With a quayside that is almost three kilometres long, the MSC PSA European Terminal (known as MPET) is the major port terminal of Antwerp. The main activity is the loading and unloading of huge container ships, so it is crucial that the IT systems are always working. For this reason MPET has two fully mirrored data centres. If there is a malfunction in one computer room, then the other one automatically takes over the work. MPET relies on SpotIT to ensure the availability of the IT network.
Network under control
"Years ago we decided to outsource our network services," says Tamara Lievens, ICT Assistant Manager at MPET. "Technology changes very quickly and as a specialist you have to constantly update your certification. SpotIT has this specialized knowledge and keeps up to date with regular training. Assigning this task to them has allowed us, as the internal IT department, to focus on other areas and create added value elsewhere. The work they do is important for the smooth running of our services: if our truck handling at the gates stopped working for an hour, there would be a queue of trucks all the way to the Antwerp ring road."
SpotIT manages MPET's entire network architecture: two core switches in the respective data centres, six distribution locations with about 150 Cisco access switches for the LAN network, and 90 access points for the wireless network. Equipment such as portable scanners and straddle carriers (container cranes) can communicate completely wirelessly.
"The consultants from SpotIT advise us on our network architecture and products based on our IT policy. They also take care of the installation of systems and advanced monitoring. Our internal service desk provides first-line support during office hours and afterwards an external service desk takes over. In both cases SpotIT acts as a system guard, providing second-line support for the technical error reports from our network devices," says Jan Cuppens, Director of Technology and Projects at the port terminal company. And these system guards have already been doing this for a number of years.
"They configured our entire network and then managed it for years as employees of our previous IT security partner. You don't want to lose that knowledge. When SpotIT was set up, we assessed the risks and in the end we decided to follow them to the new company. It's true that we used to outsource the network management to larger companies, but ultimately they were also small network teams in a larger IT group. Seen in this context, the small size of SpotIT wasn't an obstacle for us," says Cuppens.
Automatic authentication of known devices
MPET took on two partners to look after the security of the entire IT infrastructure, with SpotIT taking care of the network. MPET uses the next-generation firewalls of Palo Alto Networks, combined with RADIUS authentication servers. Only authorized devices have network access. MPET will soon extend the authentication with Cisco's Identity Services Engine, in consultation with SpotIT. This will make it easier to determine who wants to connect to the company's network, in what context this is happening and what data you want to release to that device.