Sodexo Customer TestimonyAccelerating Digital Transformation with Network Automation

Sodexo, global leader in Quality of Life services, serves 100 million consumers each day through its unique combination of On-site Services (food services, reception, maintenance and cleaning), Benefits & Rewards Services (Sodexo Pass Restaurant card, Gift Pass) and Personal and Home Services (childcare centers and concierge services). Operating in 64 countries, the company serves many sectors such as businesses, schools & universities, agencies, governments, health and seniors care.

To support new trends and consumers expectations Sodexo has moved its B2B business models to B2B2C and needed to improve user experience for their customers, consumers and employees, in addition to enabling faster deployment of new apps through Infrastructure-as-Code and automation. Having a consolidated corporate repository and using DNS and IPAM as key enablers was vital for achieving those objectives.

Situation and Challenges Faced

Sodexo works in a context where the ability to offer solutions, not only to operate the contracts signed with Sodexo customers, but also to involve consumers and employees interacting with these customers is essential. New B2B2C and B2C business models were being introduced, whereby employee and user experience would be critical.

At the time, Sodexo wanted to improve user experience – especially for Office365 suite – due to DNS recursion centralized through a unique POP implying CDN related services not working properly. In addition, network managers wanted to keep better control on disparity of information causing limited visibility over the 100 presence points and almost 3,000 applications, as well as restricting automation capability. Addressing these UX and control challenges was key to ensure success of the new business models.

Project Overview

To meet the challenge of enhancing digital services to users and enhance the work experience delivered globally, Sodexo launched a strategic business initiative based on IT, data and digital capabilities. Microsoft Azure was at the very heart of the initiative, providing an agile technology environment for new developments and innovations using trusted infrastructure, AI and data solutions. A network modernization project was initiated to support the Azure deployment, for helping ensure robustness and deployment velocity of applications and IT infrastructure. Due to their criticality to network functionality, DNS and IP services proved to be strong enablers of this digital transformation project.

Solution Implemented

Key to the project was having a central repository for the entire corporation. By using EfficientIP IPAM to consolidate their silos of data into one data lake, Sodexo administrators gained full network topology visibility across their Azure and on-premise environments from a single viewpoint. Blocks of IP addresses could now be delegated to regional teams to allow for local management of subnets, providing flexibility, autonomy and control. The IPAM contains entries combining a rich naming convention including site identification and country, with the associated metadata used to add business activity, exact location and technical contact information. This helped streamline data qualification and control consistency. Some of the on-line business units quickly started using the IPAM in order to reference all their server assets with public and private IP addresses, with automation capability already having been put in place for simplified deployment of VMs.

Automation was also used, together with Infrastructure as Code and the rich IPAM data, for linking with other ecosystem components through API. Sodexo made massive use of metadata on network objects in the IPAM for business links and easy access to information from other IT solutions. Integration with Forescout helped enrich the database with all the topology information from the networks, and Azure cloud integration ensured that Vnet topology was synchronized in the IPAM. In addition, Infrastructure as code was orchestrated with Azure devops suite for all Azure deployment servers and components.

Ensuring service coherence end-to-end was extremely important to Sodexo, so tight integration with the security ecosystem was performed. Security policies could be enforced, based on a topology that was guaranteed to be up-to-date. As an example, API integration was performed between the NAC solution and IPAM to enrich information with business metadata and to provision segments location information.

As well as using the IPAM component of SOLIDserver DDI (DNS-DHCP-IPAM) for improving network control and visibility, the other main use of the DDI was to optimize internet breakout access. Having a single DNS exit point for all the recursion traffic was causing poor performance as it affected efficiency of the CDN. This was overcome by moving to regionalized DNS recursive and authoritative servers.

Main Results

The new consolidated IP data lake has brought Sodexo much more simplified and unified management across their entire infrastructure. Collaboration between teams has also been improved, giving autonomy to local teams while keeping overall control centrally. Florent Trecourt stated: “IPAM has been well adopted by local teams. This ‘single-source-of-truth’ central repository of all the IP-related information has brought greater visibility and control over on-prem and Cloud environments, helping the teams to better manage their assets.”

Having a global repository containing IP “Golden Records” has also led to connection of the management and security silos, by using advanced automation enabled by an integrated ecosystem of tools. That has guaranteed consistency of data being used by 3rd party applications as well as helping ensure configurations are error-free and improving agility for change management. In addition, this automation has significantly accelerated time to service for apps and infrastructure.

Lastly, performance has been improved with the introduction of DNS hubs, helping meet Sodexo’s need to enhance the user experience for IT clients and employees.

Conclusions / Future Plans

EfficientIP DDI is now positioned as a cornerstone for Sodexo’s large enterprise network and for scaling the IT infrastructure. This is particularly valid with regards to control of network foundations, moving towards new Infrastructure-as- Code and DevOps processes/practices to support the global digital transformation strategy.

Azure cloud will be used to host recursive and authoritative DNS servers at regional level. And in order to further advance application automation there is an ongoing study to migrate non-AD technical zones in around 70 locations to EfficientIP DNS. Asset management is another area Sodexo is looking to improve, by making use of EfficientIP Device Manager. And finally, on the security side, the global DNS infrastructure will likely be enhanced with the patented functionality DNS Guardian has to offer.

The ability to use DDI as an IT enabler will most certainly help Sodexo on their path to Lean IT and having an Augmented Network.