PETRONAS ICT Adopts Cisco's Software Defined Access
PETRONAS ICT Adopts Cisco's Software Defined Access:
The first organization in SE Asia to use this solution for secure, agile and business-ready networking.
PETRONAS ICT SDN BHD
Size: 1,600 employees
Industry: ICT Provider
Headquarters: Kuala Lumpur, Malaysia
Petroliam Nasional Berhad (PETRONAS) is Malaysia’s national oil company. It operates in more than 20 countries and is among the largest corporations on Fortune Global 500.
PETRONAS’ vision is to become the oil and gas company of choice.
PETRONAS recognizes technology as key to its ambitions - technology that enables innovations that matter, growth, and added value for stakeholders.
PETRONAS ICT delivers mission-critical, innovative and secure ICT solutions that operate across 140+ sites in 65 countries, and support more than 51,000 employees. These capabilities include workplace services, enterprise applications, business applications, ICT project services, and 24 x 7 ICT support for PETRONAS.
In its drive for operational excellence and higher productivity, PETRONAS ICT identified the following challenges:
1) Security Vulnerabilities
In an era of mobility and IoT, managing network access for users and devices in the PETRONAS network is a big challenge. There are constant changes. Meanwhile, ad-hoc manual changes to configurations lead to inconsistent security across networks and added vulnerabilities.
2) Intermittent Network Glitches
PETRONAS ICT wants to further limit their already low (2-3 per month) frequency of network glitches.
“The frequency of network glitches was never a matter of concern. But imagine if you have to submit a multi billion-dollar tender at a fixed time and that is exactly when the network doesn’t work. We can’t afford to have any downtime, and rely on time-consuming, error-prone manual fixes.” said Hafizan Habeeb Rahman, Head of Business Function - Infrastructure at PETRONAS ICT.
3) Time-Consuming, Complex Network
Deployment & Configuration
The deployment and configuration of devices was lengthy, arduous and inefficient.
For example, it took up to 2 months to deploy and configure switches in the Twin Towers, which have 88 floors. Upgrading configurations across the company could take more than 6 months. The traditional methods used for policy administration are difficult to implement and maintain. And it is a daunting task to implement network policies based on user/device identity.
4) Excessive Manpower Cost
Deployment, configuration, testing and maintenance were handled manually. This meant a large pool of engineers was required at all times. Human interaction led to excessive man hours and high operational cost.
5) Non-agile Networking Hampered Productivity
PETRONAS ICT strives to provide a high-quality communication experience to optimize staff productivity. But it was difficult and time-consuming to tailor configurations.
Changes in quality of service took several months to plan and implement. Meanwhile, the lack of implementation caused performance issues in business-critical applications.
6) Slow Resolution of Issues
The significant size and complexity of networks under the current network paradigm meant that when a failure occurred, pinpointing and resolving the issues could take a lot of effort and time. This was because a large amount of data collected from multiple systems was not properly correlated.
The Mission to Build an Agile, Reliable and Secure Network
Recognizing the challenges above, the Infrastructure team began a mission to build a new network. PETRONAS ICT presented their issues and expectations to Cisco.
The Cisco team proposed the Cisco Digital Network Architecture (DNA), an open, extensible, software-driven network architecture. PETRONAS ICT was particularly interested in the Cisco Software-Defined Access (SD Access), a new network architecture built on the principles of Cisco DNA.
Find out more in the next section.
Cisco Software Defined Access (SDA)
Cisco Software Defined Access (SDA)
Cisco SDA makes building and managing networks faster, easier and improves business efficiency. By decoupling network functions from hardware, SD-Access ensures policy consistency, enables faster launches and significantly reduces issue resolution time and operational expense.
PETRONAS ICT seized the opportunity to adopt this technology as a networking solution for the future. The following section discusses how Cisco SDA addresses the challenges mentioned earlier.
Watch the Cisco SDA Overview Video
1) Network Security
SD-Access allows organizations to set up and enforce automated access and consistent security policies across the network. This allows users, devices, and applications to be segmented in an automated, policy-driven way. Pre-tested identity-based security policy will be applied consistently to all users and devices, irrespective of the sub-network they are connected to. This will significantly bolster the network security.
For example, if there is an unauthorized manual change to a network device in the PETRONAS network, Cisco DNA Center is able to detect this change and enforce pre-defined policy by reverting the configuration to the original one.
Cisco SDA provides you network speed, security, and peace of mind
2) Network Availability
The tasks of configuring and provisioning network devices in a traditional network architecture are highly laborious, repetitive and prone to human error. By using artificial intelligence to automate these tasks, Cisco SD- Access minimizes the human errors, thus dramatically improves the network availability.
"Since we deployed Cisco’s SDA network, we have not had any downtime. In the past, we had to tackle 2-3 cases per site per month.”
Hafizan Habeeb Rahman, Head of Business Function - Infrastructure at PETRONAS ICT
3) Deployment and Configuration of Switches: Reduced from 60 Days to 6
Configuring only needs to be done at Cisco DNA Center, a single network management and command center for the Cisco SDA solution. Using automation enabled by artificial intelligence, the configuration and the policy is then applied to tens or hundreds of network devices in minutes, instead of days.
For example, in the past, it took 60 days to complete deployment, configuration and testing in one of PETRONAS twin towers. Now it takes just 6 days with Cisco SDA.
4) Excessive Man-hours: From 2,880 Man-hours to 144 Man-hours
The automation and assurance capabilities of Cisco SDA, have reduced the number of man-hours and related business costs significantly.
The change in project implementation cost per project has changed as follows:
6 people reduced to 3, 60 days reduced to 6, and MYR 720,000 reduced to MYR 36,000.
PETRONAS ICT has been able to reduce support/maintenance staff over the years to 10 people only due to automation, assurance and intent-based networking.
Non-Agile Networking to Agile Networking
Changing business needs mean users require PETRONAS ICT to be agile and build solutions that meet new needs.
Cisco SD-Access allows PETRONAS ICT to roll out new services and applications or new branches faster with efficiency and optimal experience
Read the Cisco Software-Defined Access At-a-Glance
“Cisco SDA has a lot more to offer than we have currently leveraged. We are now working on creating user profiles with the data and knowledge from Cisco SDA Network which allows us to cater to individual user’s network needs. For example, there are various kinds of users when their day to day work may require them to work on an application from a corporate office versus a mobile user versus a user who does drawings for oil drilling locations etc.
To optimize the network we will create 5 -6 user profiles and allocate them to individuals. This, in turn, will optimize the network bandwidth," says Hafizan.
"These user profiles can be designed to manage/restrict access to various applications and users will be able to plug in from any site to work within their granted access."
Hafizan Habeeb Rahman, Head of Business Function - Infrastructure at PETRONAS ICT.