swarovski case study the way to ipv6 - · pdf fileswarovski case study –the way to ipv6...

Swarovski Case Study – The Way to IPv6Georg Kirchmair

Senior System Engineer

IT-IS.Backend Infrastructure.Network

Swarovski Case Study – The Way to IPv6

Company introduction

How did we start with IPv6?

Our Reasons for IPv6

High Level Concept and Roadmap

Current Status and Next Steps

Lessons Learned

Q&A

Agenda

Hong Kong

Cranston WattensTriesen

Swarovski Case Study – The Way to IPv6IT Organization

Approx. 550 IT employees worldwide


First IPv6 project planned starting from 2008 each year, postponed

2012 joined IPv6 congress in Frankfurt, trigger event

2012 IT Architecture Board Decision “Evaluate IPv6”

2012 IPv6 Readiness mandatory when purchasing new solutions

2013 Project IPv6 preparations to find out the scope of IPv6

2013/12 IT Architecture Board Decision on Roadmap

2014 Project IPv6 DMZ Deployment infrastructure

How did we start with IPv6?


Most of our business processes rely on Internet communication

Swarovski‘s infrastructure needs, ShopConnect, connections to our

offices, warehouses, manufacturing locations globally are based on

Internet connectivity

User Communication is based on the Internet, e.g. eMail, Online

meetings, Internet browsing etc.

Connections to CloudServices, Microsoft Sharepoint Online are

Internet based

Payments are cleared via Internet (Online Shop, Swarovski Stores,

etc.)



1) Business Continuity

We will loose the ability to communicate with our customers and partners

and vice versa if we don’t deploy IPv6.

2) User Experience

Similar reasons we deploy a content delivery network

Performance impact for external websites & services if we stay on IPv4

only

Native IPv6 communication will be faster and more reliable as no

provider translations are in between

New internet users will be IPv6 only



3) Other drivers for IPv6 deployment

Vendors pushing IPv6 aggressively (e.g. Microsoft)

Cloud Services requiring lots of IP addresses

Security by a controlled IPv6 deployment

Complying With Government Directives (e.g. US, China, etc.)

The Internet of Things (e.g. smart meters, sensors, etc.)



Our Approach to IPv6

IPv6 Assessment on overall IT Landscape as a start

Hardware, Software and Services (Cloud)

Introduction to IPv6 for Responsible Persons

IPv6 Lab for Infrastructure built

IPv6 Training for Network Team / Server / Client and Testing in Lab of

current solutions

High Level Concept


Our Approach to IPv6

IPv6 Readiness for all new purchased solutions is mandatory

Vendor Selection Approval Process through IT Architecture Board

IPv6 roadmap created in respect on requirements

IT Architecture Board approval of roadmap & tracking of status

Internet facing services have priority, take readiness from Assessment into

Account

Use the Lifecycle to change not IPv6 ready solutions

Make the risks clear for not introducing IPv6 in applications

High Level Concept


IPv4/IPv6 Dual stack for external reachable services

2 phase approach, “Outside to Inside”

DMZs IPv6 address concept, limited scope

Introduce IPv6 in Lifecycle of HW, SW, applications/services

Phase 1

Focus on Internet Reachable Services first

Internet/WAN connectivity

Communication from inside IPv4 only to IPv6 internet

Internet to Swarovski public/external services/applications/websites

Phase 2

Datacenter

Internal Network

High Level Concept


DMZs are IPv6 enabled in Hub Locations

Austria, Hong Kong, US

Internet provider change was necessary in US

New DMZ servers are provisioned with IPv6 since October 2014

Not as much change as we would like to see

IPv6 provisioned by default, will be removed if application is not IPv6

capable

Client VPN ready

Client VPN config will be changed to prefer IPv6

Dependency on software version on mobile clients (10K)

Proxy Servers ready

Approx. 20% is IPv6 traffic

Current Status & Next Steps


B2C ecommerce platform currently in reevaluation (new platform

planned for 2016)

Current platform will not be IPv6 enabled due to missing IPv6 support

B2B & customer facing websites will be IPv6 enabled via Application

Delivery controller rollout

Mail gateway in progress

Not configurable over GUI

Wireless Guest Access in progress

Waiting for API for user tracking

Global VPN solution for ShopConnect pending

Vendor IPv6 support available from Q3/2015

FTP server replacement started in Q2/2015

IPv6 was the reason on top

Current Status & Next Steps


Don’t trust your vendor about full IPv6 support

Basic network functions are not the issue

Management, logging, advanced features

Build a testlab and Test, Test, Test

Try to make your IT staff understand the WHY IPv6

Application responsibles need the most attention

Talk to your Internet providers early

People are motivated to work with IPv6

Lessons Learned


Check cloud solutions for IPv6 support

Even higher risk as you have no influence

IaaS, PaaS, SaaS

Check Lifecycle process for IPv6 support / documentation

Appropriate properties in CMDB

IPAM solution

Network Diagrams

Support

Internal IPv6 support & Know-How

External vendors / consultants with IPv6 Know-How

Lessons Learned

Thank you.http://test-ipv6.swarovski.com

swarovski case study the way to ipv6 - · pdf fileswarovski case study –the way to ipv6...

Documents