info@teal-consulting.de Tel: 0211/93675225 0211/93675225

Follow TEAL:

Home
Portfolio
About us
Career
Trainee
Blog
Contact

Home
Portfolio
About us
Career
Trainee
Blog
Contact

teal_esae_ipsec-update_bild23

15 May teal_esae_ipsec-update_bild23

Posted at 16:41h in by Lisa Werner

Legal notice
Privacy Statement
General Terms and Conditions

Legal notice
Privacy Statement
General Terms and Conditions

Till Hauschild

teal-team_till-hauschild

As an IT specialist for application development, I have skills in scripting technologies such as Powershell and Bash, and programming languages such as Python, Javascript, Typescript, and PHP. I also have extensive experience working with Microsoft products such as Office 365, Windows and Windows Server, Linux, and have expertise in virtualization technologies.

Experience:

I have been working in the IT field since 2018, gaining experience in both software development and team management. I am currently completing the IT Security Specialist trainee program at Teal, to further develop my skills in this area.

Retail company –

Microsoft Azure Cloud

Situation
Approach
Result

As part of an extensive digitalization project, a retail company will be relying heavily on the Microsoft Azure Cloud in future. The aim is to gain broader access to technologies, establish more transparent cost structures within the company and become less dependent on local data centers. Due to different levels of knowledge within the company, a central cloud competence center is to be defined and established in order to empower individual teams and business units.

TEAL supports the customer in the coordination and overarching planning for the central competence center. The first step was to determine the needs of the internal customers and to ascertain their level of knowledge. Services must be established in order to automatically develop deployable infrastructure-as-code services, an internal consulting and onboarding team must be set up to ensure a secure and simple start in Azure and a connectivity team must be implemented for the standardization and operation of network services. All operational tasks must be largely automated and handed over to an external provider.

Together with the customer, TEAL developed an appropriate operating model including all associated processes and standards. These were tested, improved and introduced as part of a hypercar. Operational tasks were outsourced to an external service provider where possible and appropriate.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

As part of an extensive digitalization project, a retail company will be relying heavily on the Microsoft Azure Cloud in future. The aim is to gain broader access to technologies, establish more transparent cost structures within the company and become less dependent on local data centers. Due to different levels of knowledge within the company, a central cloud competence center is to be defined and established in order to empower individual teams and business units.

TEAL supports the customer in the coordination and overarching planning for the central competence center. The first step was to determine the needs of the internal customers and to ascertain their level of knowledge. Services must be established in order to automatically develop deployable infrastructure-as-code services, an internal consulting and onboarding team must be set up to ensure a secure and simple start in Azure and a connectivity team must be implemented for the standardization and operation of network services. All operational tasks must be largely automated and handed over to an external provider.

Together with the customer, TEAL developed an appropriate operating model including all associated processes and standards. These were tested, improved and introduced as part of a hypercar. Operational tasks were outsourced to an external service provider where possible and appropriate.

ARE YOU FACING A SIMILAR CHALLENGE?

Manuel Hoffmann

My main focus is on planning and managing infrastructure projects for my clients. In addition, I also support the governance of operational areas. As co-founder and one of the managing directors of TEAL, I also take care of the growth and further development of the company.

Experience:

I have a total of 10 years of professional experience as a consultant. In my technical roles I have gained experience with Windows Client and Server, SCCM and Active Directory. As a project leader, I dealt with many other technologies including Redhat Enterprise Linux, Redhat Satellite and IDM as well as Jenkins, Docker Enterprise and ServiceNow.

Sven Fuhrmann

As an IT Systems Specialist, I am heavily involved in technical topics and value continuing education. In addition to implementing systems both on-premises and in the cloud, I am particularly interested in the perspective of an attacker.

Experience:

With a master’s degree in physics, a Microsoft Certified Security, Compliance and Identity Expert certification, and a trainee program at Teal, I provide support as an IT consultant with a focus on technical topics.

Friedemann Zurhorst

I like to think critically and thoroughly about technical topics, and I value continuous learning. My focus is on IT security, specifically Active Directory security with an emphasis on tiering models, privileged access workstations, auditing and compliance, system hardening, and general Windows security.

Experience:

I have been in the IT world since 2013. During my education and studies, I have been exposed to various technologies, with a specialization in the Microsoft world.

Tobias Voss

As an IT systems specialist with experience in a variety of industries, I use my expertise to help guide companies into the digital future. In doing so, the Teal Trainee Program allows me to consolidate fundamental IT security skills and apply them directly in practice.

Experience:

With 13 years of professional experience in system administration, my focus is mainly on Microsoft technologies.

Nils Berg

After several years of experience in process management and ERP consulting, I am using the TEAL trainee program as an opportunity to expand my skills in the area of IT security. The combination of internal and external courses, as well as independent in-depth training, provides me with many opportunities to provide expert advice to our customers.

Experience:

I completed a 3-year dual study program as an industrial engineer in mechanical engineering and then gained 3.5 years of experience in ERP consulting.

Jana Heuler

As a Junior Consultant, I am full of anticipation and commitment to be a part of the Teal Trainee Program. My goal is to expand my existing knowledge and skills to best support the existing team. I am excited about this opportunity to advance my career and develop my talents in a professional environment.

Experience:

ccessfully completed my training. I also hold the Azure Administrator Associate certification.

Fabian Böhm

As a security consultant my main focus is on Microsoft Active Directory, PKI and cloud projects. I supported our customers in sustainably improving the security level and detecting attacks at an early stage. As co-founder and one of the managing directors of TEAL, I also take care of the growth and further development of the company.

Experience:

Almost 20 years of professional experience in IT have already confronted me with a number of challenges. Solving emerging problems together with a strong team and being able to complete my projects successfully motivates me every day.

Alexander Schmitt

I have been advising my clients for over 10 years. I have already taken on many different roles. From “normal” team member to architect to project manager, everything was actually there. As co-founder and one of the managing directors of TEAL, I also take care of the growth and further development of the company.

Experience:

At the beginning of my career my focus was on the System Center products and Hyper-V. Over the years, however, I have gained insight into a wide range of technologies and products. These include Windows Client and Server, base services such as DNS, DHCP, WSUS as well as System Center, Hyper-V, Azure (infrastructure), Office 365 and RedHat Openshift. In recent years, my main focus has been on Active Directory security.

Deike Rickers

At TEAL I am the contact person for everything related to human resources. In particular, I am responsible for the management and monitoring of our recruiting process. Of course, I also work on internal topics and processes for our existing employees, such as the further development of our trainee program and internal development at TEAL. I exchange ideas with my colleagues and work closely with the management and administration.

Experience:

After my Bachelor in Business Administration and a Master in HR & Organization, I gained 10 years of relevant professional experience in the field of Recruitment and Human Resources in different, larger international companies.

I am now looking forward to continuing to manage and develop our processes together with all my colleagues at TEAL!

Tobias Bremm

As a consultant for Microsoft technologies I have gained experience in national and international large-scale projects.

Experience:

I have 15 years of experience in IT, of which I have been working as a consultant for Microsoft technologies for 12 years. I am an expert in Active Directory and System Center Configuration Manager as well as experienced in many other infrastructure topics.

LISA-MARIE WERNER

As a marketing manager, I define the marketing activities for the company and develop goals & strategies to position the brand and the products/services in the market attractively and to constantly raise them to a new level by using an effective marketing mix. Through several years of experience in the agency & online marketing sector, as well as the continuous monitoring of new trends, I know that addressing the needs of the target group is essential for the success of a company. I am driven by a balance of creativity and strategic thinking.

Experience:

4 years of experience in B2B online marketing, project management and customer communication

Niklas DÖRING

I am fascinated by the challenges and constant change in IT security. Planning and executing IT security projects is exactly what I am passionate about and have the skills to do.

Experience:

8 years of experience in administering Microsoft technologies (servers, clients and Microsoft 365) and supporting small, medium and large companies.

Andreas Badstübner

IT infrastructures and especially Microsoft technologies, but also the topics security, processes and methods as well as quality assurance, I cover in our customer projects.

Experience:

I have been working in IT for more than 23 years. A balanced mix of experience from operations, consulting, project and IT management in national and international environments has shaped me. Therefore, a good balance between IT security and IT operations is very important to me.

Robin Nowak

As a security consultant, I work with our customers in the areas of active directory security and system hardening.
The good cooperation with the team and our customers enables us to sustainably improve the security level.

Experience:

Degree in Information Systems and 4 years of experience as an IT consultant, including 1 year specifically in Active Directory Security.

Eike Krieger

To become an IT security specialist the trainee program allows me to gain a fundamental insight into all activities and areas of application of TEAL through a varied combination of training and project work. Instead of just dry theory, I have the opportunity to apply and consolidate my newly gained knowledge directly at the customer or in internal projects.

Experience:

4 years of experience in IT, with a focus on software development.

Leading engineering service provider in the automotive industry

Situation
Approach
Result

A leading global engineering service provider in the automotive industry turned to TEAL to consolidate and best secure an evolved Active Directory environment with two forests. The focus was on better integration of IT services and usability for the 6000 customer employees.

With the help of our assessment, we analyzed both forests for technical vulnerability or deviation from design recommendations. Requirements and goals were defined in workshops. The resulting packages of measures were prioritized by the customer and a roadmap for achieving the target was created.

TEAL supports the customer in securing and standardizing the Active Directory. Extensive information is also available in our blog series on the topic of (E)SAE.
Started approaches are consequently continued, which accelerate and optimize the implementation.

Are you facing a similar challenge?

Situation
Approach
Result

A leading global engineering service provider in the automotive industry turned to TEAL to consolidate and best secure an evolved Active Directory environment with two forests. The focus was on better integration of IT services and usability for the 6000 customer employees.

With the help of our assessment, we analyzed both forests for technical vulnerability or deviation from design recommendations. Requirements and goals were defined in workshops. The resulting packages of measures were prioritized by the customer and a roadmap for achieving the target was created.

TEAL supports the customer in securing and standardizing the Active Directory. Extensive information is also available in our blog series on the topic of (E)SAE.
Started approaches are consequently continued, which accelerate and optimize the implementation.

Are you facing a similar challenge?

Joachim Meyer

As a consultant for Microsoft technologies, I implement customer requirements precisely. The focus is on Microsoft System Center and automation with PowerShell.

Experience:

A total of 27 years of professional experience mainly in Microsoft infrastructures, software development and project management in an international environment.

Gregor Leiner

As a project manager, I ensure that the goals of our clients are implemented on time. I rely on my ten years of experience as a project and operations manager in the field of IT infrastructure, as well as my continuous training in the latest methodologies and working methods.

Experience:

I have ten years of experience in project management, operations management and ITIL processes.

Christian Badouin

In the back office I take care of our internal processes and am available to our business partners as a contact for various matters.

ANDREAS MÖLLER

I support our customers by helping to overcome challenges in terms of IT infrastructure, architecture and operations, as a consultant or project manager. Solving issues in a structured manner and creating an efficient solution is my motivation. Furthermore, I lead our internal traineeship and accompany the development of the product portfolio.

Experience:

With 20 years of IT experience, I worked as a consultant and project manager, leading interdisciplinary projects, both from the delivery and customer point of view. This includes infrastructure, development, operations and problem management.

Florian Freiherr von Bechtolsheim

As a project & program manager for all phases of enterprise-wide IT end-to-end solutions I support our customers in the realization of digitalization projects in the national/european/international context incl. near- and off-shoring.
In addition, I also accompany projects as a quality auditor or as a turn-around manager for projects in trouble and act as a trainer, speaker and project coach for consultants.

Experience:

10 years in the area of CAD/CAE in the engineering environment, 25 years project and program management, PMP® #531124, 12 years IT solution architect for Microsoft-based collaboration and project management systems

Linus Tentler

As a junior consultant, it’s the mix of theory and practice that makes my heart beat faster every day.
Making a difference together and finding innovative solutions for the challenges of our world is what drives me.

Experience:

8 years of experience in IT, including 5 years self-employed as a system administrator.

Andrzej Kaminski

As an IT security consultant in the field of Active Directory and infrastructure I support our customers in the implementation and extension of existing or new security measures. The implementation is based on current security benchmarks as well as vulnerability management tailored to the customer profile. The implementation of different and standardized security audits as well as automated health checks complete the portfolio.

Experience:

I’ve been working in the IT industry for 15 years. In my career so far, I have held various positions such as IT consultant, project manager or team leader. I have also worked successfully as a freelancer. Over the years I have specialized in the following areas: Active Directory, Infrastructure Services, Virtualization, NetApp and Automation.

Internationaler Entwicklungspartner der Automobilindustrie

Situation
Approach
Result

A customer in the healthcare industry was operating in a relatively inhomogeneous security infrastructure world, which led to two challenges:

1. The security setup is not optimal and

2. employees, IT services could only be provided with difficulty, resulting in inconsistent service usage.

Together with the customer, an analysis of the current situation was carried out and guard rails as well as requirements for a new IT infrastructure were defined. In the further course, TEAL developed several target architectures and evaluation criteria for a management decision.

The customer has several options and evaluation criteria to decide how to make the IT infrastructure secure and efficient in the future.

Are you facing a similar challenge?

Situation
Approach
Result

A customer in the healthcare industry was operating in a relatively inhomogeneous security infrastructure world, which led to two challenges:

1. The security setup is not optimal and

2. employees, IT services could only be provided with difficulty, resulting in inconsistent service usage.

Together with the customer, an analysis of the current situation was carried out and guard rails as well as requirements for a new IT infrastructure were defined. In the further course, TEAL developed several target architectures and evaluation criteria for a management decision.

The customer has several options and evaluation criteria to decide how to make the IT infrastructure secure and efficient in the future.

Are you facing a similar challenge?

International development partner of the automotive industry

Situation
Approach
Result

An internationally active development partner in the automotive industry for complex metal and hybrid structures with a large number of locations and more than 10,000 employees approached us to secure the complex and globally distributed infrastructure. In the course of security-relevant incidents in the said industry, TEAL was commissioned to check and secure the Active Directory infrastructure. TEAL was also commissioned to make preparations for the use of cloud services.

For this purpose, a detailed analysis of the customer’s security infrastructure was undertaken, risks were evaluated and weighted, and finally an action plan was proposed. TEAL was then commissioned to implement this plan. For this purpose, we designed a new security concept (TIER0), which we implemented with the customer in a cooperative atmosphere.

The security aspects of the customer infrastructure are thus conceptually re-implemented and secured, and at the same time prepared for the use of cloud services. This minimizes potential attack risks while at the same time future-proofing the core infrastructure.

Are you facing a similar challenge?

Situation
Approach
Result

An internationally active development partner in the automotive industry for complex metal and hybrid structures with a large number of locations and more than 10,000 employees approached us to secure the complex and globally distributed infrastructure. In the course of security-relevant incidents in the said industry, TEAL was commissioned to check and secure the Active Directory infrastructure. TEAL was also commissioned to make preparations for the use of cloud services.

For this purpose, a detailed analysis of the customer’s security infrastructure was undertaken, risks were evaluated and weighted, and finally an action plan was proposed. TEAL was then commissioned to implement this plan. For this purpose, we designed a new security concept (TIER0), which we implemented with the customer in a cooperative atmosphere.

The security aspects of the customer infrastructure are thus conceptually re-implemented and secured, and at the same time prepared for the use of cloud services. This minimizes potential attack risks while at the same time future-proofing the core infrastructure.

Are you facing a similar challenge?

Leading retail company

Situation
Approach
Result

The goal was to migrate the existing Groupwise infrastructure of a leading retail company (nearly 10,000 employees) with decentralized personal archives to Microsoft Exchange Online.

We supported the customer in project management as well as the selection of suitable technology partners, migration software and adaptation measures for end users. This also included establishing rollout support and integrating the local helpdesk.

The project we managed was already able to migrate 10,000 mailboxes within eight months. The migration of the personal archives to Exchange Online Archive also worked smoothly. In addition, an Office365 backup solution was introduced.

Are you facing a similar challenge?

Situation
Approach
Result

The goal was to migrate the existing Groupwise infrastructure of a leading retail company (nearly 10,000 employees) with decentralized personal archives to Microsoft Exchange Online.

We supported the customer in project management as well as the selection of suitable technology partners, migration software and adaptation measures for end users. This also included establishing rollout support and integrating the local helpdesk.

The project we managed was already able to migrate 10,000 mailboxes within eight months. The migration of the personal archives to Exchange Online Archive also worked smoothly. In addition, an Office365 backup solution was introduced.

Are you facing a similar challenge?

ULF Jacob

teal_ulf_jacob_team

I am employed by TEAL as an IT Security Analyst. As such, I examine and evaluate collected data, especially with regard to security vulnerabilities. But direct support of our consultants is also part of my job. For example, in the form of programming work, research or expertise.

Experience:

I have been working in the IT industry for 7 years and have specialized mainly in the field of IT security. Thereby I have put the focus on penetration testing. Accordingly, I am an all-rounder and know my way around many IT topics, be it Windows, Linux or programming.

Company from the public sector

Situation
Approach
Result

After in-depth online research, a government agency approached us to analyze and secure their existing Active Directory infrastructure for full protection against cybersecurity attacks.

Due to the ever-increasing security awareness factor in the media, the customer wanted to restructure in this area and stabilize the basic pillars of infrastructure and identity management through external expertise.

In order to work out a suitable solution, we first carried out a three-day assessment in the customer’s environment to find out how possible attackers could get into the company’s network and how the customer could ideally protect itself against this. This resulted in a roadmap with recommendations and concrete implementation measures to effectively increase infrastructure security.

In further steps, implementation packages were derived, structured and prioritized. These packages were then implemented together with the customer. This included both organizational and technical measures and individualized concepts, which were adapted on the basis of the customer’s environment and other circumstances.

First, we started by establishing the common SAE basics. These include both the tiering concept and the introduction of PAW systems combined with consistent account separation. Extensive info is also available in our blog series on (E)SAE.

In the future, we will use the Enforce Suite to achieve extensive and permanent system hardening of the infrastructure as well as compliance with established hardening standards such as BSI or CIS.

Are you facing a similar challenge?

Situation
Approach
Result

After in-depth online research, a government agency approached us to analyze and secure their existing Active Directory infrastructure for full protection against cybersecurity attacks.

Due to the ever-increasing security awareness factor in the media, the customer wanted to restructure in this area and stabilize the basic pillars of infrastructure and identity management through external expertise.

In order to work out a suitable solution, we first carried out a three-day assessment in the customer’s environment to find out how possible attackers could get into the company’s network and how the customer could ideally protect itself against this. This resulted in a roadmap with recommendations and concrete implementation measures to effectively increase infrastructure security.

In further steps, implementation packages were derived, structured and prioritized. These packages were then implemented together with the customer. This included both organizational and technical measures and individualized concepts, which were adapted on the basis of the customer’s environment and other circumstances.

First, we started by establishing the common SAE basics. These include both the tiering concept and the introduction of PAW systems combined with consistent account separation. Extensive info is also available in our blog series on (E)SAE.

In the future, we will use the Enforce Suite to achieve extensive and permanent system hardening of the infrastructure as well as compliance with established hardening standards such as BSI or CIS.

Are you facing a similar challenge?

International Manufacturing Company

Situation
Approach
Result

The goal was to harden and secure an existing Active Directory of an international company with 5,000 employees in the manufacturing industry according to SAE standards. In addition, PAWs were to be introduced for Tier 0 and Active Directory objects were to be assigned to the Tiers in order to implement all measures to make potential lateral movement more difficult.

In order to find a suitable solution, we first conducted a three-day assessment in the customer’s environment to determine how potential attackers could gain access to the company’s network and how the customer could effectively protect itself against them. The corresponding findings were then elaborated and evaluated by us. Our consultants were then able to implement these together with the operations team and carry out the process changes.

Meanwhile, the customer can administer its secured Active Directory structure through special secured PAWs (including multi-factor authentication) and has also established an encapsulated and hardened Tier0 environment.

Are you facing a similar challenge?

Situation
Approach
Result

The goal was to harden and secure an existing Active Directory of an international company with 5,000 employees in the manufacturing industry according to SAE standards. In addition, PAWs were to be introduced for Tier 0 and Active Directory objects were to be assigned to the Tiers in order to implement all measures to make potential lateral movement more difficult.

In order to find a suitable solution, we first conducted a three-day assessment in the customer’s environment to determine how potential attackers could gain access to the company’s network and how the customer could effectively protect itself against them. The corresponding findings were then elaborated and evaluated by us. Our consultants were then able to implement these together with the operations team and carry out the process changes.

Meanwhile, the customer can administer its secured Active Directory structure through special secured PAWs (including multi-factor authentication) and has also established an encapsulated and hardened Tier0 environment.

Are you facing a similar challenge?

IT service provider insurance –

Request fulfilment optimisation

Situation
Approach
Result

In order to be able to provide IT services to the specialist areas of the international insurance group with 40,000 employees faster, the company’s internal IT service provider set themselves the objective to accelerate the request fulfilment process and to reduce the error rate. The inconsistent service descriptions as well as the multiple media inconsistencies were identified as the source of the problems, complicating the co-operation with the external service provider who were fulfilling the process. By introducing a digital request fulfilment platform, these problems were to be solved.

TEAL supported the introduction of the request fulfilment platform based on ServiceNow (SaaS) substantially. We created the requirements analysis, developed a data protection and security concept and led the project management as well as the operational rollout.

The lead times of the orders were reduced significantly thanks to the new request fulfilment platform. TEAL facilitated the successful integration of the SaaS order platform into the existing landscape. This was successfully established as one of the first cloud solutions of the entire group.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

In order to be able to provide IT services to the specialist areas of the international insurance group with 40,000 employees faster, the company’s internal IT service provider set themselves the objective to accelerate the request fulfilment process and to reduce the error rate. The inconsistent service descriptions as well as the multiple media inconsistencies were identified as the source of the problems, complicating the co-operation with the external service provider who were fulfilling the process. By introducing a digital request fulfilment platform, these problems were to be solved.

TEAL supported the introduction of the request fulfilment platform based on ServiceNow (SaaS) substantially. We created the requirements analysis, developed a data protection and security concept and led the project management as well as the operational rollout.

The lead times of the orders were reduced significantly thanks to the new request fulfilment platform. TEAL facilitated the successful integration of the SaaS order platform into the existing landscape. This was successfully established as one of the first cloud solutions of the entire group.

ARE YOU FACING A SIMILAR CHALLENGE?

IT service provider insurance –

Implementation of Linux

Situation
Approach
Result

As part of a major strategy program, the international insurance group with 40,000 employees restructured its IT portfolio. In the course of the restructuring, open source operating systems were largely to be provided by the internal IT service provider for the first time. As the company was, up to the strategy program, heavily relying on Microsoft-based operating systems and software, the portfolio of the infrastructure services, their management systems and the application development tools and processes had to be expanded.

TEAL assisted the client in selecting the open source platform (RedHat Enterprise Linux and CentOS) as well as choosing suitable management systems (RedHat Satellite, GIT, Jenkins and RedHat Identity Manager). The platform was supplemented with a Docker runtime environment based on Docker Swarm. TEAL also supported the architecture’s creation, development and integration. Additionally, TEAL also provided the project manager.

The IT service provider is now also able to offer open source software solutions to departments based. Through skilful integration, many synergies with the existing Microsoft systems and architectures could be used.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

As part of a major strategy program, the international insurance group with 40,000 employees restructured its IT portfolio. In the course of the restructuring, open source operating systems were largely to be provided by the internal IT service provider for the first time. As the company was, up to the strategy program, heavily relying on Microsoft-based operating systems and software, the portfolio of the infrastructure services, their management systems and the application development tools and processes had to be expanded.

TEAL assisted the client in selecting the open source platform (RedHat Enterprise Linux and CentOS) as well as choosing suitable management systems (RedHat Satellite, GIT, Jenkins and RedHat Identity Manager). The platform was supplemented with a Docker runtime environment based on Docker Swarm. TEAL also supported the architecture’s creation, development and integration. Additionally, TEAL also provided the project manager.

The IT service provider is now also able to offer open source software solutions to departments based. Through skilful integration, many synergies with the existing Microsoft systems and architectures could be used.

ARE YOU FACING A SIMILAR CHALLENGE?

Globally active industrial group –

private cloud

Situation
Approach
Result

In order to be able to offer high-quality and cost-efficient IT services for its 15,000 employees worldwide, the Swiss industrial group launched a comprehensive modernisation program. The main objectives were to centralise IT operations and to implement a service-orientated operating structure. TEAL was given the task of consolidating and modernising the internal data centres. The data centres were to be designed as a private cloud infrastructure based on Microsoft virtualisation and management technologies to ensure maximum flexibility and cost efficiency.

TEAL accompanied the entire project from requirement analysis through design creation and implementation all the way through to acceptance. After it went live successfully, we temporarily controlled the operations team and supported service onboarding until the operation was successfully transferred to an offshore delivery centre.

Thanks to the co-operation with TEAL, the group was able to start productive operations of the private cloud within a few months. In the course of the co-operation, the client’s centralisation objectives were supported significantly through continuous expansion and improvement of the solutions.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

In order to be able to offer high-quality and cost-efficient IT services for its 15,000 employees worldwide, the Swiss industrial group launched a comprehensive modernisation program. The main objectives were to centralise IT operations and to implement a service-orientated operating structure. TEAL was given the task of consolidating and modernising the internal data centres. The data centres were to be designed as a private cloud infrastructure based on Microsoft virtualisation and management technologies to ensure maximum flexibility and cost efficiency.

TEAL accompanied the entire project from requirement analysis through design creation and implementation all the way through to acceptance. After it went live successfully, we temporarily controlled the operations team and supported service onboarding until the operation was successfully transferred to an offshore delivery centre.

Thanks to the co-operation with TEAL, the group was able to start productive operations of the private cloud within a few months. In the course of the co-operation, the client’s centralisation objectives were supported significantly through continuous expansion and improvement of the solutions.

ARE YOU FACING A SIMILAR CHALLENGE?

Telco-Group –

Office 365

Situation
Approach
Result

A telecommunications service provider with 5,000 employees wanted to modernise its IT workplaces. This was to enable flexible working and offer employees an attractive working environment. At the same time, operating costs were to be reduced by consolidating the IT infrastructure to be able to continue to offer the companies service at a competitive price. To achieve these goals, cloud services were to be used increasingly.

TEAL assisted the company with their provider selection, architecture development for Office 365, data protection assessment as well as the change enablement process. This, in our experience, is indispensable for successful Office 365 projects.

By fundamentally renewing IT workplaces, the employees of the telecommunications service providers now work in a modern work environment that enables flexible and mobile working. The IT operating costs have been substantially reduced through the targeted use of cloud services.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

A telecommunications service provider with 5,000 employees wanted to modernise its IT workplaces. This was to enable flexible working and offer employees an attractive working environment. At the same time, operating costs were to be reduced by consolidating the IT infrastructure to be able to continue to offer the companies service at a competitive price. To achieve these goals, cloud services were to be used increasingly.

TEAL assisted the company with their provider selection, architecture development for Office 365, data protection assessment as well as the change enablement process. This, in our experience, is indispensable for successful Office 365 projects.

By fundamentally renewing IT workplaces, the employees of the telecommunications service providers now work in a modern work environment that enables flexible and mobile working. The IT operating costs have been substantially reduced through the targeted use of cloud services.

ARE YOU FACING A SIMILAR CHALLENGE?

Global pharmaceutical company –

private cloud

Situation
Approach
Result

The global pharmaceutical company with over 40,000 employees faced the challenge of modernising its SharePoint-based intranet system while reducing operating costs for the platform and the hosted third-party web applications. These goals were to be achieved by consolidating the platform into three modern private cloud data centres in Europe, the USA and Asia, as well as by outsourcing operations to the US and India.

TEAL supported the project in definition, validation and operations implementation of the business continuity processes based on NetApp Snap Manager and offering support with the introduction of measures to increase security. These measures involved a Privilege Access Management solution based on DELL TPAM in conjunction with RSA SecurID for two-factor authentication. Furthermore, the Windows systems were hardened using Microsoft Best Practices and special AppLocker guidelines.

By setting up and securing private cloud data centres, the basis for the managed intranet service could be successfully built up and put into operation. The intranet is now sustainable with a current Microsoft product stack and is used extensively by over 40,000 of their employees worldwide. The operations team in the USA and India ensures that the defined KPIs are met and user queries are resolved.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

The global pharmaceutical company with over 40,000 employees faced the challenge of modernising its SharePoint-based intranet system while reducing operating costs for the platform and the hosted third-party web applications. These goals were to be achieved by consolidating the platform into three modern private cloud data centres in Europe, the USA and Asia, as well as by outsourcing operations to the US and India.

TEAL supported the project in definition, validation and operations implementation of the business continuity processes based on NetApp Snap Manager and offering support with the introduction of measures to increase security. These measures involved a Privilege Access Management solution based on DELL TPAM in conjunction with RSA SecurID for two-factor authentication. Furthermore, the Windows systems were hardened using Microsoft Best Practices and special AppLocker guidelines.

By setting up and securing private cloud data centres, the basis for the managed intranet service could be successfully built up and put into operation. The intranet is now sustainable with a current Microsoft product stack and is used extensively by over 40,000 of their employees worldwide. The operations team in the USA and India ensures that the defined KPIs are met and user queries are resolved.

ARE YOU FACING A SIMILAR CHALLENGE?

Telco Group –

Infrastructure modernisation

Situation
Approach
Result

In order to increase the customer functionality of the largest IP TV solution in Germany with nearly 2 million customers even further, the provider decided to implement a new version of the Microsoft IP TV solution. Along with the new release, the basic infrastructure was to be extended, modernized and to be brought up to the current software version.

TEAL supported the modernisation of the infrastructure by upgrading the server operating systems as well as their management systems (system centre configuration, operations, and data protection manager) in several environments with a total of over 1,000 servers. Furthermore, a modern certificate infrastructure, secured by HSM modules, was implemented and transferred to operations.

Thanks to the comprehensive infrastructure modernisation project, the basis was created to operate the new version of the IP TV solution securely, steadily and at a high performance. After the successful launch of the new version, the provider was able to offer their customers mobile access for the first time as well as an enhanced video-on-demand platform with many new and enhanced features.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

In order to increase the customer functionality of the largest IP TV solution in Germany with nearly 2 million customers even further, the provider decided to implement a new version of the Microsoft IP TV solution. Along with the new release, the basic infrastructure was to be extended, modernized and to be brought up to the current software version.

TEAL supported the modernisation of the infrastructure by upgrading the server operating systems as well as their management systems (system centre configuration, operations, and data protection manager) in several environments with a total of over 1,000 servers. Furthermore, a modern certificate infrastructure, secured by HSM modules, was implemented and transferred to operations.

Thanks to the comprehensive infrastructure modernisation project, the basis was created to operate the new version of the IP TV solution securely, steadily and at a high performance. After the successful launch of the new version, the provider was able to offer their customers mobile access for the first time as well as an enhanced video-on-demand platform with many new and enhanced features.

ARE YOU FACING A SIMILAR CHALLENGE?

Public data centre operator –

Linux RPM build pipeline

Situation
Approach
Result

The development team of a public data centre operator in Austria couldn’t focus its full capacity on the development of new features and products because, with each new build, it had to carry out numerous manual steps until the packages were developed, tested and deployed. To resolve this drawback, an automated testing and deployment pipeline was to be implemented.

TEAL employees developed a standardised, fully automated and monitored build environment based on Red Hat RPM and augmented by the products of GitLAB, Jenkins and Mock. A distributed GIT instance stores and manages the source code which can be automatically compiled in the build environment by Jenkins at any time. Subsequently, MOCK processes create and check new RPM packages in a rule-based manner which can then be rolled out to the target systems via Satellite.

The client is now able to use the capabilities of its development team more efficiently to further develop business applications. At the same time, the number of errors was reduced thanks to the fully automated processes and test procedures and the deployment time for new releases was significantly reduced.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

The development team of a public data centre operator in Austria couldn’t focus its full capacity on the development of new features and products because, with each new build, it had to carry out numerous manual steps until the packages were developed, tested and deployed. To resolve this drawback, an automated testing and deployment pipeline was to be implemented.

TEAL employees developed a standardised, fully automated and monitored build environment based on Red Hat RPM and augmented by the products of GitLAB, Jenkins and Mock. A distributed GIT instance stores and manages the source code which can be automatically compiled in the build environment by Jenkins at any time. Subsequently, MOCK processes create and check new RPM packages in a rule-based manner which can then be rolled out to the target systems via Satellite.

The client is now able to use the capabilities of its development team more efficiently to further develop business applications. At the same time, the number of errors was reduced thanks to the fully automated processes and test procedures and the deployment time for new releases was significantly reduced.

ARE YOU FACING A SIMILAR CHALLENGE?

INTERNATIONAL COMMERCIAL VEHICLE MANUFACTURER –

SECURE ADMINISTRATION OF THE ACTIVE DIRECTORY LANDSCAPE

Situation
Approach
Result

One of the leading manufacturers for commercial vehicles with more than 30,000 employees was faced with the challenge of implementing a comprehensive strategy program to realign its IT infrastructure and increase IT security. Protecting the Active Directory has a major impact on this increase in security. The corporation has a blueprint based on the Microsoft ESAE approach which it uses for this. The aim of the project was to adapt and implement this blueprint to the local circumstances.

TEAL supported manufacturer by analyzing the company blueprint, designing the target architecture and implementing the Secure Administration Environment (SAE). The solution consists of three Active Directory Forests for production (“Gold Forest”), administration (“Red Forest”) and the hypervisor (“Iron Forest”) with corresponding admin tiering. Each tier is protected by numerous measures such as 2-factor authentication, Privilege Administration Workstations (PAWs), Security Baseline GPOs and secure operating processes. This provides an exceptionally high level of protection against Pass the Hash and Pass the Ticket attacks.

The project has significantly increased the security level of all high-priority IT assets and has thus laid the foundation for further measures to increase IT security. Together with TEAL, the commercial vehicle manufacturer was not only able to implement the corporate blueprint, but also improve it. The SAE architecture has thus become a key element in the IT security of the entire corporation.

ARE YOU FACING A SIMILAR CHALLENGE?

Situation
Approach
Result

One of the leading manufacturers for commercial vehicles with more than 30,000 employees was faced with the challenge of implementing a comprehensive strategy program to realign its IT infrastructure and increase IT security. Protecting the Active Directory has a major impact on this increase in security. The corporation has a blueprint based on the Microsoft ESAE approach which it uses for this. The aim of the project was to adapt and implement this blueprint to the local circumstances.

TEAL supported manufacturer by analyzing the company blueprint, designing the target architecture and implementing the Secure Administration Environment (SAE). The solution consists of three Active Directory Forests for production (“Gold Forest”), administration (“Red Forest”) and the hypervisor (“Iron Forest”) with corresponding admin tiering. Each tier is protected by numerous measures such as 2-factor authentication, Privilege Administration Workstations (PAWs), Security Baseline GPOs and secure operating processes. This provides an exceptionally high level of protection against Pass the Hash and Pass the Ticket attacks.

The project has significantly increased the security level of all high-priority IT assets and has thus laid the foundation for further measures to increase IT security. Together with TEAL, the commercial vehicle manufacturer was not only able to implement the corporate blueprint, but also improve it. The SAE architecture has thus become a key element in the IT security of the entire corporation.

ARE YOU FACING A SIMILAR CHALLENGE?

IT service provider insurance –

Secure Global Authentication Platform (based on ESAE)

Situation
Approach
Result

As part of a major strategy programme, the international insurance group with 40,000 employees restructured its IT portfolio. The goal was to improve co-operation among the group’s individual companies and to intensify the use of global services. These services were to be recreated centrally and operated as safely as possible. The first step was to be the development of a global authentication platform for both Kerberos-based and token-based services.

TEAL assisted the client in defining the architecture and implementation of this global authentication platform in two new co-located data centres. The authentication platform consists of an active directory architecture based on Microsoft’s Enhanced Security Administrative Environment (ESAE, you can find out more about this in our blog) for Kerberos-based services and an ADFS platform for token-based applications. Administrative rights are granted only temporarily by a Privileged Access Management (PAM) solution to minimise the risk of being attacked (and from subsequent consequences) due to stolen passwords. By almost exclusively using Windows Server 2016 Core, the points of attack were reduced further. Hereafter, the monitoring of the use of high privileges can be further improved by the complete integration in an SIEM system and the pairing of the distribution of rights to the change and incident tools.

Thanks to the new authentication platform based on ESAE, the foundation for the globally shared services has been laid. These systems can now be operated within a secure environment and made available to the end user.

ARE YOU FACING A SIMILAR CHALLENGE?

Starting situation
Approach
Result

As part of a major strategy programme, the international insurance group with 40,000 employees restructured its IT portfolio. The goal was to improve co-operation among the group’s individual companies and to intensify the use of global services. These services were to be recreated centrally and operated as safely as possible. The first step was to be the development of a global authentication platform for both Kerberos-based and token-based services.

TEAL assisted the client in defining the architecture and implementation of this global authentication platform in two new co-located data centres. The authentication platform consists of an active directory architecture based on Microsoft’s Enhanced Security Administrative Environment (ESAE, you can find out more about this in our blog) for Kerberos-based services and an ADFS platform for token-based applications. Administrative rights are granted only temporarily by a Privileged Access Management (PAM) solution to minimise the risk of being attacked (and from subsequent consequences) due to stolen passwords. By almost exclusively using Windows Server 2016 Core, the points of attack were reduced further. Hereafter, the monitoring of the use of high privileges can be further improved by the complete integration in an SIEM system and the pairing of the distribution of rights to the change and incident tools.

Thanks to the new authentication platform based on ESAE, the foundation for the globally shared services has been laid. These systems can now be operated within a secure environment and made available to the end user.

ARE YOU FACING A SIMILAR CHALLENGE?