The art of a secure server system
Gerealiseerde upgrades:
- Increased speed
- Expanded capacity
- Multifactor authentication using Yubikeys Immutable backups
- Redundancy upon redundancy
The security of áll of a customer’s files. That’s what’s at stake when implementing a new server and network system. It’s a great responsibility that Rob Hendriks assumes with confidence. The Senior ICT Engineer has completed over a hundred projects like this. He shares his insights about the server update and upgrade that Eltra is currently realising for an industrial client and about new techniques to optimize cybersecurity.
“For us, redundancy is
very important, almost finished
the neurotic off.”
Can you briefly introduce this project?
“Together with a colleague, I am implementing a new server and network system for a valued client. This helps prevent obsolescence, enhances capacity, and allows us to implement new security systems. We begin by mapping the existing system, which is not difficult since I installed it myself seven years ago. Then, in collaboration with suppliers, I explore potential improvements. At that point, my role as a consultant ends, and my work as a technician begins. That’s the beauty of Eltra: the entire project is executed by the same small team. If I make a mistake during the design or ordering of components, I know how to rectify it during installation.”
All the equipment has arrived and is ready to be installed. What does the installation process look like?
“The first few days are like unwrapping presents on Christmas. I unpack countless boxes, hang up the new equipment, install all the software, and ensure everything functions properly. Documenting each step is crucial. It allows us to know how to log in next week and provides a clear understanding of the system’s configuration for future upgrades, even seven years down the line. Once the virtual environment is ready, we transfer the data. We start with non-critical servers, which can be taken offline during the day without causing disruptions. Because it’s not an option of course to tell employees that they can’t work for a few days. We transfer the critical servers over the weekend. We begin on Saturday and ensure everything is operational by Monday. Ideally, employees will notice that things are running faster, but not much else. If someone asks me what we’ve actually changed, then I’ve done my job well!”
Do you perform other tasks besides updating hardware and software?
“We’re also implementing several new features to enhance cybersecurity, such as multifactor authentication using Yubikeys. To log in, employees insert a USB stick into their laptops, generating a code. The server verifies whether the code is correct, thereby confirming the user’s identity. Additionally, we’re implementing immutable backups. This is a technique that creates copies of the server that cannot be altered. So, if ransomware blocks access to files, they can easily be restored. This technique has strict requirements: we limit the hardware and software used to just the essentials, minimizing potential vulnerabilities in cybersecurity. This ensures the backup remains unaltered. This technique is still very new, but it is so valuable that I would almost pay for it myself if the client didn’t want it!”
What is important when designing a server system?
“For us, redundancy is crucial, almost to the point of being neurotic. We incorporate redundancy upon redundancy. All servers have dual power supplies, network connections, and controllers. The client has two locations, both making backups on each other’s servers. Furthermore, we create complete copies on external drives. If a drive in a storage device fails, another drive takes over within that device. On top of that, there are two storage devices, so one can take over from the other in case of failure. Whether it’s cyber attacks, faulty components, or even a fire, the client’s valuable data always remains secure.”