November 22, 2022
How CDW Amplified Services Manage IT at Scale via Automation and Diverse Tools
Our new patent uses secure tunnels to remotely configure and control an organization's VLAN without sustained administrative access.
How to Establish a Consistently Secure and Scalable Remote Cloud Connection?
Just like homeowners use the existing infrastructure (i.e. door, lock, keys) to secure their house no matter what is coming in or going out, System Administrators should be able to use existing infrastructure within cloud servers to update software and security.
As a result of CDW’s newly approved patent for a system and method to automate IT service management CDW will now be able to manage and provision servers in the cloud, much faster than before while also adhering to any organization's security requirements.
Typically, IT service providers install equipment and software at the customer site. Service providers needing to patch MS Windows or provide Linux support, for example, would often struggle to make necessary changes because they were dependent on the customer to obtain firewall and network access.
Now, when we set up an organization with our patented management platform pods, they receive an avatar, Base Management Nodes (BMN), and automation services, which will get provisioned behind the Management Platform and is transparent to the organization. The avatar facilitates connectivity back to CDW’s Managed Service platform. BMNs provide multi-tenant client separation, and every client gets their own connections. This framework allows us to deploy services, automate them, and manage them at scale. The only communication visible to the customer is the base management node.
Now, the only thing that might live at the customer site is an avatar, which could exist in one of two ways: 1) as a virtual machine running in VMWare, Azure, AWS or GCP or 2) as a physical appliance—a little larger than a hockey puck—with multiple ethernet ports.
The value add is that we can get in quickly and provide services of arbitrary scale because the BMN allows us to move faster, iterate when necessary, and use similar patterns for automation. If we decide our customers need a new “As-a-service” offering, we can now roll it out to every customer extremely fast with minimal client interaction.
The Benefits of Our Patented Management Platform Pod System
Besides faster connectivity and more efficient provisioning, this new framework, cuts down on IP address overlap, which can occur when a connection is made on a VPN.
In many arrangements, quite a lot of time is wasted negotiating with CIOs about the right way to communicate since there are often numerous entities using the same IP address spaces across networks. No one wins because it bogs down the process of helping customers. Alternatively, with CDW’s method, the BMN operates as the face of CDW’s platform within the customer environment, and we can drop in an avatar which provides per-customer address segmentation & isolation.
The CDW Management Platform is purpose-built, where we can automate all kinds of processes. We can have hundreds of these environments, one for each customer and put in whatever services the organization contracts for. Even when the customer’s environments don’t talk to one another (for example, a different cloud for manufacturing and HR), we can manage those departments at a cost-benefit, by setting up a second BMN and Avatar pairing and still have secure separation.
We can dynamically size the environment behind the base node management on the size, complexity and services the customer needs and that complexity is all hidden. As we collect data and respond to policies defined for each managed device, we could have one science logic collector or 10 science logic collectors. The automation with the BMN makes the complexity invisible to the customer.
The Highest Level of Encryption in Every Environment
Our BMN and Avatar method of connectivity runs on Advanced Encryption Standards (AES), a symmetric block cipher algorithm with a block/chunk size of 256 bits—the strongest encryption possible. All connectivity is funneled through the BMN and Avatar pairing. In fact, we apply two levels of encryption since data crosses through point-to-point SSH tunnels routed between the Avatar and our connection head-ends.
There are not varying levels of security compliance across the CDW Management footprint, either. It is not worth the risk for us to maintain lower security operating environments. We treat all enclaves for all customers with the same high level of security, and we’ve designed the enclaves to run isolated in order to protect our customers.
Finally, we’ve minimized risk because the only thing at the customer location is the Avatar, which doesn’t store data. If the customer were to lose an avatar, there is nothing to fear because the Avatar alone is not special. There is no data on it that would be valuable to anyone, so CDW would deauthorize it.
Summary
With this new patented process, CDW’s Amplified Service can save organizations time and money by automating services that require frequent attention. The security applied to this framework is bar none and allows CDW IT service engineers to scale processes when needed to keep operations running smoothly.