NTS CAPTAIN / OpenNebula at Julius Blum GmbH

•

1 like•375 views

A quick overview of a typical NTS CAPTAIN project at customer side covering the deepness of integration - and the ability to integrate of OpenNebula

Software

About Blum
Our Infrastructure
NTS Captain/OpenNebula at Blum
Examples
Next steps
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 2

About Blum
Our Infrastructure
NTS Captain/OpenNebula at Blum
Examples
Next steps
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 3

▪ 7983 Employees worldwide
▪ 6037 Employees Austria
▪ 8 Plants in Vorarlberg, others in Poland, USA and Brasil
▪ 31 Subsidiaries
▪ 258 Employees in IS
▪ 17 Employees in Infrastructure
▪ 8 Employees in Datacenter Team (Cabling, Network, Storage, Phys./ Virt. Hardware, Printing, Backup)
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 4

About Blum
Our Infrastructure
NTS Captain/OpenNebula at Blum
Examples
Next steps
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 5

▪ 89 VMware Hosts in 23 Clusters
▪ 1526 VMs
▪ 514.63 TB VMWare Storage (Tier1 + Tier0)
▪ 17 Templates ( + 4 Opennebula)
▪ ~ 10% Linux, ~ 90% Windows
▪ ~ 400 VMs using the same template (Z-Point)
▪ Netbox as central IPAM/DCIM Tool
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 6

About Blum
Our infrastructure
NTS Captain/OpenNebula at Blum
Examples
Next steps
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 7

Why NTS Captain?
▪ “Selfservice” for Users
▪ Automatisation of the processes (work in Progress)
▪ All Machines “the same” – creating Standards
▪ Less work for Infrastructure-Department
▪ Faster deployment of new VMs
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 8

What did we wanted to automate?
▪ Automatic deployment of VM (VCenter Folder, VLAN)
▪ Automatic AD Domain Join (incl. Description in AD Account)
▪ Automatic sync for IP Adresses with IPAM Tool
▪ Automatic creation of Hosts in ASG RemoteViewer
▪ SCOM -> Automatic mapping of Supportgroups
▪ Windows Updateschedule automatically assigned in SCCM
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 9

What happens exactly?
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 10
VM
created via
GUI

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 11

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 12

What happens exactly?
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 13
VM
created via
GUI
Hook for
IPAM

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 14

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 15

What happens exactly?
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 16
VM
created via
GUI
Hook for
IPAM
Hook for
new VM

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 17

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 18
SCCM Windows Update Schedule

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 19
ASG RemoteViewer

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 20

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 21
PowerShell Registryentry for Monitoring
Description for VM in AD Account

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 22

What happens exactly?
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 23
VM
created via
GUI
Hook for
IPAM
Hook for
new VM
Context.
Windows

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 24
Contextualisation

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 25

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 26

What happens exactly?
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 27
VM
created via
GUI
Hook for
IPAM
Hook for
new VM
Context.
Windows
LAPS

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 28

How we build our templates
1. Install Windows
2. Install LAPS (LAPS -> Local Admin Password Solution)
3. Install Onecontext MSI
4. Sysprep
5. Convert VM to Template
6. Import Image in OpenNebula
7. Clone without Images
8. Copy Context-Script
9. Define Context-variables
10.Define Network
11.Done (Duration approx. 10 Minutes)
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 30

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 31

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 32

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 33

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 34

Summary
▪ New Templates really easy to create and customise
▪ Shorter time to fullfill requests (from ~ 2 Days down to ~ 2 Minutes)
▪ Less work for Infrastructure-Department
▪ More satisfied Customers (Who loves to wait for a VM?)
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 35

ExampleZ-Point
(ControlPC for our productionlines)
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 37

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 38

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 39

Example W2Kxx Standard VM
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 40

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 41

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 42

About Blum
Our infrastructure
NTS Captain/OpenNebula at Blum
Examples
Next steps
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 43

02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 44
What’s next?
▪ Integration with MS Orchestrator for Ticketsystem and automation of AD Tasks
▪ Onboarding and templates for further Departments (BBA/Web/AppServer + SAP)
▪ Azure Deployment (Resource Model, not Classic VM)

Questions?
02.10.2019 | © Copyright by Blum | Name | Vertraulich/Confidential 45

NTS CAPTAIN / OpenNebula at Julius Blum GmbH

Project management in the digital age is done best with collaborative tools that handle user, task, and time management. In the engineering world, a pool of IDE (Integrated Development Environment) applications has distinguished itself as the perfect choice for increasing performance, optimizing programming processes, creating simulation diagrams, and training workforces. One of the more notable solutions is Siemens Totally Integrated Automation Portal (TIA Portal®), a platform that is appreciated the world over for programming Siemens PLC (Programmable Logic Controller) and HMI (Human Machine Interface). Given the considerable value invested in each of these projects, both in terms of time spent and intellectual property generated, guarding the IP with even stronger protections than usual is paramount. To protect the resources, you need to start by assigning clear roles to all the actors involved. That’s how CodeMeter Keyring Password Manager and CodeMeter Keyring for TIA Portal Password Provider came to be. CodeMeter License Central, the cloud and database-derived module for license lifecycle management, becomes the gateway between CodeMeter Keyring Password Manager, the tool for user, password, and entitlement management, and CodeMeter Keyring for TIA Portal Password Provider, the component that interfaces the CodeMeter technology with the TIA Portal. Engineers using Siemens TIA Portal can thus assign clear roles to their team members, protect the IP of their projects, and control users’ access to their invaluable resources with a hardware-based (CmDongle) solution. In this presentation, we zero in on: Examples of content that requires protection in the context of Industry 4.0 Goals you should be pursuing when considering a workable IP protection solution Hardware vs software-based IP protection technologies Tackling rights and entitlement management in an efficient way Techniques to control logical access to sensitive data Other CodeMeter-based content management solutions, like those for CODESYS and Rockwell Automation Studio 5000 Logix Designer Watch the webinar: https://youtu.be/qPD3_0yC5gw

The fastest way to protect your know-how

team-WIBU

Should I sue or should I encrypt? This question remains fiercely debated to this day whenever people discuss how to protect the intellectual property. The first option is the cure you can apply after you have fallen prey to piracy or reverse engineering, the latter a preventative choice that can help you stay safe from cyber attacks to your know-how. Together, they safeguard your IP comprehensively from a technical and legal perspective. Intellectual property can come in all shapes and sizes, spanning from algorithms mapped in software to sensitive documents or data made available to service technicians for their maintenance work. From a technical standpoint, the arsenal of protections can include logical access controls, authenticity verification, obfuscation, and encryption methods - all options to be weighed and considered with an eye on the actual type of the IP to be shielded and the nature of the threat that IP is exposed to. With CodeMeter Protection Suite, Wibu-Systems provides a whole battery of IP protection tools that you can integrate quickly and easily into your software. These tools are tailored to suit the specificities of the development environments and target platforms used: AxProtector .NET protects applications and libraries created using the traditional .NET Framework or a .NET Standard 2.0 compliant framework AxProtector Java is specifically designed for Java SE and Java EE applications AxProtector and IxProtector protect native code developed e.g. with C / C++, Visual Basic, Delphi or FORTRAN for Windows, macOS, Linux, or Android platforms. The latest version of AxProtector .NET introduces high-speed cache, which reduces the overhead inherent in system protection, improves the security of the protected application, and increases compatibility with many .NET applications. The most recent iteration of AxProtector Java also supports Java 11 and 12 applications. The newest versions of AxProtector and IxProtector add a modality for IP protection alone, which allows applications and libraries to be protected without the need to use CodeMeter as a licensing system. This option is especially interesting for anyone who wants to distribute applications for free, who uses other systems to license applications, or who is currently in the midst of migrating to CodeMeter. Watch the webinar: https://youtu.be/w6JFfv-mAUM

MicroShed Testing

Andrew Guibert

Feeling Right at Home: Uniform Processes for Online and Offline Licenses

team-WIBU

As the CodeMeter technology expands to welcome CodeMeter Cloud and reaps all of the mobility benefits associated with making licenses available in the cloud, anytime, and from any device, software developers should feel at home: All workflows for creating, delivering, changing, and managing licenses stay the same, whether you choose hard, soft, or cloud license containers. You can mix and match them in a heterogeneous architecture. All you need is to choose whether you want your licenses offline on a computer, mobile on a dongle, or online in the cloud. Watch the webinar: https://youtu.be/cTzVSLo1XEI

Total control over your protection and licensing process

team-WIBU

CodeMeter provides different paths to strong protection and flexible licensing. With CodeMeter Core API, you are in control over every option in the process: you can create simple license queries that you can make available via a wrapper as company-wide standard libraries, manage licensing operations, implement tailored cryptographic functions, and customize queries for maximum security. Combine it with Wibu Universal Protection Interface and CodeMeter Protection Suite and you’ll have the perfect security setup. Watch the webinar: CodeMeter provides different paths to strong protection and flexible licensing. With CodeMeter Core API, you are in control over every option in the process: you can create simple license queries that you can make available via a wrapper as company-wide standard libraries, manage licensing operations, implement tailored cryptographic functions, and customize queries for maximum security. Combine it with Wibu Universal Protection Interface and CodeMeter Protection Suite and you’ll have the perfect security setup.

IoT connected doors: event-sourcing & micro-services at scale applied for tra...

confluent

Recap of de code 2019

Kyohei Mizumoto

The Challenges of Taking Open Source Cloud Foundry to Production

Fabian Keller

When committing to Cloud Foundry some companies make the strategic decision to take full ownership of platform deployment and operations and deploy open source Cloud Foundry to fully understand all moving parts. While open-source Cloud Foundry has gotten rather easy to delpoy with the cf-deployment project, there is still a lot of more to do in order to make an open-source deployment production ready. This talk will show the challenges we've gone through in taking open-source Cloud Foundry to production. We'll see what it takes to run and keep the platform up to date including various operational aspects such as monitoring, logging and backing up the platform. After the talk you'll have a better understanding of the effort it takes to run the open source distribution.

Die IBM Domino Domain Architektur lässt den problemlosen Mischbetrieb von lokalen IBM Domino Instanzen (on premises) und in der Cloud (Software-as-a-Service) zu. Die Realität aus Projekten zeigt, dass es viele Besonderheiten in der Konfiguration gibt. Daneben kommen die Integration von IBM Sametime und IBM Connections als weitere Punkte oftmals hinzu. Der Vortrag gibt einen Einstieg in das Thema für IBM Domino Anwenderunternehmen, die sich mit dem Thema aktuell beschäftigen.

IBM Connections - ein Update

Belsoft

Client Deployment of IBM Cloud Private (IBM #Think2019 #5964)

Michael Elder

As you plan for the adoption of Kubernetes in your datacenter, you’ll face several common questions. How much capacity will your clusters need? How should you manage the network security of the cluster? How do you expose services on the cluster to your existing network fabric? What are the tradeoffs to consider between different storage providers? What should you do for backup and disaster recovery scenarios? In this session, we’ll review several examples of client deployment architectures that will help you get started on your journey to a hybrid, multicloud architecture for your apps!

z/VM and OpenStack

OpenStack_Online

Customer centric delivery to the cloud

Thoughtworks

DevOps on AWS: A Practical Introduction

aledsage

Practical advice for getting started with DevOps on AWS. Begins with an introduction to DevOps. Then focuses on six areas: logging; game days; upgrades; continuous delivery pipelines; configuration as code; and stop logging into your VMs! This is an updated version of https://www.slideshare.net/aledsage/devops-on-aws-a-practical-introduction?qid=f22a4d24-eddf-4df3-a599-8a3caa551ad5&v=&b=&from_search=4

IBM Enterprise Social Solutions on Bluemix (XPages and Connections)

Niklas Heidloff

Client Deployment of IBM Cloud Private (Think 2019 Session 5964A)

Yong Feng

Lost Licenses - The Fine Balance of Trust

team-WIBU

It happens to all of us: doors falling shut behind us, car keys locked inside the car, or passwords used so rarely that they are long lost or forgotten. Software licenses are easy to lose, too, and it is good business practice for software developers to offer their users, already annoyed with themselves for losing the license, the least cumbersome means of regaining access to the software they rightfully own. At the same time, software publishers want to make sure that the licenses are indeed lost, and not being used to illicitly run multiple installations of their software. There is a fine line between giving your users the benefit of the doubt they deserve and opening your software-based business up to fraud and abuse. Wibu-Systems’ CodeMeter comes preloaded with a versatile repertoire of safeguards and mechanisms to ensure that lost licenses are just a brief inconvenience and neither a burden on users nor an open door to malicious actors for you. If you’re using CmCloudContainers, you can restore the users’ operations by providing a new credential file. If you have delivered your licenses in combination with CmDongles and a unit has gone missing, you are still protected: all devices come with a serial number and can be easily tracked and thus blacklisted. Similarly, broken and invalid licenses associated with CmActLicenses can be replaced in a new CmContainer while blacklisting the corrupted file. Trust is a precious asset in a world in which we are gaining in connectivity at the same rate as we are losing the reassuring certainty of face-to-face relations. With CodeMeter, you can install an infrastructure of trust that bridges that gap for the benefit of your business and your users.

Developing Integrations for IBM Integration Bus on Cloud

Geza Geleji

Your Migration Map to a Comprehensive Protection and Licensing System

team-WIBU

If you think that people migrate from secure licensing technology A to secure licensing technology B mainly for pricing reasons, you’d better think again. With 30 years of practice in this field under our belt, we have been watching the market closely, and our own statistics tell a different story. For most of the cases we were called in to advise, the main trigger had to do with more complex protection and/or licensing needs that the ISVs had to comply with. Whether these were goals they set themselves to gain a stronger market positioning or the result of discussions the ISVs were having with their clients, whether the system the ISVs were migrating from was homegrown or from a dedicated DRM supplier, the result was always the same: technology demands had increased to such a critical point that the existent solution could not keep up. Upon reaching that fork, the ISVs could develop a custom upgrade and stray off course from their own corporate mission, or look for a mature, interoperable, comprehensive, and widely adopted technology, developed independently by a fully dedicated vendor. The presentation deeps into the migration process of some of our customers: The most frequent use cases for migrating to CodeMeter Short overview of CodeMeter A flexible licensing system (dongle, soft license, cloud) Secure integration with CodeMeter Protection Suite Easy delivery with CodeMeter License Central Fully customizable and integrable license portal Unified system for PC, IoT, IIoT, embedded, and the cloud Migration approaches CodeMeter Runtime / Binding Extension Transition time for two systems running in parallel CodeMeter as a secure ID Complete conversion for each new major version Exchanging dongles in the field Patching old versions Demos and best practices Acquiring legacy data Creating legacy licenses using CodeMeter Generating a secure unique ID for third-party vendors Encrypting an application that supports multiple licensing systems What’s your story? Are you ready to leapfrog into the future of license and entitlement management? Join us and discover what you may be missing out on by staying with your current system. Watch the webinar: https://youtu.be/NQEVALx6Fyw

Optimizing Cloud Licensing: Strategies and Best Practices

team-WIBU

In principle, there are two different approaches to cloud licensing: On the one hand, licenses can be created, managed, and updated via the cloud. However, the licenses are actually located on the local device and can be used offline, at least for a certain period of time. On the other hand, the licenses can be used directly in the cloud. This case requires a permanent online connection to the server in the cloud. Especially if the number of licenses used simultaneously needs to be counted reliably, such a connection to the license server is inherent. In the webinar, we will look at best practice tips for this "license server" use case. For "always-on" licenses, CmCloudContainer is the best solution from the CodeMeter product family. The license server is operated by Wibu-Systems for you in the cloud. You create a CmCloudContainer, transfer the licenses in advance into this CmCloudContainer, and send your customer the access data (credential file). When creating the CmCloudContainer, you can choose between a Personal Container and an Enterprise Container. The Personal Container is typically used as a container for a user (person). They can have the container active on up to three workstations. Through the License Quantity, you define on how many workstations the user can use your software simultaneously. Three active workstations do not automatically mean three licenses for simultaneous use; by default, a match of one license on one workstation is set. The Enterprise Container is used when multiple users share a license, almost like a license pool. From an installation point of view, there is the possibility to set up a local proxy CodeMeter license server. All users access this server and do not need direct access to the cloud. This case is mainly used when devices on the shop floor are indirectly connected to the cloud via edge devices. Alternatively, all users or devices consuming licenses can communicate directly with the CodeMeter Server in the cloud. Mixed forms of direct and indirect access through several local license servers are also possible. The exciting question here is how to disavow a device or user from the list of units of people that were initially granted access rights. Here is where CodeMeter License Portal comes in handy and provide a turnkey solution. You and your customers create groups and users. Each user can access two CmCloudContainers, their own Personal CmCloudContainer, and the Enterprise CmCloudContainer of the group to which they belong. Depending on the use case, you can either leave the choice to your user or make it transparently in the background for them.

Cloud-Based Licensing in Offline Scenarios

team-WIBU

Using the cloud for software licenses is all the rage at the moment, especially for enterprise software where admins take over most of the day-to-day management tasks on behalf of the users in their organization. The advantages are obvious: Providers and users can access their license information at any time, and often usage data as well. Licenses can be changed on the fly; they can be created, updated, or revoked as needed. For admins, it becomes easy to actively organize which users can use which licenses on which devices. Manufacturing facilities on the proverbial shop floor are, however, often not hooked up to the Internet, but instead run offline and fully autonomously. The reasons for this are obvious: Machines will not suddenly come to a standstill should the Internet connection break down. This could lead to massive costs down the line – just imagine a furnace falling cold in a steelworks. At the same time, keeping machines separate from the Internet protects against cyberattacks and sabotage. Attackers cannot tamper with devices they simply cannot reach. As part of Industry 4.0, more and more manufacturing data is sent over the Internet, e.g., for predictive maintenance. In most cases, the data is captured and passed onto the Internet via dedicated gateways. Still, there is no direct Internet connection on the shop floor for the reasons named above. What does that mean for licensing? A lot, for architectural purposes. The servers needed to create and manage licenses are usually on the Internet. The users, like the operators of manufacturing lines, need to activate the licenses directly on the computers and devices on the shop floor. As with the data collected for Industry 4.0 purposes, this works without a direct Internet connection. All that is needed is an intermediate medium, which can be a regular PC, to move the license from the online to the offline world. If need be, this can happen completely offline by physically sharing data. In this webinar, we will follow the process of activating licenses with an offline device and CodeMeter License Central in detail. Which data is needed at what point? How can that data be shared? Which steps are optional and can be skipped for the offline process? And how does CodeMeter License Central make all of this simpler?

Kubernetes and the 12 factor cloud apps

Ana-Maria Mihalceanu

Kafka Summit 2019 Microservice Orchestration

larsfrancke

Building and Evolving a Dependency-Graph Based Microservice Architecture (La...

confluent

With the rising adoption of stream- and event-driven processing microservice architectures are becoming more and more complex. One challenge that many businesses face during the initial and ongoign development of these solutions is how to properly model and maintain dependencies between microservices. One specific example for this that will be used throughout this talk cleansing and enrichment of data that has been ingested into a streaming platform. For most use cases there are a lot of minor tasks that need to be performed on every piece of data before it is fully usable for processing. Some common examples are: normalize phone numbers, normalize street addresses, geocode addresses, lookup customer data and enrich record, ... Most of these tasks are completely independent of each other, but some have dependencies to be run before or after other tasks - geocoding, for example, should be done only after address normalization has finished. Defining and orchestrating a complex graph of these operations is no small feat. This talk will focus on outlining the requirements and challenges that one needs to solve when trying to implement a flexible framework for solving this use case. It will then build on these requirements and present the blueprint of a generic solution and show how Kafka and Kafka Streams are a perfect fit to address and overcome most challenges. This talk, while offering some technical details is mostly targeted at people at the architecture, rather than the code, level. Listeners will gain a thorough understanding of the challenges that stream processing offers but also be provided with generic patterns that can be used to solve these challenges in their specific infrastructure.

The Reality of DIY Kubernetes vs. PKS

VMware Tanzu

beroNet Partnerprogram Webinar

Michiel Top

OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...

NTS CAPTAIN / OpenNebula at Julius Blum GmbH

Recommended

Recommended

More Related Content

Similar to NTS CAPTAIN / OpenNebula at Julius Blum GmbH

Similar to NTS CAPTAIN / OpenNebula at Julius Blum GmbH (20)

More from OpenNebula Project

More from OpenNebula Project (20)

Recently uploaded

Recently uploaded (20)

NTS CAPTAIN / OpenNebula at Julius Blum GmbH