swarovski case study the way to ipv6 - · pdf fileswarovski case study –the way to ipv6...
TRANSCRIPT
Swarovski Case Study – The Way to IPv6Georg Kirchmair
Senior System Engineer
IT-IS.Backend Infrastructure.Network
Swarovski Case Study – The Way to IPv6
Company introduction
How did we start with IPv6?
Our Reasons for IPv6
High Level Concept and Roadmap
Current Status and Next Steps
Lessons Learned
Q&A
Agenda
Hong Kong
Cranston WattensTriesen
Swarovski Case Study – The Way to IPv6IT Organization
Approx. 550 IT employees worldwide
Swarovski Case Study – The Way to IPv6
First IPv6 project planned starting from 2008 each year, postponed
2012 joined IPv6 congress in Frankfurt, trigger event
2012 IT Architecture Board Decision “Evaluate IPv6”
2012 IPv6 Readiness mandatory when purchasing new solutions
2013 Project IPv6 preparations to find out the scope of IPv6
2013/12 IT Architecture Board Decision on Roadmap
2014 Project IPv6 DMZ Deployment infrastructure
How did we start with IPv6?
Swarovski Case Study – The Way to IPv6
Most of our business processes rely on Internet communication
Swarovski‘s infrastructure needs, ShopConnect, connections to our
offices, warehouses, manufacturing locations globally are based on
Internet connectivity
User Communication is based on the Internet, e.g. eMail, Online
meetings, Internet browsing etc.
Connections to CloudServices, Microsoft Sharepoint Online are
Internet based
Payments are cleared via Internet (Online Shop, Swarovski Stores,
etc.)
Our Reasons for IPv6
Swarovski Case Study – The Way to IPv6
1) Business Continuity
We will loose the ability to communicate with our customers and partners
and vice versa if we don’t deploy IPv6.
2) User Experience
Similar reasons we deploy a content delivery network
Performance impact for external websites & services if we stay on IPv4
only
Native IPv6 communication will be faster and more reliable as no
provider translations are in between
New internet users will be IPv6 only
Our Reasons for IPv6
Swarovski Case Study – The Way to IPv6
3) Other drivers for IPv6 deployment
Vendors pushing IPv6 aggressively (e.g. Microsoft)
Cloud Services requiring lots of IP addresses
Security by a controlled IPv6 deployment
Complying With Government Directives (e.g. US, China, etc.)
The Internet of Things (e.g. smart meters, sensors, etc.)
Our Reasons for IPv6
Swarovski Case Study – The Way to IPv6
Our Approach to IPv6
IPv6 Assessment on overall IT Landscape as a start
Hardware, Software and Services (Cloud)
Introduction to IPv6 for Responsible Persons
IPv6 Lab for Infrastructure built
IPv6 Training for Network Team / Server / Client and Testing in Lab of
current solutions
High Level Concept
Swarovski Case Study – The Way to IPv6
Our Approach to IPv6
IPv6 Readiness for all new purchased solutions is mandatory
Vendor Selection Approval Process through IT Architecture Board
IPv6 roadmap created in respect on requirements
IT Architecture Board approval of roadmap & tracking of status
Internet facing services have priority, take readiness from Assessment into
Account
Use the Lifecycle to change not IPv6 ready solutions
Make the risks clear for not introducing IPv6 in applications
High Level Concept
Swarovski Case Study – The Way to IPv6
IPv4/IPv6 Dual stack for external reachable services
2 phase approach, “Outside to Inside”
DMZs IPv6 address concept, limited scope
Introduce IPv6 in Lifecycle of HW, SW, applications/services
Phase 1
Focus on Internet Reachable Services first
Internet/WAN connectivity
Communication from inside IPv4 only to IPv6 internet
Internet to Swarovski public/external services/applications/websites
Phase 2
Datacenter
Internal Network
High Level Concept
Swarovski Case Study – The Way to IPv6
DMZs are IPv6 enabled in Hub Locations
Austria, Hong Kong, US
Internet provider change was necessary in US
New DMZ servers are provisioned with IPv6 since October 2014
Not as much change as we would like to see
IPv6 provisioned by default, will be removed if application is not IPv6
capable
Client VPN ready
Client VPN config will be changed to prefer IPv6
Dependency on software version on mobile clients (10K)
Proxy Servers ready
Approx. 20% is IPv6 traffic
Current Status & Next Steps
Swarovski Case Study – The Way to IPv6
B2C ecommerce platform currently in reevaluation (new platform
planned for 2016)
Current platform will not be IPv6 enabled due to missing IPv6 support
B2B & customer facing websites will be IPv6 enabled via Application
Delivery controller rollout
Mail gateway in progress
Not configurable over GUI
Wireless Guest Access in progress
Waiting for API for user tracking
Global VPN solution for ShopConnect pending
Vendor IPv6 support available from Q3/2015
FTP server replacement started in Q2/2015
IPv6 was the reason on top
Current Status & Next Steps
Swarovski Case Study – The Way to IPv6
Don’t trust your vendor about full IPv6 support
Basic network functions are not the issue
Management, logging, advanced features
Build a testlab and Test, Test, Test
Try to make your IT staff understand the WHY IPv6
Application responsibles need the most attention
Talk to your Internet providers early
People are motivated to work with IPv6
Lessons Learned
Swarovski Case Study – The Way to IPv6
Check cloud solutions for IPv6 support
Even higher risk as you have no influence
IaaS, PaaS, SaaS
Check Lifecycle process for IPv6 support / documentation
Appropriate properties in CMDB
IPAM solution
Network Diagrams
Support
Internal IPv6 support & Know-How
External vendors / consultants with IPv6 Know-How
Lessons Learned
Thank you.http://test-ipv6.swarovski.com