The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data protection explanation. As a rule, our website can be used without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent. We would like to point out that data transmission on the internet (e.g. communication by e-mail) can be subject to security gaps. A complete protection of the data against access by third parties is not possible.
Some of the internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser during your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request. These data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
On our pages are plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, integrated. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/. When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate visiting our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the data transmitted or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at https://de-de.facebook.com/policy.php. If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.
On our pages, functions of the Twitter service are integrated. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter’s data protection declaration at https://twitter.com/privacy. You can change your data protection settings on Twitter in the account settings at: https://twitter.com/account/settings.
Our pages use Google+ functions. Provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Collection and dissemination of information: You can use the Google+ button to publish information worldwide. The Google+ button gives you and other users personalized content from Google and our partners. Google stores both information that you gave +1 for an item and information about the page you viewed when you clicked +1. Your +1 may appear as clues along with your profile name and photo in Google services, such as search results or your Google profile, or elsewhere on websites and ads on the internet. Google records information about your +1 activity to improve Google services for you and others. To use the Google+ button, you need a globally visible, public Google profile that includes at least the name you choose for the profile. This name is used in all Google services. In some cases, this name may also replace another name you used when sharing content through your Google Account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you. Use of Information Collected: In addition to the uses described above, the information you provide will be used in accordance with applicable Google privacy policies. Google may publish or share aggregated statistics about users’ +1 activity with users and partners, such as publishers, advertisers, or affiliates.
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn features, you will be connected to LinkedIn servers. LinkedIn will be notified that you have visited our web pages with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our site with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information on this can be found in LinkedIn’s data protection declaration at: https://www.linkedin.com/legal/privacy-policy
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you access one of our pages that contains XING functions, a connection is established to XING servers. To the best of our knowledge, personal data is not stored. In particular, no IP addresses are stored or the usage behavior evaluated. Further information on data protection and the XING Share button can be found in the XING Privacy Policy at: https://www.xing.com/app/share?op=data_protection
Our website uses plugins from the YouTube page operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection is established to YouTube’s servers. The Youtube server will be informed which of our pages you have visited. If you are logged in to your YouTube account, you can enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. For more information about the handling of user data, please refer to YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy
For the comment function on this page, in addition to your comment, information at the time the comment was created, your e-mail address and, if you do not post anonymously, the user name you have chosen will be stored.
Our comment feature stores the IP addresses of users who post comments. As we do not check comments on our site before they are activated, we need this data to be able to take action against the author in the event of infringements such as insults or propaganda.
As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address you provided. You can unsubscribe from this function at any time via a link in the info mails.
This website uses functions of the web analysis service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.
We have activated the IP anonymization function on this website. This will cause Google to shorten your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as Google from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
You can prevent Google Analytics from collecting your information by clicking on the link at the bottom of the page. An opt-out cookie is set to prevent your information from being collected on future visits to this site. For more information on how Google Analytics uses user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en
We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Deactivate Google Analytics
Source: https://www.e-recht24.de
In order to be able to provide IT services to the specialist areas of the international insurance group with 40,000 employees faster, the company’s internal IT service provider set themselves the objective to accelerate the request fulfilment process and to reduce the error rate. The inconsistent service descriptions as well as the multiple media inconsistencies were identified as the source of the problems, complicating the co-operation with the external service provider who were fulfilling the process. By introducing a digital request fulfilment platform, these problems were to be solved.
TEAL supported the introduction of the request fulfilment platform based on ServiceNow (SaaS) substantially. We created the requirements analysis, developed a data protection and security concept and led the project management as well as the operational rollout.
The lead times of the orders were reduced significantly thanks to the new request fulfilment platform. TEAL facilitated the successful integration of the SaaS order platform into the existing landscape. This was successfully established as one of the first cloud solutions of the entire group.
One of the leading manufacturers for commercial vehicles with more than 30,000 employees was faced with the challenge of implementing a comprehensive strategy program to realign its IT infrastructure and increase IT security. Protecting the Active Directory has a major impact on this increase in security. The corporation has a blueprint based on the Microsoft ESAE approach which it uses for this. The aim of the project was to adapt and implement this blueprint to the local circumstances.
TEAL supported manufacturer by analyzing the company blueprint, designing the target architecture and implementing the Secure Administration Environment (SAE). The solution consists of three Active Directory Forests for production (“Gold Forest”), administration (“Red Forest”) and the hypervisor (“Iron Forest”) with corresponding admin tiering. Each tier is protected by numerous measures such as 2-factor authentication, Privilege Administration Workstations (PAWs), Security Baseline GPOs and secure operating processes. This provides an exceptionally high level of protection against Pass the Hash and Pass the Ticket attacks.
The project has significantly increased the security level of all high-priority IT assets and has thus laid the foundation for further measures to increase IT security. Together with TEAL, the commercial vehicle manufacturer was not only able to implement the corporate blueprint, but also improve it. The SAE architecture has thus become a key element in the IT security of the entire corporation.
The development team of a public data centre operator in Austria couldn’t focus its full capacity on the development of new features and products because, with each new build, it had to carry out numerous manual steps until the packages were developed, tested and deployed. To resolve this drawback, an automated testing and deployment pipeline was to be implemented.
TEAL employees developed a standardised, fully automated and monitored build environment based on Red Hat RPM and augmented by the products of GitLAB, Jenkins and Mock. A distributed GIT instance stores and manages the source code which can be automatically compiled in the build environment by Jenkins at any time. Subsequently, MOCK processes create and check new RPM packages in a rule-based manner which can then be rolled out to the target systems via Satellite.
The client is now able to use the capabilities of its development team more efficiently to further develop business applications. At the same time, the number of errors was reduced thanks to the fully automated processes and test procedures and the deployment time for new releases was significantly reduced.
In order to increase the customer functionality of the largest IP TV solution in Germany with nearly 2 million customers even further, the provider decided to implement a new version of the Microsoft IP TV solution. Along with the new release, the basic infrastructure was to be extended, modernized and to be brought up to the current software version.
TEAL supported the modernisation of the infrastructure by upgrading the server operating systems as well as their management systems (system centre configuration, operations, and data protection manager) in several environments with a total of over 1,000 servers. Furthermore, a modern certificate infrastructure, secured by HSM modules, was implemented and transferred to operations.
Thanks to the comprehensive infrastructure modernisation project, the basis was created to operate the new version of the IP TV solution securely, steadily and at a high performance. After the successful launch of the new version, the provider was able to offer their customers mobile access for the first time as well as an enhanced video-on-demand platform with many new and enhanced features.
The global pharmaceutical company with over 40,000 employees faced the challenge of modernising its SharePoint-based intranet system while reducing operating costs for the platform and the hosted third-party web applications. These goals were to be achieved by consolidating the platform into three modern private cloud data centres in Europe, the USA and Asia, as well as by outsourcing operations to the US and India.
TEAL supported the project in definition, validation and operations implementation of the business continuity processes based on NetApp Snap Manager and offering support with the introduction of measures to increase security. These measures involved a Privilege Access Management solution based on DELL TPAM in conjunction with RSA SecurID for two-factor authentication. Furthermore, the Windows systems were hardened using Microsoft Best Practices and special AppLocker guidelines.
By setting up and securing private cloud data centres, the basis for the managed intranet service could be successfully built up and put into operation. The intranet is now sustainable with a current Microsoft product stack and is used extensively by over 40,000 of their employees worldwide. The operations team in the USA and India ensures that the defined KPIs are met and user queries are resolved.
As part of a major strategy program, the international insurance group with 40,000 employees restructured its IT portfolio. In the course of the restructuring, open source operating systems were largely to be provided by the internal IT service provider for the first time. As the company was, up to the strategy program, heavily relying on Microsoft-based operating systems and software, the portfolio of the infrastructure services, their management systems and the application development tools and processes had to be expanded.
TEAL assisted the client in selecting the open source platform (RedHat Enterprise Linux and CentOS) as well as choosing suitable management systems (RedHat Satellite, GIT, Jenkins and RedHat Identity Manager). The platform was supplemented with a Docker runtime environment based on Docker Swarm. TEAL also supported the architecture’s creation, development and integration. Additionally, TEAL also provided the project manager.
The IT service provider is now also able to offer open source software solutions to departments based. Through skilful integration, many synergies with the existing Microsoft systems and architectures could be used.
A telecommunications service provider with 5,000 employees wanted to modernise its IT workplaces. This was to enable flexible working and offer employees an attractive working environment. At the same time, operating costs were to be reduced by consolidating the IT infrastructure to be able to continue to offer the companies service at a competitive price. To achieve these goals, cloud services were to be used increasingly.
TEAL assisted the company with their provider selection, architecture development for Office 365, data protection assessment as well as the change enablement process. This, in our experience, is indispensable for successful Office 365 projects.
By fundamentally renewing IT workplaces, the employees of the telecommunications service providers now work in a modern work environment that enables flexible and mobile working. The IT operating costs have been substantially reduced through the targeted use of cloud services.
In order to be able to offer high-quality and cost-efficient IT services for its 15,000 employees worldwide, the Swiss industrial group launched a comprehensive modernisation program. The main objectives were to centralise IT operations and to implement a service-orientated operating structure. TEAL was given the task of consolidating and modernising the internal data centres. The data centres were to be designed as a private cloud infrastructure based on Microsoft virtualisation and management technologies to ensure maximum flexibility and cost efficiency.
TEAL accompanied the entire project from requirement analysis through design creation and implementation all the way through to acceptance. After it went live successfully, we temporarily controlled the operations team and supported service onboarding until the operation was successfully transferred to an offshore delivery centre.
Thanks to the co-operation with TEAL, the group was able to start productive operations of the private cloud within a few months. In the course of the co-operation, the client’s centralisation objectives were supported significantly through continuous expansion and improvement of the solutions.
As part of a major strategy programme, the international insurance group with 40,000 employees restructured its IT portfolio. The goal was to improve co-operation among the group’s individual companies and to intensify the use of global services. These services were to be recreated centrally and operated as safely as possible. The first step was to be the development of a global authentication platform for both Kerberos-based and token-based services.
TEAL assisted the client in defining the architecture and implementation of this global authentication platform in two new co-located data centres. The authentication platform consists of an active directory architecture based on Microsoft’s Enhanced Security Administrative Environment (ESAE, you can find out more about this in our blog) for Kerberos-based services and an ADFS platform for token-based applications. Administrative rights are granted only temporarily by a Privileged Access Management (PAM) solution to minimise the risk of being attacked (and from subsequent consequences) due to stolen passwords. By almost exclusively using Windows Server 2016 Core, the points of attack were reduced further. Hereafter, the monitoring of the use of high privileges can be further improved by the complete integration in an SIEM system and the pairing of the distribution of rights to the change and incident tools.
Thanks to the new authentication platform based on ESAE, the foundation for the globally shared services has been laid. These systems can now be operated within a secure environment and made available to the end user.
Im Rahmen eines großen Strategieprogramms richtete der international tätige Versicherungskonzern mit 40.000 Mitarbeitern sein IT Portfolio neu aus. Ziel war es, die Zusammenarbeit zwischen den einzelnen Konzerngesellschaften zu verbessern und verstärkt globale Services zu nutzen. Diese Services sollten an zentraler Stelle neu entstehen und möglichst sicher betrieben werden. Im ersten Schritt sollte eine globale Authentifizierungsplattform sowohl für Kerberos- als auch Token-based Services entstehen.
TEAL unterstützte den Kunden bei der Definition der Architektur und der Implementierung dieser globalen Authentifizierungsplattform in zwei neuen Co-located Datacentern. Die Authentifizierungsplattform besteht aus einer Active Directory Architektur auf Basis von Microsofts Enhanced Security Administrative Environment (ESAE, mehr dazu in unserem Blog) für Kerberos-basierte Dienste und einer ADFS Plattform für Token-basierte Applikationen. Administrative Rechte werden durch eine Privileged Access Management (PAM) Lösung nur temporär gewährt, um das Angriffsrisiko von gestohlenen Passwörtern (und deren Auswirkungen) zu minimieren. Durch den Einsatz von nahezu ausschließlich Windows Server 2016 Core, wurde die Angriffsfläche weiter reduziert. Zukünftig kann die Überwachung der Verwendung von hohen Privilegien durch die vollständige Integration in ein SIEM System und die Kopplung der Rechtevergabe an Change und Incident Tools weiter verbessert werden.
Durch die neue Authentifizierungsplattform nach ESAE Vorbild, ist die Grundlage für die globalen Shared Services gelegt. Diese Systeme können nun in einer sicheren Umgebung betrieben und dem Endkunden zur Verfügung gestellt werden.
Um für seine weltweit 15.000 Mitarbeiter hochwertige und kosteneffiziente IT Services anbieten zu können, startete der Schweizer Industriekonzern ein umfassendes Modernisierungsprogramm. Hauptziele waren den IT-Betrieb zu zentralisieren und eine serviceorientierte Betriebsstruktur einführen. TEAL erhielt die Aufgabe, die konzerneigenen Rechenzentren zu konsolidieren und zu modernisieren. Die Datacenter sollten als Private Cloud Infrastruktur auf Basis von Microsoft Virtualisierungs- und Management-Technologien konzipiert werden, um größtmögliche Flexibilität und Kosteneffizienz zu gewährleisten.
TEAL begleitete das komplette Projekt von der Anforderungsanalyse über die Design-Erstellung und die Implementierung bis hin zur Abnahme. Nach erfolgreichem Go-Live, steuerten wir temporär das Betriebsteam und unterstützten das Service-Onboarding, bis der Betrieb erfolgreich zu einem Offshore Delivery Center überführt wurde.
Durch die Zusammenarbeit mit TEAL, konnte der Konzern bereits nach wenigen Monaten den produktiven Betrieb der Private Cloud aufnehmen. Im Zuge der Kooperation wurden die Zentralisierungsziele des Kunden durch eine beständige Erweiterung und Verbesserung der Lösungen maßgeblich unterstützt.
Um für die Fachbereiche des international tätigen Versicherungskonzern mit 40.000 Mitarbeitern IT Dienstleistungen schneller bereitstellen zu können, hat es sich der eigene IT-Dienstleister zum Ziel gesetzt Request Fulfillment Prozess zu beschleunigen und die Fehlerquote zu senken. Als Quelle der Probleme wurden die uneinheitlichen Servicebeschreibungen sowie die multiplen Medienbrüche identifiziert, welche die Zusammenarbeite mit dem externen Dienstleister (welcher den Prozess bedient) erschwert. Durch die Einführung einer digitalen Request Fulfillment Plattform, sollten diese Probleme gelöst werden.
TEAL unterstütze die Einführung der Request Fulfillment Plattform auf Basis von ServiceNow (SaaS) maßgeblich. Wir erstellten die Anforderungsanalyse, entwickelten ein Datenschutz- und Sicherheitskonzept und leiteten das Projekt-Management sowie die Betriebseinführung.
Die Durchlaufzeiten der Bestellungen konnten durch die neue Request Fulfillment Plattform signifikant gesenkt werden. TEAL ermöglichte die erfolgreiche Integrierung der SaaS Bestellplattform in die bestehende Landschaft. Diese wurde als eine der ersten Cloudlösungen im Konzern erfolgreich etabliert.
Ein Telekommunikationsdienstleister mit 5.000 Mitarbeitern wollte seine IT Arbeitsplätze modernisieren. Hierdurch sollte flexibles Arbeiten ermöglicht und den Mitarbeitern eine attraktive Arbeitsumgebung geboten werden. Gleichzeitig sollten die Betriebskosten durch eine Konsolidierung der IT-Infrastruktur gesenkt werden, um die Dienstleistungen weiterhin konkurrenzfähig anbieten zu können. Um diese Ziele zu erreichen, sollten verstärkt Cloud Services zum Einsatz kommen.
TEAL unterstützte das Unternehmen bei der Anbieterauswahl, der Ausarbeitung der Architektur für Office 365, der Datenschutzbewertung sowie dem Change Enablement-Prozess. Dieser ist, wie unsere Erfahrung zeigt, unabdingbar für erfolgreiche Office 365 Projekte.
Durch die grundlegende Erneuerung der IT-Arbeitsplätze, arbeiten die Mitarbeiter des Telekommunikationsdienstleisters nun in einer modernen Arbeitsumgebung, welche flexibles und mobiles Arbeiten ermöglicht. Die IT-Betriebskosten wurden durch den gezielten Einsatz von Cloud-Diensten substantiell gesenkt.
Im Rahmen eines großen Strategieprogramms richtete der international tätige Versicherungskonzern mit 40.000 Mitarbeitern sein IT Portfolio neu aus. Im Zuge der Neuausrichtung, sollten erstmals in größerem Umfang OpenSource Betriebssysteme durch den eigenen IT Dienstleister zur Verfügung gestellt werden. Da bis zum Strategieprogramm maßgeblich auf Microsoft basierte Betriebssysteme und Software gesetzt wurde, musste das Portfolio von den Infrastruktur-Services und deren Managementsystemen bis hin zur Anwendungsentwicklung erweitert werden.
TEAL unterstützte den Kunden bei der Auswahl der OpenSource Plattform (RedHat Enterprise Linux und CentOS), als auch bei den passenden Managementsystemen (RedHat Satellite, GIT, Jenkins und RedHat Identity Manager). Ergänzt wurde die Plattform noch mit einer Docker Laufzeitumgebung, die auf Docker Swarm basiert. TEAL unterstütze ebenfalls bei Architekturerstellung, Aufbau und Integration. Der Projektleiter wurde ebenfalls von TEAL gestellt.
Der IT Dienstleister ist nun in der Lage, den Fachbereichen auch OpenSource basierte Softwarelösungen anzubieten. Durch geschickte Integration konnten viele Synergien mit bestehenden Architekturen der Microsoft Systeme genutzt werden.
Der weltweit tätige Pharmakonzern, mit über 40.000 Mitarbeitern, stand vor der Herausforderung sein SharePoint basiertes Intranet System zu modernisieren und gleichzeitig die Betriebskosten für die Plattform und die gehosteten 3rd Party Web Applikationen zu reduzieren. Erreicht werden sollten diese Ziele durch die Konsolidierung der Plattform in drei moderne private Cloud Rechenzentren in Europa, USA und Asien sowie durch die Auslagerung des Betriebs in die USA und Indien.
TEAL unterstütze das Projekt bei der der Definition, Validierung und Betriebseinführung der Business Continuity Prozesse auf Basis von NetApp Snap Manager sowie der Einführung von Maßnahmen zur Steigerung der Sicherheit. Diese Maßnahmen umfassten eine Privilege Access Management Lösung basierend auf DELL TPAM im Zusammenspiel mit RSA SecurID zur zwei Faktor Authentifizierung. Des Weiteren wurde die Windows Systeme anhand der Microsoft Best Practices und speziellen AppLocker Richtlinien gehärtet.
Durch den Aufbau und die Absicherung der private Cloud Rechenzentren, konnte die Basis für den managed Intranet Service erfolgreich aufgebaut werden und in den Betrieb übergehen. Das Intranet ist nun zukunftsfähig, mit einem aktuellen Microsoft Produktstack, bereitgestellt und wird von den über 40.000 Mitarbeitern weltweit intensiv genutzt. Das Betriebsteam in USA und Indien stellt sicher, dass die definierten KPIs eingehalten und Benutzeranfragen gelöst werden.
Um die Funktionalität für die Kunden der größten IP-TV Lösung in Deutschland mit fast 2 Millionen Kunden noch zu steigern, beschloss der Anbieter eine neue Version der Microsoft IP-TV Lösung zu implementieren. Einhergehend mit dem neuen Release, sollte die Basisinfrastruktur ebenfalls auf den aktuellen Softwarestand gebracht und verbessert werden.
TEAL unterstützte die Modernisierung der Infrastruktur durch die Aktualisierung der Serverbetriebs- sowie deren Verwaltungssysteme (System Center Configuration- , Operations- und Data Protection Manager) in mehreren Umgebungen mit insgesamt über 1.000 Servern. Weiterhin wurde eine moderne, durch HSM-Module abgesicherte Zertifikatsinfrastruktur implementiert und an den Betrieb übergeben.
Durch das umfassende Infrastruktur Modernisierungsprojekt, wurde die Basis geschaffen um die neue Version der IP-TV Lösung sicher, stabil und performant betreiben zu können. Nach der erfolgreichen Einführungen der neuen Version, konnte der Anbieter seinen Kunden erstmals mobilen Zugriff sowie eine erweiterte Video on Demand Plattform mit zahlreiche neuen und erweiterten Funktionen anbieten.
Das Entwicklungsteam eines öffentlichen Rechenzentrumsbetreibers in Österreich konnte nicht seine volle Kapazität auf die Entwicklung neuer Features und Produkte konzentrieren, da es bei jedem neuen Build zahlreiche manuelle Schritte ausführen musste, bis die Pakete erstellt, getestet und deployed waren. Um diesen Missstand zu beheben, sollte eine automatisierte Test- und Deploymentpipeline implementiert werden.
Mitarbeiter von TEAL entwickelten eine standardisierte, vollständig automatisierte und überwachte Build-Umgebung auf Basis von Red Hat RPM, die durch die Produkte GitLAB, Jenkins und Mock ergänzt wurde. Eine verteilte GIT Instanz versioniert und verwaltet den Source Code, der jederzeit durch Jenkins automatisiert in der Build-Umgebung compiliert werden kann. Anschließend erstellen und prüfen MOCK Prozesse regelbasiert neue RPM Pakete, welche anschließend über Satellite auf die Zielsysteme ausgerollt werden können.
Der Kunde ist nun in der Lage, die Kapazitäten seines Entwicklungsteams effektiver für die Weiterentwicklung von Businessanwendungen einzusetzen. Gleichzeitig wurde durch die vollautomatisierten Prozesse und Testabläufe die Fehleranzahl verringert und die Bereitstellungszeiten für neue Releases erheblich verkürzt.
Ein führender internationaler Nutzfahrzeughersteller mit über 30.000 Mitarbeitern stand vor der Herausforderung, ein umfassendes Strategieprogramm zur Neuausrichtung der IT Infrastruktur und Erhöhung der IT Sicherheit umzusetzen. Ein wesentlicher Beitrag zur Erhöhung der Sicherheit ist hier die Absicherung des Active Directories. Dafür gibt es im Konzern eine Blaupause auf Basis des Microsoft ESAE Ansatzes. Ziel des Projektes war es, die Blaupause auf die lokalen Gegebenheiten zu adaptiert und umzusetzen.
TEAL unterstützte den Nutzfahrzeughersteller bei der Analyse der Konzernblaupause, bei der Konzeption der Zielarchitektur und der Implementierung der Secure Administration Umgebung (SAE). Die Lösung besteht aus drei Active Directory Forests für Produktion („Gold Forest“), Administration („Red Forest“) und dem Hypervisor („Iron Forest“) mit entsprechendem Admin Tiering. Jedes Tier wird durch zahlreiche Maßnahmen wie zum Beispiel 2-Faktor Authentifizierung, Privilege Administration Workstations (PAWs), Security Baseline GPOs und sicheren Betriebsprozessen abgesichert. Dadurch wird ein außerordentlich hohes Schutzniveau gegen Pass the Hash und Pass the Ticket Attacken erreicht.
Durch das Projekt konnte das Sicherheitsniveau der besonders schützenswerten IT Assets erheblich gesteigert werden und hat somit die Grundlage für weitere Maßnahmen zur Erhöhung der IT Sicherheit gelegt. Zusammen mit TEAL konnte der Nutzfahrzeughersteller nicht nur die Konzern Blaupause umsetzen, sondern noch verbessert. So ist die SAE Architektur ein maßgeblicher Treiber im Gesamtkonzern für die IT Sicherheit geworden.