Cleveland Indians' IT team hits a grand slam with new analytics platform

Oct. 14, 2014
Protecting the MLB brand and customer data are key elements of organizational strategy

A lot more IT happens at a major league baseball park than you might think. In my 18 years of experience on the Cleveland Indians IT staff, I’ve pretty much seen it all.

Nearly 300 full-time employees keep our Indians’ organization up and running 24/7/365 days a year.

The team’s network, not only at the home ballpark, but at the out-of-state training facility and for the scouts on the road, must be fast and secure. Customer data and the Indians’ brand must be protected.

We have a strong technology focus organizationally and believe technology can transform the overall fan experience. However, like all enterprises, security threats are omnipresent.

Our security threats are the same that any organization faces. A professional sports team is an enterprise organization, just in a more exciting setting.

The Challenge

Our Indians’ IT staff of 16 (the largest in Major League Baseball) is constantly vigilant. The Indians’ IT staff monitors the data center operations for the Indians’ facility at Progressive Field, as well as the team’s training facility in Goodyear, Ariz. We are also adding a presence at their minor league facilities and building an off-site data center for disaster recovery. Because baseball seasons are the longest in sports, maintenance such as software installations and equipment upgrades need to be completed in the short couple months of the off-season.

Cleveland is our primary location with an MPLS (Multiprotocol Label Switching) circuit connecting us to our spring training facility in Goodyear and minor league facilities. We have a core network with 24 IDFs (intermediate distribution frames) distributed around the ballpark supporting day-to-day and event operations.

Our network supports many technologies: VoIP, IP security surveillance, digital signage, mobile device access, wireless network, ticketing, point-of-sale, and guest Internet access. We are a multi-vendor shop with hybrid cloud capabilities.  

Like all enterprises, we have a complicated environment with database inefficiencies, complex rule sets and cumbersome navigation. We had limited insight into our devices, coupled with lack of storage and in-depth virtualization. We had multiple, disjointed systems centered around event correlation and then network and application performance monitoring.

Our staff found it a challenge to monitor our entire infrastructure and get real-time alerts on issues that need immediate attention. Point solutions offered niche solutions, but it was time-consuming for them to log in to several different systems and manually sort through events and syslogs. They also wanted to consolidate the monitoring and event correlation.

We really wanted to reduce time spent on solutions that don’t move the organization forward, which resulted in the need to reduce the number of disparate monitoring systems.

The Solution

After evaluating other solutions, the Indians chose AccelOps’ IT Operations Analytics platform. The virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen. The team was impressed with the intuitiveness of AccelOps’ solution and its ease of use.

Based on patented distributed real-time analytics technology, AccelOps automatically analyzes and interprets behavior patterns spanning server, storage, network, security, users and applications so we can rapidly detect and resolve issues.

We got a lot more results right off the bat. Because of the platform’s extensive feature set, we are now able to get the entire story that our network has to tell about a user, device, or group of devices. We can correlate server security events with NetFlow data, users, application performance, Snort alerts, etc. The solution allows us to drill down into the detail of a problem and quickly pinpoint the source. Some of the benefits we have experienced include:

  • Ability to aggregate all events
  • Simple and easy to use interface
  • Operational efficiency
  • Integration and expansion capabilities
  • Reduced Total Cost of Ownership
  • Change management
  • Application discovery and auditing
  • Ability to be more proactive to user activity

Because we are relatively small network operations team, we don’t have time to fish through event logs on nine clustered servers to look for clues to a one-off anomaly. Instead, we can go to AccelOps and run one query to pinpoint that single event we may be looking for to solve a problem, regardless of where the event was sourced.

We are now able to monitor hundreds of devices and thousands of security events per second, including Windows and Linux server event logs, Juniper firewall logs, Juniper and Cisco syslogs, Juniper SSL VPN appliance syslogs, Citrix NetScaler syslogs and more.  We are doing application performance metrics, synthetic transaction monitoring of IIS, MS-SQL, and DNS, and we are tracking traffic and circuit health of NetFlow/sFlow, utilization and errors. 

The Indians’ IT team is also better equipped to monitor security, with Active Directory integration (dormant accounts, password expiration, security changes), improved VPN (unauthorized accounts, multiple logon success based on locality), correlated Active Directory and Network Traffic, Snort IPS alerts correlated to Active Directory and network traffic, and better Network Performance by monitoring high CPU, memory, storage latency and interface statistics, settings, flapping, and protocol errors (BGP/OSPF events), and improved interface utilization and NetFlow providing top application by User.

Writing new rules is easier and less confusing now.  The system also allows us to automate reports that can be relevant to our developer team, end-user support, or even a group of power users.

With our new solution, the Indians IT team has the ability to aggregate all events in a simple and easy-to-use interface. We have reduced our TCO and are finding new operational efficiencies. AccelOps integrates with our systems and can expand as we expand. We are also monitoring change management, conducting application discovery and auditing, and are able to be more proactive to user activity.

Our new platform has allowed our IT team to do almost every task required, but winning the World Series this year will be up to the team on the field.

About the Author: Nick Korosi is senior network engineer with the Cleveland Indians. He has been with the Indians for 18 years and has a degree in electrical and computer engineering from Cleveland State.