US Biotech Giant Improves Security Posture for Remote Work

Client Information

A leading U.S.-based life sciences company that specializes in providing instrumentation, equipment, software, services, and consumables to the healthcare, pharmaceutical, and biotechnology sectors.

Get a Copy of our Case Study Now!

IT Background

This customer is a firm that has multiple internal public key infrastructures (PKIs) for issuing certificates. The organization also has both on- and off-network client computers that required regular system updates and patches. This is a critical infrastructure security, especially for supporting increased remote work scenarios used during the COVID-19 pandemic.

Microsoft System Center Configuration Manager (SCCM) performs the patch and software deployments. SCCM requires machine certificates to authenticate and establish connectivity with the hosts.

Machine-identity certificates used for application security purposes are issued to client computers, services, and servers. This PKI system required extensive management, particularly the acquisition, enrollment, and management of certificates.

Primary Business Challenges

The IT team sought an abstraction tool that could achieve the following objectives:

Uniform Certificate Auto-Enrollment: While computers connected to Active Directory can leverage the Group Policy-based Windows Auto-Enrollment feature, those without regular connectivity to Active Directory cannot; hence, there was no way to enroll certificates on these devices. SCCM could not function because it requires certificates to authenticate.

Furthermore, certificates had to be renewed, enrolled, and installed on their respective clients periodically, and new computers were continually onboarded onto the network. This necessitated use of a tool that could standardize enrollment and connect to computers primarily running off-network.

Inventory and Reporting: Frequent acquisitions, ad-hoc deployments, and use of multiple certificate authorities and vendors posed a challenge for obtaining a comprehensive overview of certificates and their respective endpoints. This leading life sciences company identified the need for a centralized inventory for certificates deployed across the network. The company also wanted a transparent view of the certificate infrastructure.

Delivering a solution with AppViewX

After careful analysis, the AppViewX team crafted a solution for each of the aformentioned challenges. By helping implement an EST-based enrollment agent and a full-cycle certificate management suite, the solution met all objectives and delivered rapid results, which are detailed below.

Standardized Auto-Enrollment: An agent leveraging the EST protocol for certificate enrollment was deployed. It enabled AppViewX to act as an EST server, thus automating the enrollment and provisioning process. This also established a standard means of enrolling certificates across all machines, where AppViewX acted as a single, uniform interface for auto-enrollment. This enabled smooth patch and software management on SCCM client computers. Furthermore, new certificates were configured automatically on the end devices without human intervention. This particular use case was a distribut- ed, multi-node deployment across multiple Amazon Web Services data centers across the U.S. and Europe.

Controlled Access to PKI: To preserve PKI confidentiality and integrity, a role-based access control system was enforced across the network. It restricted access to infrastructure components, and, when necessary, provisioned them on an ad hoc basis. AppViewX’s audit trail feature also helped in this regard.

Full-cycle visibility, management, and automation: AppViewX’s environment scanning and inventory consolidation tool helped IT Operations build comprehensive inventories of certificates on file, complete with endpoint maps, statuses, and cryptographic details. AppViewX’s workflow automation capabilities enabled automation of certificate request/renewal processes while its reporting capabilities provided clear visibility into critical details such as validity. This increased visibility and control help prevent outages and contributed toward upholding organization-wide business continuity.

Tags

  • certificate lifecycle management
  • Certificate Management
  • PKI
  • PKI management
  • SSL Certificate Lifecycle Management

The Power of Self-Serviceable Automation

Tags

  • Network Automation
  • Network Infrastructure Automation
  • Network Infrastructure Management

Fortune 500 Health Insurance Provider Makes ADC Infrastructure Agile with AppViewX

Client Information

The customer is one of the largest providers of health insurance in the United States and is a Fortune 500 company. The customer uses F5’s ADCs to manage their applications.

Get a Copy of our Case Study Now!

Business Objectives

With a rapidly-growing customer base of well over 50 million and thousands of internal and public-facing applications, the company’s IT infrastructure team was a perpetually harrowed one. The demand on the infrastructure was rising faster than what the team could cope up with, and despite having one of the most powerful ADC infrastructures supporting their applications, the team found its core processes to be painfully manual, slow, and inefficient. Their existing ADC management software couldn’t scale up to meet the demand, and the team realized the immediate need for a more comprehensive, scalable, automated solution that could catapult them into the digital world.

Key Technical Objectives

  • To reduce troubleshooting time by minimizing human intervention
  • To streamline ADC configuration management
  • To automate LTM provisioning and Virtual IP lifecycle management
  • To empower application and security teams with self-servicing capabilities

Business Challenges

The network and application teams were plagued by siloed, manual processes that prevented them from harnessing the full potential of their F5 ADC infrastructure.

  • Every change request had to go through the network team, resulting in a long queue of tickets and subsequent service delays
  • Application teams had to wait long hours even for a simple enable/disable operation, which again had to be done manually and was therefore added to the queue.
  • Backup, rollback, migration, and provisioning of device configurations were all manual and error-prone – it took up to 2 days to provision an LTM instance.
  • Software upgrades were manual and risky – the team had neither the technology nor the bandwidth to run adequate validation checks, causing production outages.
  • Incident management was a highly specialized, subjective affair – only skilled network engineers could diagnose and remediate issues. They were therefore called upon at all hours in the night – 2 AM, 3AM, etc. – in the event of an incident.
  • Most company-wide IT processes such as auditing and policy management were siloed and disconnected, requiring repeated calls to several teams to get them done.

Solutions Delivered

The closed-loop, context-driven network orchestration solution by AppViewX helped automate and stitch together fragmented processes, make the ADC infrastructure agile, and enable application owners to self-service application-centric changes to the ADCs.

Self-Servicing

Network engineers could create workflows with low-code for application-centric tasks – such as application enable/disable for rerouting traffic or spinning up virtual instances for testing – and share them with application owners using role-based access controls. Application teams could self-service these tasks without relying on network teams, leading to a significant drop in tickets.

Configuration Migrations

AppViewX fully automated the migration of configurations across devices. The Application Provisioning System (APS) module of the ADC+ solution generated templates of existing device configurations that could be updated with the required variables and automatically pushed to the new devices after the necessary checks (also automated). APS also supports bulk migrations this way, eliminating the need to type out configurations from scratch. These templates could also be self-serviced by the application teams, further saving time and effort.

Version Upgrades

Software version upgrades, too, could be easily accomplished with the APS templates. Configurations could be migrated to a new/unused instance where the upgrade could be applied and tested, and finally brought to production. AppViewX automated the whole gamut of pre- and post-validation checks, ensuring zero possibility of outages and other service disruptions.

Backup and Restore

AppViewX enabled engineers to take on-demand or scheduled backups of device configurations and attributes and store them in a centralized repository. It also facilitated easy rollbacks to the last working configuration in case of failure during migration.

VIP/WIP Lifecycle Management

It automated the lifecycle of VIP/WIP management on BIG-IP LTM and DNS – from creation, modification, deletion, and decommissioning. AppViewX integrates with IPAM solutions like Infoblox to reserve and fetch free IPs and maps them to the virtual server(s). It also automated the approval and validation processes involved in creating virtual IPs.

Incident management

It provided high visibility into the ADC environment and enabled network engineers to quickly detect issues and apply appropriate troubleshooting workflows. Integrations with change management tools such as ServiceNow streamlined incident management, drastically reducing MTTR and bringing down application outages.

Cross-Team Collaboration

The platform’s integration with ChatOps solutions like Slack enabled stakeholders to get
notified along every step of the automation process and also collaborate effectively with one
another for cross-functional tasks.

Business Benefits

  • 99% reduction in provisioning times for new devices/instances – the same LTM instance could now be provisioned in under half an hour.
  • 90% reduction in ADC change requests, with application teams self-servicing most of them.
  • 70% reduction in time taken for software upgrades.
  • An infinitely agile F5 ADC Infrastructure, High application availability with almost zero outages

Tags

  • ADC Mangement
  • Network Automation
  • Network Infrastructure Automation
  • Network Infrastructure Management

A Multinational BFSI Company Provisions More Than 600 Devices With AppViewX

Client Information

The customer is a multinational banking and financial services company headquartered in the UK.

Get a Copy of our Case Study Now!

Objective

To enable provisioning of over 600 switches into the infrastructure on an ad-hoc basis. The need for provisioning the switches is two-fold:

  • To replace the old switches that were nearing their EOL(End of Life)
  • To support the company’s expanding operations in new regions across the globe

They had to provision 4 types of Cisco Nexus switches – ISR, ASR, CAT9k, and Nx-OS.

Business Challenges

In the process of tightening their network-level security structure, the firm discovered the weak link in their PKI – the manual management of certificates via spreadsheets, which resulted in an onslaught of problems, including but not limited to:

  • Tedious, error-prone, iterative steps for implementing configurations on over 600 devices, with each of the 4 types having a different configuration
  • Need for expert technical guidance
  • Intensive collaboration between teams
  • Multiple-levels of approval
  • Need to ensure policy compliance for all 600 devices

Solutions Delivered

AppViewX enabled network engineers to automate the provisioning process for the 600+ switches and routers from start to finish.

  • AppViewX’s modularity enabled the devices’ golden configuration to be kept separate from the business logic. This removed the need for modifying the device configuration code every time a logical change had to be executed.
  • The bank’s mandatory AIG (Application Installation Guide) was made available on-demand to help create the provisioning workflow and guide the engineers through the process of on-boarding the devices into the bank’s network infrastructure.
  • The need for extensive technical support was removed with the user-friendly visual workflow builder. The visual workflows helped automate the manual processes involved in provisioning and dramatically brought down errors and implementation times.
  • The platform’s built-in integration with their existing ITSM solution enabled the usually time-consuming change management process to be fully automated
  • Robotic Process Automation in AppViewX automated device information template generation and change creation for all switches, which could then be updated in the various management platforms by the respective teams (self-service)
  • AppViewX provided both maker-checker approval and auto-approval models for device configuration validation
  • Engineers could reuse the workflows for configuring the remaining devices ad-hoc instead of spending hours starting from scratch.
  • Teams could get notified along every stage of the process through emails and chat channels. The change reports could also be downloaded as PDFs.
  • Engineers could perform pre- and post-implementation validations to make sure the devices configured were in compliance with company policies, and the overall health of the network was maintained after the change

Tags

  • F5 Automation
  • Network Automation
  • Network Infrastructure Automation
  • Network Infrastructure Management

American Mortgage Giant Eradicates Network Downtime

Client Information

A veteran in the home loan and consumer refinance product space, this customer has been in the business since 1995. Catering to consumers and institutional partners in the United States, the organization generates an annual revenue of over $800 Million.

Get a Copy of our Case Study Now!

Business Challenges

In the process of tightening their network-level security structure, the firm discovered the weak link in their PKI – the manual management of certificates via spreadsheets, which resulted in an onslaught of problems, including but not limited to:

Challenge #1:

The usage of spreadsheets to track TLS certificate expirations and renewals was an inefficient, manual method which led to frequent outages and downtime caused by the aforementioned expirations.

Consequence: Anomalous effects often follow system downtime – apart from internal inconveniences, outages of customer-facing systems are responsible for loss of business, customer trust, and more often than not, legal fines.

Challenge #2:

The establishment of a hybrid, diversified infrastructure with no real visibility into its workings.

Consequence: A lack of system transparency is synonymous with mismanagement – cluttered arrangements are layered upon each other, addling the system with unwanted complexity. For instance, tasks such as renewals of certificate chains become next to impossible, due to an inability to conveniently locate and document the associated keys.

Challenge #3:

The lack of a centralized system to manage certificates across multiple environments and endpoints.

Consequence: Considering the application used by an organization of this scale, it was bound to have thousands of certificates across environments. Manual management resulted in the credentials for each certificate being scattered across the various documentation methods, making certificate-related operations like renewals and revocations time-consuming, and in some cases, impossible, or at least error-prone.

Solutions Delivered

AppViewX CERT+ acted as a single point of control for the entire firm’s network-related processes – from certificate lifecycle automation to vendor integrations for network devices. Here are the highlights:

  • Our single-window capabilities for detection, renewal, and revocation helped centralize certificate lifecycle management, permitting documentation and grouping of certificates in a single, searchable repository
  • AppViewX’s holistic view functionality provided complete visibility into the PKI associated with every environment or endpoint, permitting effortless, error-free management.
  • Automated renewals, graphical reporting, and reminders eliminated certificate expirations, which, in turn, resulted in outages and application downtimes being nearly nullified.
  • The firm leveraged out-of-the-box vendor integration capabilities to automate network tasks across CAs (Entrust, GoDaddy etc.) and endpoints (Windows Server, F5, Citrix Netscalers, AWS etc.)

Granular role-based access allowed central PKI teams to delegate and self-service tasks such as certificate creation, revocation, and deletion.

Tags

  • Network Automation
  • Network Infrastructure Automation
  • Network Infrastructure Management

Global 2000 Bank Eliminates Certificate-related Outages

Client Information

A multinational bank with operations in 70+ countries across geographies, this customer is a seasoned player in the BFSI domain. Offering a diverse range of consumer, corporate, and institutional financial services to clients, the organization generates over $15 Billion of revenue annually.

Get a Copy of our Case Study Now!

Business Challenges

The network security teams across the firm’s global offices faced several PKI-related issues in their day-to-day operations:

Challenge #1:

The issue of paramount importance was the outages caused by expiring certificates, which, in turn, were triggered by less-than-ideal methods of certificate monitoring and management.

Consequence: System downtime often results in unprecedented ramifications – the internal inconvenience notwithstanding, outages of customer-facing systems are responsible for loss of business, customer trust, and more often than not, legal fines.

Challenge #2:

Rogue certificates were responsible for obvious compliance and security issues, resulting in unnecessary effort expended on remediation.

Consequence: The direct outcome of these issues is twofold: the possibility of regulatory
fines aside, exposure to risk of data theft is a huge cause of concern.

Challenge #3:

The PKI team was scattered across geographies, complicating cross-functional certificate management.

Consequence: Manually managing certificate infrastructures is a tedious exercise as is, and the existence of a geographical component only served to complicated it further, increasing the probability of human error plaguing the system.

Solutions Delivered

AppViewX CERT+ automated the entire certificate management process within the customer’s network. Here are the highlights:

  • Our single-window capabilities for detection, renewal, and revocation helped centralize certificate lifecycle management, permitting seamless collaboration between teams split across geographies
  • Implementing full-cycle certificate management and automation eliminated the possibility of human error across the board.
  • AppViewX’s integration with EJBCA (a widely-used CA) was a major draw, greatly simplifying the renewal/provisioning routine.
  • Our automation workflows and policy definition capabilities ensured that the customer remained compliant
  • The solution resulted in significantly lower network outages, security risks, and other miscellaneous vulnerabilities.

Tags

  • Certificate expiry
  • Certificate Lifecycle Automation
  • certificate lifecycle management
  • Certificate Outage

US State Government Reduces Certificate Deployment Time by 90%

Client Information

The customer is a state government in the Midwestern US that operates more than 700 online applications to extend a variety of services to its citizens, from seeking job opportunities to filing business taxes.

Get a Copy of our Case Study Now!

Business Challenges

  • The state government has deployed more than 700 applications on more than 3000 devices, including Citrix NetScaler ADCs, web servers, and other services. The 3000 certificates residing on these devices were being managed manually in a spreadsheet.
  • The state government had a dedicated, four-person certificate management team with access to multiple vendor portals and tracking certificates in its spreadsheets. The team had to handle certificate requests from more than 20 application teams, and the requests often got delayed.
  • The certificates protecting access to the applications were procured from two different vendors, Entrust and Symantec. The teams had to juggle between vendor portals for their certificate-related needs and did not have centralized visibility.
  • The poor visibility that resulted from teams working in silos made it difficult for the application teams to request and deploy a certificate within 8 hours. This, in turn, delayed application delivery.

Solutions Delivered

  • The AppViewX platform automated end-to-end management of the certificates, which helped the state government achieve much-needed application-level visibility into its certificate management.
  • Using a single application, the team can procure certificates from any vendor of its choice based on need, without introducing any additional complexity into the certificate management process.
  • The platform made it easier for the application teams to generate and manage their own certificates through a simple, easy-to-use user interface. This reduced delays in certificate procurement by eliminating unnecessary dependencies on intermediary teams without compromising necessary workflows.
  • Through granular, role-based access controls, certificates can now be created and deployed within an hour without skimping on necessary security measures. This reduced certificate deployment time by 90 percent.
  • Various reports on certificate expiration and certificate validation (based on enforced security policies) can be scheduled through SNMP traps or email alerts to prevent the potential for sudden downtime due to unforeseen certificate invalidities.

Tags

  • Certificate Lifecycle Automation
  • certificate lifecycle management

Largest US Telecommunication Company Builds Agile ADC Infrastructure

Client Information

One of the largest cable and internet providers in the world chose AppViewX help them meet their NetOps service delivery goals. This company’s portfolio of network and IT products and services is strategically designed to ensure availability of core business applications.

Get a Copy of our Case Study Now!

Business Challenges

With hundreds of multi-vendor devices spread across distributed data centers, this client’s network team faces numerous challenges when it comes to building an agile infrastructure that guarantees application uptime. They needed a solution that provides visibility to their application delivery infrastructure and enables self-servicing for the NetOps team.

  • With ADC changes happening all the time, the network team must schedule regular backups. However, their manual approach is extremely error-prone, leaving room for costly outages and downtime. Performing backups is as challenging as processing a critical service request
  • During any application outage, the network team must scramble to identify the affected virtual server to trace a new route for the application. Without complete network visibility, companies like these are prone to costly application downtime they can’t afford
  • Without a centralized approach, the client’s application team was finding it difficult to track device usage and plan for new demands

They ultimately turned to AppViewX for its advanced ADC management and automation capabilities.

Solutions Delivered

Automation of frequent backup and restore requests

AppViewX’s Application Delivery Automation solution enables the automation of backups. This client’s network team leveraged the platform’s scheduling capabilities and automated what were previously manual backups, saving their network teams significant time and effort.

Application-centric visibility using Control Center topology view

The Control Center topology view gives teams, visibility into the heterogeneous application infrastructure which allows them to troubleshoot application-related issues and outages faster.

Advanced reporting for capacity planning

The network team grouped all the devices into multiple data center groups and analyzed the health of the device using AppViewX’s Application Delivery Automation solution advanced reporting capabilities. They leveraged CPU and bandwidth utilization data to enable efficient capacity planning on the ADCs.

Business Benefits

  • The comprehensive topology view offered by AppViewX resulted in faster troubleshooting times and, more critically, reduced application downtime
  • Using AppViewX, diagnosing outages was simple, and tracing outages took minutes, not hours
  • The ability to receive real-time application state and status reduced operational cost

Tags

  • ADC management
  • Network Automation
  • Network Infrastructure Automation
  • Network Infrastructure Management

Leading Automotive Company Automates ADC Deployments

Client Information

The customer is one of North America’s largest and most diversified providers of automotive products and services, including vehicle distribution, processing, finance and insurance, retail vehicle sales, and dealer technology services.

Get a Copy of our Case Study Now!

Business Challenges

As one of the largest companies in the automotive industry, the company’s IT infrastructure is critical to its business. The company operates 11 F5 application delivery controllers (ADC) for load balancing 100+ applications, which include customer-facing as well as internal applications. The company has a team of 120 engineers working around the clock to ensure application availability.

  • Ensuring that application services are delivered with the highest standards required submitting a large number of tickets to the engineering teams
  • There was no standard workflow to create VIPs and wide IPs, and every time the application team submitted a request, the network engineering team had to perform the tasks manually, which was time-consuming and prone to errors. The absence of an agile infrastructure was slowing down the ADC deployment process, impacting delivery
  • The turnaround time for a change request was too long and delayed time to market

The company needed a single console that would allow it to manage its dynamic ADC infrastructure efficiently.

Solutions Delivered

Self-service templates

The application and network engineering teams sought solutions to address their business challenges. With the AppViewX platform, the network engineering team can build custom, self-service templates to handle most of the requests to create, modify, and delete VIPs and wide IPs. The configurations are hardcoded in the template and are tested and verified by the senior network engineering team. The biggest advantages are that they do not have to go through the process of typing the entire configuration from scratch and the code is reusable.

Standard workflow

The platform provides a standardized workflow system for faster and more efficient deployments. Once a request is created, a work order is initiated and goes through an automated approval process. The template is designed and verified by the senior network engineering team with necessary validation checks.

Automated ADC deployments

The company’s application owners are given privileges to provision their applications, while the network engineering teams have the administrative control over the devices. Using the Application Provisioning System (APS), a subsystem of AppViewX, application owners can provision their applications by filling out a simple form created by the network engineering team. With this automation, virtual servers can be spun up seamlessly in a matter of minutes.

Business Benefits

  • The automated workflows offered by AppViewX have resulted in a quicker implementation cycle and, more critically, reduced the number of manual configuration errors
  • The ability to provision applications using simple forms has enabled the application teams to deliver applications faster
  • The fulfillment of change requests has been optimized, and fulfillment time has been reduced from weeks to days and from days to minutes

Tags

  • ADC management
  • Network Automation
  • Network Infrastructure Automation
  • Network Infrastructure Management

Leading Biotechnology Company Migrates F5 BIG-IP Configurations in Minutes

Client Information

The client is a biotechnology product development company serving more than 350,000 clients at pharmaceutical and biotech companies, hospitals and clinical diagnostic labs, universities, research institutions, and government agencies. It acquired a new biotech corporation to become a leading company in the genetic testing and precision laboratory equipment markets.

Get a Copy of our Case Study Now!

Business Challenges

The company has been expanding on a large scale, and the new acquisition created a need for an automation solution to address below business challenges.

  • The consolidation required the migration of device configurations from the acquired entity’s data center (A) to the existing data center (B)
  • The company had to migrate 700+ applications that were load-balanced in data center A to data center B
  • The client anticipated that the configuration migration process would be manual, which would be slow and potentially error-prone
  • The cost estimates for manual migration were high and required additional highly skilled resources. Defining, planning, and implementing the migration of major applications is difficult with a manual process. The anticipated process would be arduous and complex and would have resulted in delays

Solutions Delivered

The company’s network engineer used the Application Provisioning System (APS) module of AppViewX’s Application Delivery Automation solution to create several self-service templates to automate the various steps involved in data center migration. The templates were created by architects using defined standards.

  • The Application Delivery Automation solution generated a configuration report for F5 devices with complete details of the associated IPs in data center A that had to be migrated to data center B
  • By integrating with SolarWinds, the APS module got free IPs to create new VIPs in the new data center B
  • APS paved the way to configuration agility, where users can automate modification of existing VIPs, clone an existing VIP with varying parameters, and perform post-validation checks and other configuration changes in data center B to meet business demands
  • The client gained the flexibility to migrate individual virtual servers or, in some instances, to perform a bulk migration

Business Benefits

  • The time it took to migrate 125 virtual servers associated with the company’s most critical business application was reduced from two days to 15 minutes, drastically reducing downtime
  • Per-application configuration migration time has been reduced from 30 minutes to 5 minutes
  • With no more manual migrations, the project was completed with existing team, resulting in significant cost savings

Tags

  • F5 BIG-IP
  • Network Automation
  • Network Infrastructure Automation
  • Network Infrastructure Management