, 6GB RAM, SAS RAID 1, Windows Server 2008), D-Link router, personal computers and office equipment, ”says Svetlana Yuryevna Parfentieva, General Director of Progress-Neva Group.
During the first years of working with "iron" everything was in order. But by 2013, the company began to actively develop, and the number of employees and the load on equipment - to grow. There is a need to upgrade the database server / files and deploy the remote desktop host. It was necessary to set up a safe working environment for employees from any place and from different devices (PCs, laptops and tablets) so that they could work with resource-intensive software tied to the Windows platform.
At the same time, it was necessary to increase and decrease the characteristics of the system under the current load, since for the company it is not constant and is particularly high only a couple of months a year.
Moving to the cloud
All this gradually forced the company to think about renting a remote server to configure Terminal Services on it.
“After consulting with several IT specialists, we realized that a virtual server in the cloud would be suitable for our purposes, since its configuration can be changed without downtime,” says Svetlana. “True, I had to spend a few days understanding what a“ cloud server ”is and then overcoming skeptic about an unknown service. As a result, we agreed on the opinion that it is worthwhile in a test mode to deploy a remote desktop server in the cloud, but to store important information in the local office file storage connected to it ”.
Choosing a provider for renting a VPS server from several options, Progress-Neva stopped at our service 1cloud.ru . The decisive factors, according to the director of the company, were the availability of round-the-clock technical support and the ability not only to increase the capacity of the equipment, but also to reduce:
“We were pleased with the convenient and intuitive server control panel. We ordered the VPS server with the following configuration: 3 CPU cores (2 GHz) Dell PowerEdge R810, 8GB RAM, NetApp SAS disk, Windows Server 2008 OS. ”
In parallel with the start of its cloud path, Progress-Neva upgraded the “iron” file / database server: the RAM was increased (up to 16GB) and SAS RAID 5 was implemented. »I had to attract 1C technical support specialists.
"For the convenience and safety of users with shared network resources, we were recommended to create a VPN and allow access to it only from the office network," commented Progress-Neva. - Following the recommendations, we raised the OpenVPN server on the same virtual terminal host 1cloud and were satisfied - now our corporate data is transmitted via a secure channel even through public Wi-Fi, and remote access to desktops, databases and files is closed for everyone except VPN clients or enterprise intranet. "
Against the background of positive impressions of using a virtual server, the company decided to move fully to the cloud, especially since the number of users was constantly growing. Convinced of the stability of the terminal server on VPS from 1cloud, Progress-Neva deployed a private cloud of virtual servers. It included an existing terminal server, database server, file server, main domain controller, virtual router / Firewall pfSense.
In the process of consultations prior to the migration to the provided cloud, we suggested that the client differentiate the roles of the machines, increasing their number, but choosing modest enough configurations to reduce the risk of failure of several logical infrastructure elements at once.
To isolate VPS servers from the outside world, it was decided to connect them to a private network and install a virtual pfSense router on its border. In the office, the client left only one machine, which was assigned the role of a backup domain controller and backup storage of the entire virtual and physical infrastructure.
Expansion of cloud channels. Site-to-Site VPN
As we noted earlier, the specifics of the Progress-Neva Group work is not only the nonlinearity of loads on workers and equipment, but also the need to attract a considerable number of agents for project employment. At the same time, the involved parties often require distributed access to certain segments of the Progress-Neva corporate infrastructure (as a rule, a file server and certain databases).
Manually sharing files and uploads is inconvenient and insecure; the company is not ready to provide unprotected and uncontrolled access to third parties, as it is not sure about the safety of devices and channels on their part. Manually setting up a VPN connection on every external client that needs access is expensive, at least in time.
Therefore, Progress-Neve needed a solution that would allow it to quickly set up a stable secure channel to connect a large number of external clients without the need to configure each client device. As a solution to the problem, we in 1cloud.ru suggested setting up a Site-to-Site VPN and sending step-by-step instructions on how to implement it based on a separate pfSense virtual server connected to our main pfSense gateway.
As a result, Progress-Neva Group received a separate VPN server for third-party employees. Manual configuration of each client connected to it is not required, since pfSense can automatically generate OpenVPN installation packages for Windows, to which the necessary settings have already been added. For other operating systems, automatic generation of client settings files is possible.
It remains only to send the program's installation file to the partner and provide the password for his account - after a couple of clicks in the web interface, the new user already has access to the required network segments with clearly defined boundaries. You can also, for example, create multiple client configurations at once, and then simply send out ready-made information for clients to connect.
The partner virtual router is connected to the main pfSense gateway through a separate VPN channel (Site-to-Site VPN). From our client’s side, for this channel, the rules of access to the internal network (nodes and ports to which connection can be made) are configured. At any time guest connection can be closed by simply disabling Site-to-Site VPN from the side of the main network.
Summing up
Having certain experience in server hardware maintenance, Progress-Neva Group decided to make a virtualization choice: first, VPS-server for terminal services, and then - almost complete migration of corporate machines to the private cloud 1cloud.ru.
“Despite the rather high cost of virtual servers compared to the apparent cost of servicing their own equipment, sometimes the cloud is cheaper. In our case, a private cloud is more profitable because we save time, the cost of which is high for us. Also liked the work of technical support 1cloud. We received two brief but competent answers that played a decisive role in the planning of our infrastructure, ”said the Progress-Neva Group system administrator.
As a result, our collaboration with the client allowed us to deploy an effective technical solution for servicing secure virtual private networks, including Site-to-Site VPN, which meets the requirements of the client company. We in 1cloud hope that in the future we will be able to offer suitable ways to solve the emerging technological problems of our customers. To this end, we are constantly working to improve our own services and analyze our past experience .
Source: https://habr.com/ru/post/309238/
All Articles