Case Studies
Minebea Intec – Acting fast thanks to a customized IT infrastructure
For Minebea Intec, Skaylink replaced the inherited environment with an AD that is customized for the company.
Ill-fitting clothing is uncomfortable at worst. Conversely, an IT landscape that doesn’t fit can be a real burden: After a carve-out, Minebea Intec GmbH inherited the infrastructure of its predecessor company, Sartorius – and then began to struggle with an environment that did not properly fit the new workflows and requirements. Ultimately, with the help of Skaylink, they decided in favor of a customized, more modern IT design.
Too clumsy, too old: The old Active Directory no longer fits
Minebea Intec is one of the world’s leading manufacturers of industrial weighing and inspection technologies. Headquartered in Hamburg, Germany, the company offers products and services that have represented innovation, performance and reliability for over 150 years. The company, which came out of Sartorius, is part of the Japanese MinebeaMitsumi Group and employs more than 1,000 people at 18 locations. With forward-looking solutions, Minebea Intec increases the precision and efficiency of the weighing and production processes of industrial customers. Its product portfolio includes high-resolution platform scales, load cells, control scales, metal detectors, X-ray inspection systems, and intuitive software solutions.
It quickly became apparent that the IT environment Minebea Intec inherited was inadequate. However, Minebea Intec initially continued working with it – after all, when it comes to IT, psychological factors also play a major role. All of the employees were used to the infrastructure and users typically view changes with skepticism. “The danger here is that you remain on the beaten path and postpone important reforms too long,” said Alexander von Strachwitz, the director of Global IT at Minebea Intec.
To make sure that they didn’t wait too long, von Strachwitz prioritized converting the IT environment. A new Active Directory (AD) should not only reasonably safeguard the mobile applications that are used with increasing frequency. The growing threat of cyber attacks made a new architecture necessary as well. But as von Strachwitz says, “Not everyone is an expert in Active Directory.” However, Principal Consultant Christoph Kuderna from Skaylink is exactly that: one of the top AD experts in Germany. And since Minebea Intec had already had positive experiences with Skaylink on other projects, they decided to approach the conversion together.
Uniform security for a hybrid, heterogeneous environment with Azure AD
Active Directory is the foundation of corporate IT: If something there doesn’t work correctly, all the internal processes quickly begin to gum up. This is why they were reluctant to make changes. After consulting with Skaylink, however, Minebea Intec wanted to separate the IT environment from the old domain and set up a completely new AD. The scope: Around 1,000 users, approximately 1,300 computers, and around 300 servers had to be migrated. The challenge: The old Active Directory will still be used for a while in parallel, since some old systems cannot be integrated into a new AD that is operated with the current security configuration.
This is why Minebea Intec and Skaylink first developed a concept for the look of the new AD. “We looked at what is actually needed for the processes in light of the new challenges,” said Kolja Scepanik, Senior IT Consultant at Skaylink. Ultimately, they decided in favor of a hybrid Active Directory linked to Entra ID. At the same time, the expert team at Skaylink created the necessary prerequisites for a successful migration by adapting firewalls, driving virtualization, and updating the server operating systems.
They also tackled ID management and authentication: Groups and policies were analyzed and adjusted. Furthermore, a new public key infrastructure (PKI) was established.
To ensure that all functions and apps could run to their full scope, interfaces also had to be adapted for the migration. Skaylink supported Minebea Intec with its endpoint management and made sure that it was possible to dial into the new domain via VPN without problems. “We offered Minebea Intec complete project governance,” says Kolja Scepanik in summary.
“The project has helped our IT to reach the next maturity level.”
Results
After around 11 months, the project was completed successfully. Alexander von Strachwitz drew a clear conclusion: “At Minebea Intec, patchwork IT is a thing of the past. Thanks to more thorough standardization, everything is much easier to manage now. This helped to lift our IT to the next maturity level.”
Instead of 300 policies, now there are only 30 that are centrally enforced. Minebea Intec also works with a tiering model now. It includes using different authorization levels for the IT administrators. Tier 0 is the highest security level and, as such, is technologically strictly separated from the others. To do this, privileged access workstations that are linked with an Entra ID tenant were implemented. Tier 1 and Tier 2 receive separate admin accounts and login specifications. The tiering model is part of the zero-trust concept that the company is now rolling out successively.
From the viewpoint of Minebea Intec, partnering with Skaylink on this project was absolutely the right decision. “The mood was always positive,” said Alexander von Strachwitz. With its high level of expertise, a culture of openness, and a clear view to the future, the dynamic team fostered an excellent atmosphere. “It was a pleasure to work with such an experienced project manager. Going to meetings was fun.”
The progress of the project strengthened the company’s desire to advance its IT in the direction of the cloud. Currently, a switch to a managed workplace is planned. Here, the hardware is no longer purchased, but leased instead. As a result, intensive maintenance and high procurement costs for new devices will be a thing of the past. According to von Strachwitz, the next development steps in the field of security are SIEM (Security Information & Event Management) and SOC (Security Operations Center). “With a modern Active Directory, we have now created the basic prerequisites for this.”
The project at a glance
Company:
Minebea Intec GmbH
Challenge:
After a carve-out, the company inherited the infrastructure of the predecessor company, which was too big and did not fit the new workflows and requirements.
The solution from Skaylink:
Since the inherited Active Directory was still needed for some old systems and part of the infrastructure had to remain on-premises, the ideal solution was a combination of a new Active Directory linked to Microsoft Entra and the scaled-down old way of doing things. This is why Skaylink migrated large pieces of the environment from the old AD and built a new Active Directory and a tenant, making a hybrid structure possible.
Solutions used:
Azure Active Directory, Microsoft tiering model, public key infrastructure, Active Directory Migration Tool & Forensit User Profile Wizard, Windows Hello for Business, Sentinel One, Microsoft LAPS (Local Administrator Password Solution), Windows DHCP failover functionality, privileged access workstations linked to an Entra ID tenant
Acting fast – Thanks to a customized IT infrastructure
Global Exchange Online migration at ZIEHL-ABEGG
