IT Operations Management (ITOM)
cancel

How one capital markets firm automates user access security, alerts and server builds

How one capital markets firm automates user access security, alerts and server builds

NimishShelat

Server Automation.jpgEditor’s note: This article is part of an ongoing series about actual Automation and Cloud Management customer use cases.

 

When a company provides critical infrastructure for global financial trading activity and processes trillions of dollars of securities transactions on a daily basis, it almost goes without saying that automation plays a critical role in everything it does. One HP Software customer takes particular pride in leveraging automation to new heights.

 

Here are a few use cases that will benefit us all.

 

 

  1. User Access Security Model

 

How does one reduce the number of users with access to production UNIX/Linux servers? How can we reduce the administrative overhead in management of user accounts and yet provide detailed accurate logs and audit trails?

This customer devised a solution using HP Server Automation (SA). Device groups were created in SA to reflect different application types and activity functions. And, new user groups were tied to respective device groups to allow for the segregation of privileges. Within each user group, permissions were granted for the device groups they had access to. Privileged users were also given remote terminal access.

The permissions were then associated with a specific service account created and propagated on all UNIX/Linux servers. System Admin accounts were created in AD and imported into an Access Manager. Admins would then log into the Access Manager, checkout their account password and log into HP SA with those credentials. Finally, system admins were granted access to all managed server with terminal access.

 

The result: system admins can see all servers and connect as root, but are never prompted for the password—and do not know it. Meanwhile, developers can browse the file system for their servers and even copy files down to their shares regardless of any firewalls in between. Developers with terminal access can get on command line as service account for which they do not know the password. All command line activity from within Server Automation is keystroke logged under the user AD login, not the backend service account that is used to grant privileges.

 

  1. Alert Automation

 

How does one reduce the amount of work hours needed to respond to and close out most common alerts? The automated solution to accomplish this required integrating HP Operations Orchestration (OO) with other tools in the environment.

 

The following alert types were targeted first:

  • Agent Alerts — 15 minutes
  • Node Down Alerts — 10 minutes
  • Backup Failure Alerts — 45 minutes
  • Disk space alerts — 15 minutes

 

The average MTTR for these incidents was 44 hours.

With automation, alerts were fully resolved in just six minutes. In the space of five months, the customer calculated incredible savings of 750 hours. Besides the obvious reduction in MTTR (44 hours to 6 minutes), they also have decreased human error and need for re-work, and now the OO integration can be used by other initiatives. They achieved a 30 percent reduction in manual labor for alerts that are in scope.

 

  1. Server Build Automation

 

Is your server build process too complex and time consuming? This customer automated tasks to create a single server build service for Windows and Linux. They sought to improve stability by reducing human error and promote a standard/consistent environment. Of course, they also anticipated substantially improved time-to-delivery and support cost transparency efforts.

 

They identified the following opportunities in the Server Build workstream:

  • Connectivity standardization for monitoring/compliance tools
  • Automate QIP/DNS IP provisioning and management for servers
  • Automated Validation process for Server Readiness
  • Streamline Windows/Linux Server Provisioning process
  • Middleware (WAS/IIS) and Database (Oracle) Deployment Automation
  • Automated VM creation

The customer has been able to reduce server deployment from 65 days to five days, while decreasing human error and re-work, and increasing consistency and cost transparency.

 

What’s next

 

Of course, they’re not stopping there! They have plans to expand to the full offering of server types and implement security controls on content for submission request. They are also evaluating server decommissioning automation. They hope to provide an option to build entire environments, not just individual servers, and add test/PoC environments for server provisioning automation.

 

It’s inspiring to see customers so excited about where they can take automation next. In an industry that both thrives and relies on automation to ensure the free flow of capital in the financial markets, it only makes sense to apply those same principles to the IT infrastructure that supports it.

 

 

Learn more

Read more about HP Operations Orchestration and HP Server Automation

 

Read the other blogs in this series:

  • infrastructure management
About the Author

NimishShelat

Nimish Shelat is currently focused on Datacenter Automation and IT Process Automation solutions. Shelat strives to help customers, traditional IT and Cloud based IT, transform to Service Centric model. The scope of these solutions spans across server, network, database and middleware infrastructure. The solutions are optimized for tasks like provisioning, patching, compliance, remediation and processes like Self-healing Incidence Remediation and Rapid Service Fulfilment, Change Management and Disaster Recovery. Shelat has 23 years of experience in IT, 20 of these have been at HP spanning across networking, printing , storage and enterprise software businesses. Prior to his current role as a Manager of Product Marketing and Technical Marketing, Shelat has held positions as Software Sales Specialist, Product Manager, Business Strategist, Project Manager and Programmer Analyst. Shelat has a B.S in Computer Science. He has earned his MBA from University of California, Davis with a focus on Marketing and Finance.

Comments
N/A

 Interesting use cases. These are applicable in most insdutries and customer scenarios. Thanks for shaing these.

Jarel Hanson
N/A

Grear read.