Network Maintenance at the Josefs-Gesellschaft
Network monitoring with the Allegro Network Multimeter in the social enterprise
Network analysis in hospitals, care facilities and senior centres
Josefs-Gesellschaft gGmbH is a Catholic provider of facilities which include senior centres and hospitals for people with disabilities. With over 10,000 employees and around 39 associated companies nationwide, the Josefs-Gesellschaft is one of the largest social enterprises in Germany. The organization's services range from housing, schools, vocational training and workshops to medical and nursing care. Everything comes together at their headquarters in Cologne. This is also where the central computer centre is located, as well as the backup computer centre two hundred metres distant, in which all important data is mirrored for security reasons.
VPN lines connect over 80 locations
The regionally distributed locations are primarily connected to the data centre in Cologne via VPN lines. The two Cologne data centres are interconnected with several 10 Gigabit pipes. Achim Kaufmann, IT Infrastructure Team Leader at the JG headquarters is responsible for the planning, expansion, stability, speed and reliability of the network among other things. This is why he likes to identify bottlenecks early on before a connection becomes overloaded or fails. He is advised on system and hardware issues by the analysis specialist GORDION, which supervised the project from consultation to implementation.
What if a connection fails?
If a VPN line in a hospital were to fail, access to the in-house cloud data centre in Cologne would be temporarily cut off. A hospital could continue to operate offline, but the documentation would be forced to fall back on paper which would make the process longer, more laborious and more complex.
Prevention is better
In the past, to detect connection bottlenecks, the JG group used a cumbersome network analyzer with a built-in monitor in addition to Wireshark hosted on laptops. When the long-term contract for the expensive device expired at the beginning of 2019 and the American vendor was sold several times within a few years, Mr Kaufmann looked around for new solutions. From freeware and appliances to distributed monitoring systems on multiple servers, everything was included. In the end, the choice fell on two stand-alone network analyzers from the measuring instrument developer and manufacturer Allegro Packets, an Allegro 200 and an Allegro 1000.
Allegro 200 analyzes 2 GBit/s traffic - the Allegro 1000 analyzes 20 GBit/s traffic
The small Allegro Network Multimeter 200 is hardly bigger than a smartphone: It weighs only 260 grams, but has 2x 1000Base-T connections and can analyze network throughputs of up to 2 GBit/s. The internal database has a capacity of 2 GB. An external hard drive or SSD can be connected via USB3 as a packet ring buffer to enable continuous LAN data capture. With the Allegro 200, the JG network technicians prefer to analyze the networks in every one of the 80 locations. This is much more travel-friendly than the previous US appliance.
The Allegro Network Multimeter 1000 is not much bigger than a laptop and, depending on its configuration, can fit into almost any briefcase weighing in at 2 to 4 kilograms. The Allegro 1000 has up to 7x 1 Gigabit and 2x 10 Gigabit Ethernet copper ports plus 2x SFP+ fibre optic ports. The maximum throughput is 20 GBit/s. The RAM memory is configurable from 16, 64, or 128 GB. It can also be used to measure the fast 10 G connections between the Cologne data centres.
Distance measurement for provider control
A first use case within the Josefs-Gesellschaft is path measurement, which the IT department used to clarify whether a connection has bottlenecks. It does not matter whether it is located between two data centres or between the headquarters and a facility. If there are bottlenecks, you want to clarify whether these are caused by your own applications or provider capacity issues. Let's start with the latter.
Verify connection overbooking in the MPLS network
For example, if an Internet service provider in its service level agreement guarantees that the leased MPLS line will provide 50Mbit/s non-stop from endpoint to endpoint with 100 milliseconds latency, this can be verified with two Allegro Network Multimeters - in fact passively. Previously, you had to actively connect a device to the line in order to generate the necessary load. But if the connection is already overbooked, you cannot send a large continuous load on the line. If another customer of the same provider then runs a large backup over the same route, the line may suddenly become congested. If the other customer makes a backup only once a month, the active test would have to run for an entire month before the disrupter would be noticed. Line overbooking in an MPLS network is not unusual in general, but it is difficult to prove this to a provider in concrete terms. The solution: Two Allegro appliances can passively measure at two locations, capture the packets at both and finally exchange the checksum. Explanation also in this video.
Achim Kaufmann commented: "Allegro Packets gives us the opportunity to measure the connections on miscellaneous end devices without any great effort. I can simply connect the Allegro 1000 and the Allegro 200 passively in the communication path and immediately see what is happening on any port. For example, I can read that of the 100 percent packets transmitted, 99 percent arrive at the other end in less than 100 milliseconds."
Measuring 10 G distances between data centres
The data centres in the JG group have a redundant configuration. That means, “we have two fire compartments. The individual data centres are separated from each other by around 200 metres and are connected to each other with four 10 Gigabit pipes.” said Kaufmann. “I can monitor and measure these distances individually with the Allegro 1000 series. The data centres are both located in Cologne. We have one fire compartment in our central building, the other is in one of our hospitals. The two data centres are mirrored on the storage level."
Monitoring backbone connections
The stability and fail safety of the backbone connections are very important, said Kaufmann: “We recently upgraded the Allegro 1000 to 10 G. I can now use it to monitor my backbone connections. We have two redundant routes to the primary data centre and we have two building entrances from Telekom that take completely separate routes. However, our associated companies are not as well equipped with high speed broadband. In the end, that's just a question of cost."
Path measurement between headquarters and hospital
Connection quality analysis is all the more important. The Allegro 1000 is in the Cologne data centre and the Allegro 200s are in the 80 locations, around one of the eight hospitals. Kaufmann said: He explained: "Our associated companies use resources in our central data centre in real-time. If, for example, hospitals were cut off, they would no longer have online access to the hospital information system, payroll accounting and care administration. In the end, they would be unable to document in real-time, but would have to enter their documentation retrospectively. In other words, write everything down by hand and type it in later." This is another reason why connection monitoring is "almost as important as data backup: you should do it regularly as a precautionary measure and not only after something has already happened."
Highly compliant data protection
A network monitoring process must take data protection into account. But what is certain? Freeware? Systems distributed in the cloud? Who wants to put their hand in the fire? With Allegro Packets, Achim Kaufmann has no sleepless nights: "It is highly compliant from a data protection point of view. The data is only stored on the Allegro appliance which is under the control of the IT department. The data is also volatile. That means, if the appliance is stolen, the result is power gone, data gone! For example, if you want to capture data on site with the Allegro 200, you can set up an AES-encrypted external hard drive. If you do not know the password, you cannot access the captured data. Under the hood it is a Linux LUKS container which is considered safe. Other monitoring systems send measurement data to the central server over the network, for example via NetFlow. If you can get access to this server, you are practically in a data paradise and see everything at a glance." If in doubt, a stand-alone appliance is more secure than any cloud.
Advantages for Josefs-Gesellschaft at a glance
- Ensuring network stability
- Passive route measurement for provider control
- Monitoring of backbone lines
- Continuous quality analysis of the lines
- Deployment at all locations
- Data protection-friendly