Case Study: IT Management for a Mining Corporation
In August 2017 our client, a mining corporation, requested we put in a proposal to manage their IT.
From that proposal they engaged us to take over the management and support of their IT, Infrastructure and Telecoms from their existing provider, who didn’t meet expectations.
A successful medium-sized mine, our client turns over nearly one billion AUD per annum. At their large open-pit site they operate more than 20 different mining-specific software systems. Their complex network requires wide area coverage as well as multi-site connectivity. Smile IT quickly learned and understood the business needs and internal operations of their systems. This allowed us to provide reliable, solutions, a world-class first line of support and consistent uptime to their business-critical systems.
Our first step was to perform a full IT audit of their existing infrastructure. We leveraged our enterprise-grade auditing and scanning software (backed by Solarwinds) and found an IT system in dire need of governance, control and structured upgrades. Using our experience with ITIL and COBIT governance frameworks, we identified 18 areas of concern and broke those areas down into streams and projects. This would allow us to tackle the task in smaller steps, not affecting the uptime which is crucial to our client’s operations.
Some of the issues we identified were:
• There was an offline and limited induction solution
• A lack of data governance, with permissions in a very bad state
• Data was segregated across eight devices
• Ageing and dissimilar end user hardware
• Six-year old failing servers
• Slow internet and data link, and a complex WAN and data centre
• Unreliable IP phones
• Faulty site replication
• Major internal networking issues
• Network security vulnerability
• Failing backups
• No DR solution
• Software, licensing, inventory and documentation
• Improved long range PTP Links required
• Limited telematic vehicle monitoring coverage
• Unworkable server rooms with messy cable setups
• Slow core network and backbone
• Problematic perimeter security with boom gates
• Outdated informational projectors and training screens
In our proposal to our client, we suggested a number of improvements we could implement to their current system.
Problem: Lack of Data Governance
Smile IT proposed running a full audit on the existing Data. Part of this governance audit would be to identify levels of importance placed on different data sources, identifying where the existing data lives and how secure that data currently is. This would include interrogating existing permissions across 32,000 folders as well as group policy controls.
Problem: Segregated Data across 8 storage devices
Due to poor planning and control by the previous provider, multiple servers had run out of space. They purchased cheap consumer grade NAS devices as a solution, creating more than eight independent storage devices which lacked a robust backup.
Our proposal was to implement an enterprise-grade storage solution that acts as a single ecosystem, allowing for easy scalability, growth, disaster recovery and replication.
Problem: Six-Year Old Failing Servers
The previous provider had allowed the servers to age past their five-year warranty. Multiple drives were in a failed state, internal dust levels were at a maximum and all servers required upgrading. Our proposal was to shift all data to the enterprise storage in the above point, thus alleviating the immediate risk of losing data on one of the eight storage devices. The second proposal was to replace all of the servers with three physical servers at three different sites, which allows for redundancy.
Problem: Slow site to site replication
Smile IT proposed to implement Riverbed or SilverPeak WAN acceleration technology. This would improve inter-company site to site speed across the WAN.
Problem: No Disaster Recovery Solution
Our audit discovered that our client had no live disaster recovery solution in place. Our server and storage proposal allowed for a hot site that would become a live DR in the case of a disaster.
Once our client had engaged us with the task of managing and improving their IT setup, we quickly got to work tackling the issues we identified. This is how we went about it:
Problem: Offline limited onsite visitor induction system
Our clients induction system comprised of a PC at the front desk of the admin building at the entry of the mine. Visitors would sign up on a computer, then watch a four-minute video. This created a backlog at the front door and time wastage onsite.
Solution: Develop an online induction reporting to relevant staff
Smile IT developed a web app and moved the whole process to being online. Visitors can now pre-register online prior to arrival with a card ticket that’s printed at the end. Our software app automatically updates an electronic register that relevant onsite employees can view anytime to see who’s visiting.
Problem: Ageing dissimilar end-user hardware causing loss in productivity
In our initial audit we identified a mix and match of very dissimilar hardware. Some of the end-user PC’s and laptops were consumer grade with no warranties, and there were multiple brands across the organisation.
Solution: Rollout of standardised business grade laptops and desktops
We recommended the Dell line of business computers. Dell have a great support team in Australia, all of their hardware is tested thoroughly, and they will usually send onsite techs to fix hardware issues. We rolled out a mix of 40 new Dell laptops and desktops, all with three-year warranties and SSD drives. This created a faster and more productive user experience, and limited support issues because of the similarity of the hardware.
Problem: Slow internet and data link, and a complex WAN and data centre
After our audit we found a very complex data path between private sites all routing through a 4mb WAN link going through the Data Centre. This was responsible for the slow internet speeds.
Solution: Change the private data path, eliminate the data centre, enable site to site VPN
We immediately engaged Telstra to eliminate the data centre, moving the private servers to the new office with a 200mb link. We then routed all of the mine traffic directly through the 10mb link and away from the 4mb bottleneck. This allowed for 2.5 times the throughput speed and saved nearly $100k per annum. Currently there is also a 50mb mine site fibre link in the provisioning stage.
Problem: Unreliable and expensive IP phones, limited conferencing capabilities
The Telstra TIPT solution was being used. Phones were consistently cutting out if they worked at all, and call quality was poor. We identified this as being caused by the over utilisation of the 4mb link. Telstra TIPT is a very expensive solution requiring a bandwidth stream for each endpoint.
Solution: Install SmileTel BroadSoft phone solution and CP960 conference phones
We implemented a 4G data connection and moved all phone traffic to the 4G data link, freeing up more bandwidth on the 10mb pipe. We also installed CP960 conference phones to all of the organisation’s common meeting areas, allowing for seamless conferencing. Smile IT’s BroadSoft phone solution comes in at a third of the price of Telstra’s option, and has considerably more features. The biggest benefit, however, is that we supply IT and Phone support and solutions, meaning there is one point of contact to solve whatever issues arise. Support queries are solved quickly and efficiently, and we estimate the financial savings to be circa $30,000 per annum.
Problem: Faulty site to site file replication
Files were not syncing properly between sites, often disappearing altogether or randomly reverting back to past versions. Continuous strange behaviour from Microsoft Directory Sync was being displayed.
Solution: Fix Microsoft DFS and implement solution to Microsoft Best Practice
Smile IT reviewed all DFS servers and domain sync event logs. Our engineers reimplemented best practice DFS policy. We changed the policy to suit the bandwidth and implemented schedule-based syncing.
Problem: Major internal networking Issues
We found numerous issues with the existing VLAN’s and DHCP. Due to personnel devices being allowed to join the main network IP addresses were running out and all the bandwidth was being taken up.
Solution: Fix existing VLAN’s, implement guest VLAN’s
Smile IT implemented a guest VLAN and Wifi network. All personnel and guest devices have been moved to that network, where the bandwidth has been limited to prevent over-utilisation.
Problem: Open network with weak security
Multiple common ports were open, including the remote desktop port. This was the previous IT provider’s way of giving external contractors and suppliers access to the servers to provide support.
Solution: Close off all ports and lock down network
We immediately locked down all ports and implemented a policy where the remote desktop port is only open to specific IP’s. The IP’s of necessary external contractors were obtained and placed on the ‘allowed’ list. This will eliminate hack attempts.
Problem: Failing and Weak Backup Solution
The previous provider had random backup solutions which varied across servers. Our audit found that two of the main data servers had not backed up successfully for over three months.
Solution: Implement robust backup software and new backup policies
We immediately identified this as a high-priority critical problem. We implemented Shadow Protect and robust alerting on all servers and started backing them up immediately.
Problem: No documentation, inventory details or software licensing control
We inherited very limited documentation from the previous provider, most of which was out of date and incomplete.
Solution: Build an extensive documentation archive
We embarked on a long journey of documenting every single aspect of the IT Infrastructure. This included documenting multiple network topology maps as well as systems, software and processes. Devices as far reaching as the dumper trucks on the Mesh network or the fuel trucks supplying fuel stats were all included. We also did a site inventory of everything including installed software, which gave us an overall position on software licensing. This would make it much easier to deploy requested software packages.
Problem: Long range backhaul links to pit and other areas unreliable
The cambium links were old and faulty. We found one of the links to be on the 900MHZ band, which effectively deems that link as illegal.
Solution: Help implement new network and links
We worked with a third-party contractor to remove the old links and replace them with Ubiquity AC 700mb throughput. This would result in no more network dropouts and much higher throughput between remote sites.
Problem: Limited telematic vehicle monitoring coverage
Solution: Join two Mesh networks together
We joined the two existing Mesh networks together, moving the vehicles and equipment tracked by Banlaw onto the Wenco Mesh network. We created the relevant static IP reservations, allowing us to extend the network for fuel tracking into the pit as well as around the admin building.
Problem: Unworkable server rooms with messy cable setups
The server sites were basically a mess. There was also a physical security risk because contractors sharing the rack space had direct access to our client servers and networking hardware.
Solution: Install new rack at two server rooms, move gear and tidy all cabling
Smile IT immediately started a major clean-up process. New racks were installed, cabling was re-routed, everything was labelled, and sites were secured with lockable doors and racks.
Problem: Slow core network and backbone
The existing network design had eight switches came back to a 24-port basic procure switch. This meant all of the backbone was being bottlenecked between 100mb and 1000mb. We found big spikes and major network slowdown because the core network switch was not able to handle the load. To add to the problem, all of the core network was older and slower equipment.
Solution: Install a new fibre core network and replace old networking equipment
We replaced the core switches with three 16-port fibre switches connecting to eight other standard switches. All of the backbone was now fibre connected, and we found an immediate increase in network speed and higher throughput capability.
Problem: Faulty perimeter security with Boom Gates
The main entry boom gate, essentially the security entry point to the mining site, would stop working at consistent intervals.
Solution: Install network and switch to monitor and control gate
Our solution was to install a networking switch and cable the gate into the main network. This provided a reliable network to the boom gate, which fixed all the communications with it and in turn fixed the security and entry.
Problem: Outdated informational projectors and training screens
Solution: Install commercial large panels and NUC PC’s
Smile IT were asked to recommend a better setup than the current projectors. Our client provides a large amount of training and safety information communication, which is critical to their business. We installed five large commercial Sony Panels across the site, each with a dedicated micro-PC providing source to the panel. Additionally, we installed Air Parrot software to allow for screen mirroring and session recording.