Customer Story

Swiss Tropical and Public Health Institute

While the scientists and consultants at the Swiss Tropical and Public Health Institute (Swiss TPH) are working to make the world a healthier place, Icinga checks the health of their IT systems.

Swiss TPH is a world-leading institute in global health with a particular focus on low- and middle-income countries.

Associated with the University of Basel, Swiss TPH uniquely combines research, education and services at local, national and international level. The institute aims to improve the health and well-being of people through a better understanding of disease and health systems.

The three strategic goals of Swiss TPH are excellence in science, taking science to impact, and mutual learning for sustainable development. With Icinga they redesigned their whole monitoring from scratch and now monitor everything – from Linux and Windows servers to network and storage systems. From components in their laboratories in Switzerland to clients of employees working remotely on projects and studies all over the globe.

More than 900 employees and students work at Swiss TPH focusing on diseases, environment, society, and health as well as health systems and interventions. The institute’s expertise spans from the bench to the field, from basic to operational, from molecular to spatial, and from genes to health systems.

Swiss TPH is receiving 24% of its annual income of about 90 million Swiss francs (about 90 million USD) from the Swiss federal and two cantonal governments and the University of Basel. The remaining 76% are acquired through funding agencies, foundations or clients. Swiss TPH currently runs 262 projects in 133 countries worldwide.

The Challenge

{
When we moved, we said: Either we patch the system and see that we get everything in there. Or we look for a new solution and build everything from scratch. And that’s what we did.

Stephan Berger
ICT System Engineer
Swiss TPH

A fresh Start

Until January 2022, Swiss TPH used to be located nearby the University of Basel. Then Swiss TPH headquarters moved to a new building in a life-science hub just outside Basel. “We used to have a lot of services from the University of Basel. Now we do a lot of things ourselves,” says Floriano Brogna, Unix-/Linux-Systemadministrator at Swiss TPH.

“During the move in 2021 we built two new data centers and mirrored our whole environment,” explains his colleague Stephan Berger, ICT System Engineer at Swiss TPH. “We pulled a normal storage system with a vSphere cluster across both data centers. We now run all our servers on it as virtual machines.”

Moving meant many changes and challenges for the institutes´ IT team, but also a great chance to rethink and redesign their infrastructure and their monitoring. The monitoring system is only as good as it is maintained. And with the old one in the former building, they were not quite satisfied.

The Solution

Distributed Monitoring

The Systems Engineers already knew Icinga and liked that the monitoring system is running on Linux and that it’s open source. “A requirement was that we could monitor Windows and Linux systems, that we offer something for all worlds,” says Brogna. “Another requirement was that we could map our business processes,” adds his colleague Berger. “The challenge was certainly the whole new network components that we monitor.”

Swiss TPH has 12 ESXI servers in a cluster, two petabytes block storage, another 2,5 peta object storage for backups, 250 VMs on vSphere of which 2/3 are Windows, 1/3 Linux servers. Spanning four floors they run two next-gen networks, all mirrored and linked, all fiber. There are two internal firewalls and around 300 – 350 access points in the building, to have reception everywhere.

 

Network Monitoring

Network monitoring used to be done by the university. The Swiss TPH Engineers rebuilt it with the move to the new building from layer 1 to layer 3 and with Icinga on top. All network components are monitored via SNMP and Libre NMS which is integrated into Icinga.

“We actually monitor everything we have,” says Brogna. There are 38 labs distributed on two floors, where scientists and lab technicians work.

The Swiss Icinga Partner Linuxfabrik took care of setting up Icinga. “That was at the stage when we were completely busy. The Linuxfabrik was able to help us so much, they basically set up Icinga completely on their own.” They wrote many checks that are now part of the basic monitoring. For Linux servers Swiss TPH uses the Linuxfabrik plugins, for Windows servers a mix of plugins and the Icinga for Windows module.

{
You can’t forget the building either. The components in the laboratories, that’s where it gets a bit more difficult. You can’t install an agent there. You must figure out how you get the data.

Floriano Brogna
Unix-/Linux-Systemadministrator
Swiss TPH

Automation and Integrations

In the current set-up the institute has one server running Icinga, one server for the database, one server for the Libre NMS and one for Grafana. Besides these integrations the Engineers at Swiss TPH use the vSphere DB module and the Business Process module.

The solution for staying in the loop with their monitoring is automation. “When we set up a new VM, we deploy the agents using Ansible. The new host is then added to Icinga right away. We assign the checks via service sets, tag the host, and have the service checks on there. We sync with the Director from vSphere an operational propose, get contacts from the AD, and for mining we also have a process,” explains Stephan Berger.

{
We try to automate a lot because otherwise we just don’t get anywhere with the resources.

Floriano Brogna
Unix-/Linux-Systemadministrator
Swiss TPH

Success

{
Icinga is super performant. And it’s clear, structured, and easy to integrate.

Floriano Brogna
Unix-/Linux-Systemadministrator
Swiss TPH

Improving every Day

Swiss TPH perceive the possibilities for automation as the greatest advantage of Icinga. And the Director as a handy tool for that. Besides, they much appreciate Icinga´s stability and that it is flexibly extensible into another system. Up next on their agenda is to bring in log management systems.

“It’s all about building up the knowledge.” That’s how they see it, and that’s what they like about monitoring with Icinga. The Systems Engineers want to understand how checks work, how they can set them up themselves. “We want to make our IT better. Icinga helps us do that. It’s about the mindset: what has come up and how do we make it better? Icinga is a good tool for that.“

The team at Swiss TPH is constantly working on Icinga to improve it every day. If something pops up that’s not being monitored yet, they want to put that into Icinga. The engineers at Swiss TPH benefit from the fact that they can write checks quite simply in Python or PowerShell. “We’re quite happy with that, and of course it’s fun, when you see that such a check is set up and works.”

 

Outcomes

  • Successful restart of an existing monitoring environment
  • Sustainable, highly available and distributed monitoring setup
  • Active monitoring of heterogenous infrastructure and networks
  • Automated processes for many tasks and operations
  • Freedom to extend and improve monitoring with custom checks

Tackle Your Monitoring Challenge

Learn about the basics and essentials of Icinga, and start your own Icinga by following our installation course.

Take a Tour
Get Started