When the cloud reaches its limit: A "playground" for cyber defense excercises

Pushing Cloud Limits for Enhanced Cyber Defense

Training is no longer confined to land, water, or air in the military sector, cyber defense is becoming increasingly important worldwide. Just as there are training grounds for soldiers, appropriate environments are also needed for cyber defense. Therefore, a specialized service provider requested the assistance of comdivision and VMware to build a massively scalable platform. This platform should be able to provide environments at short notice that include far more than just a few thousand machines.

Yves Sandfort, comdivision's lead architect for this client, noted at the beginning of the project: "Although the VMware Cloud Provider platform is highly scalable, this dynamic, combined with the number of objects, does present us with an interesting challenge. Besides provisioning virtual machines, we had to consider the underlying hypervisor environment as well as the network and storage. Overall, a challenge we eagerly accepted!“

the challenge

The aim was to quickly provide training environments with sometimes several thousand virtual machines to the "users" at the push of a button. The sheer sizing of such an environment could potentially exceed the scaling limits of individual clusters, etc.

An additional challenge lay in provisioning and operating the underlying hardware. This needed to be able to respond flexibly to different scenarios and always be prepared for the failure of compute, storage, or network components, which would necessitate a quick reinstallation.

"Not many IT service providers have the experience to design highly scalable environments in such a way that they are secured within themselves, that environments/scenarios are so separated, that both performance and related infrastructure can be allocated with pinpoint accuracy. Just the requirement to start up a few thousand systems is beyond the grasp of most architects. It sounds quite simple in theory, but here, practical experience matters, and Yves Sandfort and Sascha Schwunk from comdivision undoubtedly brought this to the table! They not only know what is theoretically possible, but also what works in practice!", the Lead Architect and Project CTO of the client states.

the solution

Together with the customer, the comdivision architects analyzed potential configuration maxima that could hinder the project, and developed solutions to address these.

This required close cooperation with various VMware Business Units to discuss and understand certain limits.

The result was a target architecture that not only defined the maximum cluster size up to the resource pool, but also the required rack and network design to meet the high demands.

The operational challenges went beyond the boundaries of the Cloud Director and individual NSX instances, so the entire design was planned from the start for growth beyond the limits of a Cloud Foundation, Cloud Director, and NSX instance.

Furthermore, special attention was paid to the re-deployment of the hypervisor and other management components, as a “collateral damage” could occur during an exercise.

knowledge transfer

"Having a consulting partner like comdivision, who could educate both operational and administrative teams about the new technologies parallel to the design and implementation phase, was a great advantage," said the lead cloud architect.

the result

comdivision, in partnership with the cloud provider, achieved the impossible: the initial scaling limitations could be circumvented thanks to a clever architecture. This enables the provision of a highly scalable and dynamic infrastructure that can be used worldwide, thus providing the best possible preparation for cyber defence.

Questions?

Questions?

Ask Yves:

* We will process your email in accordance with our Privacy Policy.
Thank you! Your message has been sent!
Oops! Something went wrong while submitting the form.