Splunk at QTS

Value-added services help gain and retain customers

Overview

Industry

  • Managed Service Provider

Splunk Use Cases

  • Infrastructure and Operations Management
  • Compliance Management
  • Reporting and Analysis

Business Impact

  • Eliminated multiple legacy reporting tools, saving approximately $25,000/year
  • Avoided approximately $400,000/year+ in costs versus Splunk alternatives
  • Avoided approximately $150,000 per year in costs by using Splunk for file integrity management (FIM)

Data Sources

  • Command-line logging from Linux, AIX and other UNIX systems
  • Cisco firewall and Symantec Endpoint Protection (EP) logs
  • Application data from client systems

Download

Success Story
Splunk at QTS

“In this very competitive market, Splunk helps us attract and retain clients, perhaps more than any other solution we use."- Michael May, Manager of UNIX Systems.”
Michael May
Manager of UNIX Systems

The Business

Quality Technology Services (QTS), the largest private provider of managed services and data center solutions in the US, maintains 12 data center locations in seven states, encompassing nearly 3.5 million square feet of data center infrastructure. Splunk helps QTS consistently and effectively monitor and manage thousands of devices, applications, and systems, meeting the performance, compliance and security needs of more than 600 customers.

Challenges

Some of the firm's key challenges include keeping pace with the rapid influx of new customers, managing changes in technology, implementing custom and off the shelf applications and serving customer reporting demands. The ability to consistently deliver high-quality services at any of its data centers nationwide is market differentiator for QTS--but also a continuing challenge due to the distributed nature of the company's vast operations.

Enter Splunk

In early 2008, QTS UNIX group manager Michael May and his team set out to find way to troubleshoot IT issues and provide better IT performance along with improved security across the vast QTS infrastructure. The new solution needed to be able to accommodate client data nationwide, be flexible and scalable enough to deploy on a large variety of platforms, accommodate ongoing data center acquisitions and help meet various compliance needs.

The QTS team evaluated Splunk, LogLogic and RSA enVision over a three-month period. QTS liked the flexibility, easy scalability and cost-effectiveness of Splunk's software-only approach. May noted that LogLogic and RSA appliance-based solutions were far more costly and less flexible.

Breakthroughs

QTS consolidated all of its data logging functions to centralized Splunk indexing systems in New Jersey and Georgia. Splunk forwarders are installed on each event-generating server or device in QTS facilities nationwide. Data is tagged with metadata identifying the host, source and source type before it is sent across the QTS network to the Splunk indexers where it can be used for multiple purposes and to fulfill search requests. Forwarders also provide redundancy by automatically caching data in event of network interruptions or other outages.

The consolidation of monitoring and analysis tools enabled QTS to eliminate numerous legacy servers and associated licenses, saving approximately $25,000 per year. Splunk also enables QTS to view its operation as a single, geographically distributed entity rather than a collection of acquired data centers. While many clients are deployed in two or more QTS environments, Splunk enables QTS to monitor, analyze and troubleshoot client data as if it were a single system.

Splunk's ability to capture and retain machine data and file integrity monitoring (FIM) and alerting are critical in meeting many compliance requirements. The extension of Splunk for use in meeting customers' compliance needs is also helping QTS to save on the additional overhead of a separate FIM system such as Tripwire, May notes. He estimates that QTS avoids approximately $150,000 per year in licensing costs by employing Splunk for FIM.