Interview with Thomas Novotney, senior computer systems analyst at Susquehanna Nuclear in Berwick, Pennsylvania, which is owned by Talen Energy.
About Talen Energy.
Talen Energy is one of the largest competitive power generation and infrastructure companies in North America. Susquehanna Steam Electric Station (SSES) generates clean, reliable, safe, and affordable energy to power homes, businesses, hospitals, and schools, driving regional economies. The plant has two boiling water reactors capable of generating ~2,500 MW of power, enough to power 2M homes.
1. How did you hear about GLPI?
Thomas Novotney: “I first heard about GLPI when I was searching for an inventory database for equipment at the company I was working for at the time. They wanted to have a way to show depreciation of all their equipment. So we were using a lot of the features that allowed us to calculate the pricing and depreciation value and then submit it for insurance purposes. It was probably five, six years ago. I was searching the internet and “open source” was probably a keyword – looking to see what tools were available to get the job done.”.
2. How do you use GLPI and how it helped you with the bussiness?
Thomas Novotney: “GLPI is an essential tool if you want to find out information about a device or – as we call them “CDAs” (Critical Digital Assets) – that are in our plant. Basically, if you need to find out if a certain piece of software is on them or if you need to just know where it’s located, we have all that information in GLPI. They just go to that as their resource to pull it up and find out.
One of the biggest things we did was (specifically since it is in the program), you have the ability to see everything that is rack mounted.
However, some things are in panels, some things are in cabinets, some things are on tables. So right away we realized that we still wanted to have a graphical representation. When you click on racks not everything’s going to be a rack mounted device and we wanted to keep that workflow consistent for us.
We created a plugin which allows us to use SVGs as a valid graphical representation in place of the rack display. In cases where you upload a SVG as a document and relate it to the rack, the plugin automatically uses the SVG representation which utilizes the other features within GLPI, like being able to click, add the device and relate it to the racks. When you have a rack, you get the visual representation you normally get, but again, we don’t always have it like that.
Now we can load up an SVG and then just click on the area of the SVG that would take you to the device for further information.
You probably see the color changing in the background too. We have two nuclear reactor units here on site, they’re color-coded, to help people make sure they’re looking at the correct unit.”.
3. How do you manage cyber security using GLPI?
Thomas Novotney: “Part of the requirements for our cyber security program and the NRC is to maintain baselines so we can prove that when we go out and have to interact with a device that we can prove that it hasn’t been changed from the previous time, we’re using the XML as a way to prove that. For the most part, it was easy to get into GLPI development. Online documentation was very easy to get a hold of, and the framework is pretty straightforward.
We have over 3000 digital assets. In addition to that, our Vulnerabilities plugin downloads from NVD (National Vulnerability Database) the CVEs and we have all of that in our GLPI system. There’s over 200,000 CVEs in the system that then get associated with all of the 3000 assets nightly. We have a process that matches them up based on how we have implemented it and makes sure there’s no new ones or changes.
The biggest things are for cyber requirements. We have to maintain a master software list, which GLPI natively does right out of the box with ease, and the inventory plugin just allows us without human error to enter that information into it.
The fact that we could download GLPI on Linux distribution and get it running on premises is a big thing too, because it can have additional isolation and protection that the NRC and our regulations require. ”.
4. Which is your favourite thing about GLPI?
Thomas Novotney : “GLPI is extremely flexible. Even with the language files and everything else, it is easy to change things up and make things easier for people to understand, even something as simple as language, it helps big time!” .
How can you try GLPI?
If you have not tried GLPI yet, you can start a free 45 day trial on GLPI Network Cloud (no credit card needed!): https://glpi-network.cloud/
If you want to download GLPI on-premise and need assistance, our partners-integrators can support you (you will need to have a valid GLPI Network Subscription).