Medical Evidence & Image Exchange Network
Cloud-based Patching Transformation
Transforming an inefficient patching solution of siloed stacks inside three different facilities into a coherent, centrally managed, cloud-based patching service using the best practice methodology for security, connectivity on the GCP platform.
A late-stage high-tech start-up with 125 full-time staff has asked PTS to implement an effective patch management solution for its IT estate spanning production datacentre in Boston, MA; Corporate office environment in Boston, MA and a newly deployed DR environment in GCP. The company did not have an effective patch management solution in their corporate environment for 350+ Debian Linux VMs. Windows patch process was implemented via and DC AD policy for all Domain joined systems. Production datacentre in Boston, MA relied on manual patching of 150+ production Debian virtual servers running on ESXi and approximately 20 Windows-bases virtual servers used for IT operations. In 2019 the company has deployed a significant amount of DR and production capacity on the Google Cloud Platform in the US-East4 region.
- Reviewed the existing connectivity topology between the three geo-locations. It consisted of the traditional classic VPN connectivity options to the corporate and production datacentres and console access to all assets deployed in the GCP. Access to GCP assets was controlled via IAM Integration with Gsuite.
- Reviewed existing firewall capabilities in all three geo-locations. These included network design, VLAN architecture in production and corporate datacentres as well as the network topology of the GCP organizational structure which included several projects and a mix of shared VPCs and isolated VPCs.
- Proposed the implementation of a centrally managed patching server located in the GCP. After careful considerations of customer requirements around capabilities and solution cost budget PTS recommended Patch Manager Plus as their choice for the solution vendor.
- Deployed Patch Manager Plus instance in a separate GCP project in the customer’s organization.
- Worked with the Lumen managed firewall team to configure site-to-site VPN connectivity between the Cyxtera Production facility and the GCP Patch Manager Plus project.
- Worked with the customer IT team to configure site-to-site VPN connectivity to the corporate datacentre’s assets via Dell Sonicwall NSA Firewall.
- Verified successful connectivity between the new Patch server and all target systems in three geo locations and assisted in deploying the Patch manager agents on all systems in the project scope.
Successful implementation of the central cloud-based patching management has provided the customer with several key benefits:
- Single pane of glass for the up-to-date state of compliance for resources spanned across all three geo-locations.
- Successful adoption of an all-cloud patching solution capable of addressing remediation and compliance of systems of a hybrid cloud environment spanning three separate geo-locations.
- Leveraging differentiating hybrid connectivity features of the GCP platform for site-to-site VPN connectivity allowed the creation of the cost-effective design. Build-in GCP capabilities do not require running special compute instances or additional appliances on the cloud and therefore do not accrue additional associated costs.
- Implementation of a key lifecycle management component in the cloud became an important measurable achievement on the road to a successful transformation of becoming an all-cloud digital estate.