How we transported the data center of a western company in the Russian Federation because of the law on persdanny

    Foreign companies have a very simple story with IT infrastructure: as they grew up in the West, everything remained there. In Russia, as a rule, there are not even engineers, and all services are provided from somewhere from Ireland, Frankfurt, Boston or other cities where the parent organization and its data centers are located.

    The situation changed dramatically after the entry into force of amendments to FZ-152, stating that personal data of Russian citizens should be recorded, systematized, stored and processed using databases located exclusively in our country. Some companies have decided to raise data centers in Moscow so as not to lose business. In our case, it turned out something like this (some components and names have been changed, since there is a non-disclosure agreement - foreigners, what do you want):



    The difficulties of the sea, for example, are:
    • The complete absence of IT personnel in the Russian office dealing with system migration and managing the entire project as a whole - you need to communicate with networkers from Europe or the USA and developers, for example, from Shanghai.
    • It’s not enough to raise the proxy structure - you really need to actually process the data in Russia. And, therefore, in Moscow (or in another city, but, as a rule, the action takes place in the capital), an instance of CMS, mail, application software for working with sales, accounting and so on should be deployed.
    • It is necessary to transport all this quickly and without significant downtime, and then also support it in terms of infrastructure (in this case, the “native” IT teams support the stock).


    Formulation of the problem


    Firstly, it was rather difficult to formulate an exact technical task. And in general to understand what and how to do it. The specifics are very simple - in Russia there is an office that deals with commerce, not IT. And if for us CMS, ERP, document management and the mail server are two different things, then from the manager’s point of view it is one and the same system. Therefore, the Russian representative of the company acted exclusively as a legal entity with whom a contract was signed. Absolutely all negotiations took place with foreign colleagues. Even the contract was in two languages. In the beginning, their specialists came on an excursion to our data centers: their IT vice president as guests, our tops as tour guides.

    Secondly, geography.Site and administrators in one time zone, developers in another, we in the third. There was no language barrier, fortunately, the entire IT world speaks English, and even with the Chinese side there were no misunderstandings.

    Thirdly, it was necessary to understand what PD is inside their information exchange, that is, to connect lawyers. As a result, the lawyers concluded that the PD for this company is any data by which a person can be identified. It included the storage and processing of full names, photographs, various indirect signs such as a place of work indicating the position, address of accounts in social networks. At the same time, Twitter addresses with nicknames are not PD. By the way, we conducted a small educational program not so long ago .

    It is very good that we had a lot of initial data. The story about the move is this: the less input you have, the more expensive the decision. You mortgage the most expensive product that can do everything, the most expensive licenses - but you can not win the competition, because the customer will not like the price. We spent our time - showed that we can figure it out. And it turned out much cheaper for the customer.
    As a result, primary transfer tasks and secondary ones for certification and certification were formed. The story is that the regulator will first look at companies with a foreign background - where is their data. If abroad, locking can be done much faster than transferring systems. And the second question that requires a deeper thoughtful digging is the certification of system elements. In our practice, nobody solves these issues at once. First, moving, then checking everything on the ground, then the rest. These are two different projects.

    Part A - moving - took six months from the first contact.

    Stages


    First, we provided a test zone of several virtual machines for which the customer performed the so-called proof of concept. CROC performed the task of an infrastructure provider - servers, storage systems, a network.

    Customer representatives made test transfers, checking how the connection is established, how fast the data is transmitted, how to deploy the systems inside what we provide. Roughly speaking, we studied tools.

    Then it was received and installed military equipment. At this point, the transfer of real systems began, but without transferring the actual load - in order to see that the systems are working, load tests were performed. Then he went to downtown at the weekend.

    Infrastructure


    Communication was needed with three data centers, therefore, they worked closely with foreign colleagues in a bundle. Apart from the difficulties with time zones, everything went smoothly and at a very high level of understanding.

    As a result, we completely created the infrastructure for the Russian site, and the customer uploaded data to it on our own under our supervision in case of surprises. Our part is infrastructure to the level of OSes and virtual machines. Addressing was agreed almost immediately, with our network architect working side-by-side with their architect. Internal addressing is fully consistent with their original network. Russian public addresses - because our channels are already used.


    The simplest case is a backup scheme.

    Useful Data Collection Lesson


    At first glance, the project seems quite simple - they say it’s business to collect here what the customer has in Europe. The customer also has these services in different data centers, plus they immediately wanted to evaluate the subsequent modernization - and all these requirements do not always fall well on “just transfer”, it is necessary to explain and find out.

    The identification of infrastructure requirements and the approval of the terms of reference took half the time of the order, that is, almost three months. It was possible to save time very well due to the fact that we were able to compile special questionnaires in the form of a list of closed questions (“yes” / “no” or 3-5 options) - in order to clearly receive information from the customer. Before that, there was an experience with open-ended questions at a similar move - and the answers were such that I had to go into two more iterations. Here we received quite a lot of information initially and could offer our own options.

    In most cases, this approach justifies itself. But in a couple of places we caught the nuances, which in the end made migration a little more difficult - despite the increased labor costs, we did it at our own expense, because we ourselves chose the approach with a closed questionnaire.

    Plus local features, of course. For example, we agreed on the dates with the battles - foreign colleagues do not always represent the actual delivery dates for equipment. They do not understand that it is not always possible to bring something specific to the Russian Federation. Prices are not like ours - they are generally different with us, and what is more expensive in Europe may turn out to be cheaper with us. Or vice versa.

    What we were surprised at was their perfect scrupulousness in everything as regards existing standards and rules, often written about 10 years ago. For them, all this works for an honest 100 percent, and not for 20-80, as we often see inside Russia. We consider any rule of the standard as some useful recommendation. They have it like an iron barrier.

    Or here is a migration plan. Our online edits are done just by call, but it doesn’t work for them. It is necessary to register, attach the scheme, then send letters and wait for Monday. No overtime. They are used to working measuredly, slowly and high, but for five plus.

    We also did not always see their structure: at the stage of communication, you do not even always know with whom exactly you are communicating. And you think - ok, agreed, tomorrow they will give requirements. And this person in Ireland, the iron in America, has his own IT team, with whom he has yet to coordinate everything, and they must show the team team project in China. While the letter with the answer will pass - at least two days due to time zones. There are many separate business units, and each technical department has its own Wishlist, especially for the future. Alignment with 10 people in the copy is perfectly normal.

    Or, in general, a plague example: updating the firmware of a router - the IT chief decides for us, and they have all these 10 people at once, and the developers of the butt also enter there.

    Implemented on their own, later the customer contacted us for support not only at the infrastructure level, but also at the operating system level.

    Now they have the next step - disaster tolerance. We offer - there are two of our data centers, between them are thick independent channels for synchronous replication. We are ready at any moment to switch or recover, in other words, build any solution to them.

    Total


    We agreed about the downtime for switching, postponed it in 32 hours (most of the downtime is the final data synchronization and production tests), coordinating the work of all the teams. Now the system has been working flawlessly for several months now. Briefly, the story went like this: installation of iron, assembly, testing, rolling infrastructure software, raising virtualization, initial configuration, maintenance and implementation of their systems, more tests - then the customer team was included. Sometimes they asked us to help with our tasks, for example, on butt performance tests, we picked along with them, looking for bottlenecks in the infrastructure. We have a lot of all kinds of services, yet we are the first in Russia in terms of IT infrastructures. Here they are all boldly and used to the common happiness. Their networkers looked into the project just a couple of times, and then, when there were drawdowns on international channels, all the rest of the time no one but the applicants participated in the operation. After the introduction of 2 weeks, we were in a mode of enhanced support, that is, every day we discussed statuses and minor improvements with their specialists. Now we provide the infrastructure: servers, storage systems, networks, balancers, information security devices, virtualization, backup system. Plus, all this in fault tolerance mode is reserved in the second data center, due to which the SLA is 99.9% for all levels of infrastructure. IB devices, virtualization, backup system. Plus, all this in fault tolerance mode is reserved in the second data center, due to which the SLA is 99.9% for all levels of infrastructure. IB devices, virtualization, backup system. Plus, all this in fault tolerance mode is reserved in the second data center, due to which the SLA is 99.9% for all levels of infrastructure.

    References



    Also popular now: