There were several reasons for this. Perhaps the most important was the major change in our entire IT landscape over the past five years. Today, many companies, including Siemens AG, have a cloud first strategy. This means that we are gradually migrating a large part of our application and server landscape into a private cloud. At the same time, we have launched further major IT and infrastructure initiatives. In addition to a lack of flexibility, the main driver for many of these initiatives was increasing cost pressure.
Today, for example, we use Workday from the cloud for our human resources. We have also implemented Office 365 throughout the Group. Siemens locations in over 190 countries with around 380,000 employees access these applications. We have also implemented ServiceNow for digital workflows or Real-Time Collaboration (RTC) “Circuit” introduced by Unify as a communication and collaboration tool.
We have seen that the underlying network infrastructure no longer manages this cloud traffic. The traffic pattern, i.e. everything that takes place today in the classic, protected MPLS network, has completely changed. Increasing data traffic is going more and more into the cloud. As a result, applications have not consistently run with high performance. The time has come to question and completely change our entire network infrastructure. The answer can no longer be to connect even more bandwidth, even more MPLS lines. We need a new infrastructure with which we can get our performance problems and the issue of Secure Internet Access under control and which can offer us maximum flexibility.
Gülay Stelzmüllner, Global Head of IT Connectivity Services, Siemens AG
studied computer engineering in Ulm and Munich and is now Global Head of IT Connectivity Services. The mother of two children has been with the Siemens Group for more than 15 years, where she started as an intern and developed her career through positions as a Junior Developer in the central IT department and Team Lead HR Applications. Today she is responsible for Siemens’ global network infrastructure with a team of around 50 internal employees and a large number of external service providers.
Absolutely, because these days fewer and fewer employees are permanently sitting at their desk in permanently assigned workstations, equipped with LAN cables, computers and docking stations. They use several mobile end devices, are frequently on the move and are not always at the same workstation. We have to offer these employees a network infrastructure with which mobile work can really perform. Previous WIFI solutions have not been designed to serve such a large number of end devices. This is another reason why we believe we need to fundamentally rebuild our infrastructure.
The volume of data is enormous. There are about 4 petabytes of data on our file shares. This corresponds to about 4 million CDs. Large downloads and uploads can bring a network to its knees for a certain amount of time and affect the performance for the rest of a site. It is no longer possible, however, to determine why and where such amounts of data are transported through our network. This can happen anywhere at one of our worldwide locations. For example, a business unit provides a new service and pumps data through the network for a certain period of time. Such a process can completely shut down the network for several hours.
This applies first to WIFI networks, which were previously configured for a few laptops and smartphones, but are not designed for IoT connectivity. The data then goes into the WAN and we can’t meet this growing demand with an MPLS network. We always had to introduce special solutions for IoT connectivity. Here, the SD-WAN will give us more flexibility and better bandwidth coverage. We would then have a standard solution for all locations instead of expensive and difficult to operate special solutions.
We hope that the SD-WAN implementation will make management simpler and more flexible. Starting with flexible bandwidth management, which will be possible worldwide in the future via a central management platform. Today, we must register a change via the respective location, test it beforehand and then implement it over several days. Or if you want to roll out a new security policy globally, you have to do this for each location individually. This takes a certain amount of time, which does not necessarily make sense from a security point of view. In the SD-WAN we can implement a new policy or feature worldwide within a few minutes.
The configurations we want are defined centrally and taught to the system. The system then controls this configuration itself. This allows us to allocate more bandwidth to critical applications at certain times without negatively affecting other functions. All this happens centrally via the platform and no longer manually on site. The configurations are virtually imported into the appliances, such as the routers. We opted for Cisco Viptela on the hardware side. Outside a defined time corridor, the network controls itself. It can detect bottlenecks and then react automatically to changes. Thus, we breathe artificial intelligence into the entire system via configurations. In addition to the standard features, there will also be AI features in the future. Predictive maintenance features will then lead to more stability and fewer failures in the network, at least according to current expectations. We do not yet know which these will be.
When we started the project, the solutions for such a complex project at Siemens were not yet completely ready for the market. At that time, however, as a medium-sized company you were able to set up a standard SD-WAN without increased requirements. It was an advantage for us to be able to influence the product cycle. We very often sat together with the Cisco product engineers from the US to prioritize the feature set and were therefore heavily involved in the further development.
On the contrary. Of course, there are initial investments. But when we started the project, we had a clear vision to increase the cost savings potential. Our goal was to double bandwidth and halve costs. As far as we can assess this at this stage, we have achieved cost savings of 35 to 40 percent so far and will continue to move closer to our goal. However, the wheel is turn very quickly, and bandwidth requirements are developing even faster than we assumed in the selection process two years ago. Therefore, the requirements in the current project are changing and with them the savings potentials. Nevertheless, the savings will still be huge.
“Our goal for the SD-WAN project is to double bandwidth and halve costs.”
That was another important aspect for us. With the increase in cloud traffic, the number of cyber-attacks on our network has increased. Until now, it has been difficult to detect every attack promptly. This could sometimes take days or detects unplanned and unusual processes in the network and reports on them, for example, if a very high request is made to a certain Siemens application at a certain location. This could indicate a cyber-attack. We are then able to more quickly identify whether it is actually an attack or not, can immediately react accordingly and avert or minimise damage if the worst comes to the worst.
That’s what we are and that makes us very proud. I maintain that we are indeed the leading edge on this issue. Even in a project like this, things don’t always run smoothly. But I am convinced that we started the transformation at the right time. This gave us the opportunity to influence the development of SD-WAN and adapt it to our requirements. That was clearly a strategically correct decision. I am responsible for our global network. If we hadn’t acted, I would have to deal with completely different problems today and would no longer have the capacity to drive innovation with a manageably large team. Even if we still have a lot to do with incident management through the old part of the network, we recognize that where we have already transformed to SD-WAN, network management has become much simpler.
It’s a partnership that brings us all forward. One could also say it is a win-win-win constellation. Cisco can further develop its solutions based on our requirements. Deutsche Telekom is also gathering experience from such a large project. And we benefit from cost savings and a significantly improved, future-proof network infrastructure. That’s why we are extremely transparent with each other in the project. We all want to learn, and we all know that not everything can run smoothly.
Contact: Dirk.Drabnig@t-systems.com
More Information: www.siemens.com
More Information: www.t-systems.com/sd-wan