Ensure security in a staff management cloud service

One of the main challenges in a project to adapt a data service to new requirements is to ensure its scalability. Each upgrade of the IT infrastructure should be designed to steadily expand the services, computational and storage capacity, with full freedom in order to support business growth and new business objectives.

These considerations are all the more true if the services in question are not provided internally, but are supplied to hundreds of other client companies. This is the case, for example, with companies specializing in software and solutions for the management, administration and organization of the work of its customer companies.

In particular, the client who chose to engage Lutech after careful software selection is one that provides personnel management services to hundreds of companies of different sizes, from SMEs to large multinationals and public administration clients. Services that are distributed “as-a-service” or outsourced (light or full) and that must be guaranteed to the thousands of resources that access them every day through a cloud-based IT solution.

Implemented in 2004 in an “internal” data center, the IT infrastructure has been expanded and upgraded on several occasions to support the increase in services provided in private cloud mode, i.e. cloud PaaS rather than cloud IaaS. The strategy followed, therefore, provided for hardware updates through an increase aimed at supporting the most critical areas on a case-by-case basis. The company has thus been able to manage growth with complete peace of mind.

The project implemented by Lutech immediately focused on availability of the various multi-service web applications and their ease of use in complete security. First, a central consolidation process for the management of proprietary web-based applications was required to neutralize operational downtime and avoid data loss or delays.

The growth of customers, and consequently of access to services, was reaching a level of saturation such to increase the risk of service interruptions and other technical issues, including the exhaustion of IP addresses.

Together with the customer, Lutech opted to incorporate the F5 solution. The choice proved to be the most appropriate thanks above all to the solution’s high levels of flexibility in accompanying the numerous and essential updates to the available services. The components now in use are the Local Traffic Manager (LTM), the heart of F5, which is used to ensure the availability of the services provided. Indeed, F5 intelligently distributes the connections to the services over a battery of identical servers that therefore provide the same service.

In addition, traffic to and from the services provided was optimized, thus increasing performance and avoiding inefficiencies, thanks to F5’s ability to manage the unavailability of a server in real time. The Access Policy Manager (APM) module is also a security component that allows, for example, the authentication of users through strong authentication and is essential for integration with services based on other authentication infrastructures.

The Sinergy F5 solution also had to be incorporated while ensuring business continuity. For this reason, agreement with the client, a collaborative approach and the technological expertise demonstrated by the Lutech team proved decisive. This combination meant that it was possible to put the new solution into production in just three months, with virtually no impact on the services provided.

A significant scope of coverage of the tool introduced concerned the optimized management and consolidation of digital certificates. For clients like this, renewing more than thirty IP address certificates each year can be extremely expensive. With the introduction of Sinergy F5, the certificate type was changed from mono-server (one certificate, one registration) to Wide, that is, a certificate that gives protection to all servers through a single point of renewal.

This led to a switch from 128 to fewer than 20 addresses, with significant savings in terms of yearly https certificate costs. In addition, reliability and the level of security have increased significantly. Moreover, high levels of satisfaction have been achieved from the companies that use the services and ask for their “customization”, in addition to the guarantee of unlimited scalability. Thanks to this solution, the client now views increases in the number of users with complete peace of mind.

In addition, in an essential business continuity logic, the equipment is now redundant, with consolidation of IP addresses and certificates, thus ensuring the continuity of business services from a disaster recovery perspective. Lutech’s design approach has also made it possible to achieve ambitious goals in aggressive implementation times, thanks to precise analysis phases and a streamlined and effective feasibility study (POC).

In conclusion, F5’s high level of integration with the other solutions in the client’s infrastructure and web applications ensures a more protected future for them in supporting growth, and has already freed up resources for other project areas such as, for example, the “social enterprise” accessible in cloud service mode.