Printer Friendly

Top 10 tech projects.

We look at the top data centre, security, disaster recovery and storage implementations that stood out in 2012. 1. Department of Finance Abu Dhabi Disaster Recovery Project This disaster recovery implementation project was conducted on a total budget of $5.4 million. The Department of Finance in Abu Dhabi budgeted a total of $5.4 million to implement High Availability solutions in its main data centre and to build disaster recovery solutions in the disaster recovery site. The Project was divided into: - Infrastructure Redundancy Solution for the Head Office datacentre. The datacentre solution was designed to enable the Department of Finance to have a redundant/clustered IT environment/infrastructure in the head office datacentre in order to continue the critical business operations/functions if any critical IT component failed or in an event of disruption to the normal operations of the datacentre. Approach and technology The Department of Finance needed to upgrade the infrastructure and to achieve its disaster recovery requirements. Oracle-Sun solutions were chosen as the preferred vendors as the Department of Finance decision-makers believed that it offered more strategic and long term future proofing for the organisation, especially since Oracle acquired Sun and all the Department of Finance's applications are Oracle based. Security Solution UTM: A unified threat managment solution was chosen based on Fortigate Multi-threat security system and ISS host based intrusion prevention system. The Fortigate solution incorporates multiple security functions in one appliance along with the Firewall functionality. Security Management Solution Proventia Network Enterprise Scanner is powered by the comprehensive and industry acclaimed vulnerability database from ISS X-Force research and development team. As the leader in vulnerability research, ISS identifies and protects more high risk vulnerabilities than any other organisation. F5 Based Application Delivery Solution. With this industry-leading combination of intelligent application traffic management, load balancing, and optimisation features, the F5's Application Delivery Networking products feature next generation platforms that are designed to provide unmatched power to dramatically improve Layer 4-7 traffic throughput, as well as administrative ease of use, and provide application aware traffic management. The solution is divided into two parts, referencing delivery of applications for both internal and remote users to insure performance and availability: - For local traffic management and has been addressed through a couple of F5 Big-IP Local Traffic Manager appliances - For global traffic management to offer site-level redundancy and this has been addressed through a couple of Big-IP Global traffic manager appliances distributed between the main datacentre and the disaster recovery site. Challenges for the implementation: - Migrating the applications from old server to new servers without affecting the business - Migrating the data from EMC to SUN storage - Customs application is an in-house build application, upgrading the application had some issues in the forms and reports. - Upgrade and migrate customs applications with a zero down time as the application is running in Abu Dhabi different customs locations 24/7. - Migrating Hyperion from one windows server to five windows server based on the best architecture provided by Oracle. - Technology level compatibility (whether a particular version of component can sit in the Sun Solaris platform) - Migrate and upgrade all the Databases to the latest version on RAC setup (real applications cluster) with a better performance. Implementation Benefits: - More business support by having high availability in the data centre and continuity in the disaster recovery system. - Unified and consolidated Infrastructure & storage solution gives a lot of ease from management and performance point of view. - Standardising the server, storage and backup vendor (Oracle-SUN) - Centralisation of customs application servers to have one centralised high availability application server in the headquarters instead of having 22 application servers running in the different customs locations. - End to end solution which cover all the areas of the Department of Finance infrastructure, Servers, storage area network, backup, security, disaster recovery. 2. Qatar Petroleum private cloud project The organisation decided to implement a private cloud using a modular vBlock platform by Cisco. Qatar Petroleum is one of the leading oil and gas companies in Qatar. Qatar Petroleum drives Qatar's transformational development by harnessing exploration and production of Crude Oil, Natural Gas and associated petrochemical products. Qatar Petroleum's Information Technology Department (ITD) plays a strategic and core role in Qatar Petroleum's operations by providing services that support Qatar Petroleum's Oil and Gas business requirements and enabling IT services. In partnership with Cisco Systems, Qatar Petroleum chose VCE's (Virtual Computing Environment) modular vBlock platform as a strategic solution to enable Qatar Petroleum ITD deploy a transformational private cloud solution in an efficient, cost-effective and timely manner. The vBlock solution offers Qatar Petroleum fast deployment path, standardised, pre-configured, pre-tested and best of breed technology solution from leading vendors such as storage (EMC), network and servers (Cisco) and virtualisation (VMware), without the effect of legacy typical best of breed solutions integration challenges, tied into a seamless support model from VCE. What solutions were deployed The solution deployed by Qatar Petroleum is based on a fully populated VCE vBlock 300HX, Converged Infrastructure solution. The solution is based on EMC Storage, Cisco UCS Blade Servers, Cisco Nexus and VMware Vsphere. This virtualised infrastructure forms the basis for the private cloud. Qatar Petroleum has deployed several applications on vBlock, including: - Complete suite of Cisco Unified communications Applications, ranging from call control, voice mail, presence, Meetingplace, Webex conferencing and telepresence applications for video. - Cisco Security Solutions, including ACS, and Identity Services Engine (ISE) for all Qatar Petroleum endpoint network access control on wired, wireless andvirtual private network access methods. - Cisco Unified virtualised network services based on Cisco Nexus 1000v (vPath Technology) such as vNAM, VSG, vNMC, and vASA. - Cisco Prime suite of management applications (LMS, NCS, Collaboration Manager, and Assurance manager). - Virtual desktop Infrastructure to support migration from legacy desktop architecture to a hosted virtual desktop infrastructure with VMware hypervisor. - Other additional services such as network simulation software. Qatar Petroleum has future options to expand its application services on vBlock, which are validated and tested by VCE for applications such as, Microsoft Exchange and SharePoint, SAP and Oracle. What challenges were overcome: - Deploying business services commonly comprises a large variety of hardware devices and software, built over time as requirements change constantly; this has become largely inefficient, difficult to manage and requires a high amount of man hours to deliver the requested services. - Significant time and budget are spent getting the different datacentre pieces to work together, tuning, devising workarounds, and planning upgrades and enhancements, rather than improving service delivery to end users and time to realisation of services requests for Qatar Petroleum's core business. While this is acceptable some years back, pervasive benefit of virtualisation is impossible to achieve within such an approach. - Lack of a consumption model of compute resource consumption, re-purposing, chargeback while decreasing costs. - Focus is currently on mundane activities, such as allocation of space, server cabling, operating system installation, power provisioning that was driving the efficiency lower in IT. - As a services enabler by overcoming routine tasks with automated provisioning, as a result of lack of a standardised procedure for application services deployment, including human error factor when following the provisioning processes. - Need to reduce time to service turn up in response to Qatar Petroleum business requirements - Consolidation of diverse server platforms and enable re-purposing of compute resources as demands changes over time, avoiding repeated cycle of wasteful investment in hardware servers as applications upgrades demand more compute resources - Reduction of uncertainty in data centre real estate design and data centre planning - Lack of flexible test bed virtual infrastructure to support faster migration and less risk to business in upgrading applications. 3. RTA implements sophisticated security network Organisation managed to upgrade and redo its security network with minimum disruption to operations. The UAE Roads and Transport Authority has a high performance network connected to the external world via the Government Information Network (GIN). In the beginning of 2011, the RTA became aware that their Nortel Intrusion Detection System (IDS) was reaching its end of life. Therefore, in January 2011, the RTA began to look for a more sophisticated IPS replacement. The organisation wanted to secure six primary areas: The internet connectivity from the GIN network, e-Traffic Zone, DMZ Zone, Distribution Zone and un-trusted connections to the RTA services. Its target was to go-live on 30th December 2011. The RTA performed a Proof-of-Concept for two weeks for different devices to test the product was functioning as per its requirements and needs. The IPS which won maximum points and was simple to deploy, powerful and effective was chosen (HP Tipping Point Network Appliances). The budgetary cost of the project was finalised with $272,255. The deployment of the Network Intrusion Prevention System's (NIPS) solution began in October 2011.Then the RTA had an initial kick-off meeting with the chosen vendor to define the project scope and deliverables. IPS solution design The RTA designed the IPS solution such that it involved subjecting any external traffic coming to the RTA enterprise network and any traffic to mission-critical server farms/DMZs etc to Layer 2 -- 7 deep packet inspections using the NIPS. The NIPS has bypass mechanisms incorporated from both hardware and software perspectives. This is designed to ensure 99.999% of network availability. Reputation DV package installed on the NIPSes can provide IPv4, IPv6 and Domain Name System (DNS) security intelligence feeds from a global reputation database so that the organisation can actively enforce and manage reputation security policies using the NIPS Platform. The centralised management of the NIPS, event storage and reporting will be handled by the Security Management System appliance from TippingPoint. The IPS Project was deployed in stages to avoid any major impact on operations. The deployment process was done on each segment considering stakeholders' approvals for the related activity downtime, tasks and results. Based on the RTA's design the Network has redundant path in the Active/Standby mode. Hence the organisation first implemented the IPS inline on the Standby path on each segment with the related acceptance tests. Once done it configured this path (standby path) as Active path. Subsequently it implemented the IPS inline on the standby path without disrupting the traffic. The RTA estimated approximately five to ten minutes downtime per segment to implement the IPS inline on each segment. Currently, the NIPS is used to inspect any traffic from outside. Multiple segments from TippingPoint NIPS are utilised in the internet/GIN and other data centres' zones, ensuring protection of external attacks. In order to prevent the critical assets from internal attacks, the RTA has plugged NIPS segments in front of the Distribution Zone, E-Traffic zone and DMZ Zone. This helps it combat security threats and breaches, including sophisticated hackers who use bots, zombies, and popular peer-to-peer applications to bypass peripheral security devices. Project's Challenges During the project implementation some major issues were faced to protect RTA network from hackers and attacks by enabling all recommended filters based on the assessment report that enabled during the implementation. Enabled filters and actions were fine-tuned after getting the approvals from the security team, project team and operations team. Project's Benefits Future Proof: All the Devices in the Solution are upgradable to 10G, this will cater future IT Infrastructure upgrade requirements. Operational Task Optimisation: Can be used for multiple Zones in the same data centre and also for other data centres by enabling and creating virtualised TPSs (Segments) in the same physical boxes. Operational cost: One time licenses cost for all Features. Only the support and maintenance cost and Digital Signatures updates reoccurs depending on the contract duration. Data centre Resource Optimisation: Five installed devices will be replaced with two installed devices hence better space availability, and a decrease in both power and cooling requirements. 4. GCAA deploys centralised storage With growing services the organisation needed to consolidate its system to ensure efficient load balancing. General Civil Aviation Authority (GCAA) Information Technology department provides hundreds of services through varied forms of technology -- more than 170 E-services, GCAA website, intranet portal, email and Blackberry services, and file services to name a few. These services are growing day by day with rapid improvement in architecture and infrastructure, leading to a need for a centralised storage system that would ensure a smooth balance of capacity demand and supply with efficient load balancing mechanism. Implementation The GCAA acquired storage area network (SAN) infrastructure, which allowed more than 250 users to access 14TB (usable) of network based raw storage in the head office (Abu Dhabi) and disaster recovery (Dubai) sites. The SAN is based on fibre channel disk technology, and is protected against failure by deploying RAID solution thereby increasing the mean time between failure and fault tolerance. Overview of the SAN Architecture deployed at GCAA In order to ensure IT Service Continuity, GCAA has deployed SAN replication solution for online real time SAN to SAN replication between Abu Dhabi and Dubai datacentre's. Many critical servers in the datacentre hosts applications that cannot afford any downtime, such as the GCAA website, e-services and associated databases. For these applications the GCAA have built database clusters and applications farms with the use of SAN. In case of hardware failure the same storage will be mounted on another node thereby ensuring availability of application to users. While the selection of the solution was driven by the promise of improved functionality, reduced total ownership cost, scalability, reliability and interoperability, a well managed relationship with EMC has resulted in three years of warranty that includes 24/7 support via live session. Implementation benefits: The overall benefits to GCAA by implementation of SANs include: * Increased business agility for all General Civil Aviation Authority * Eliminated delays for users around the globe while accessing GCAA facilities * Provide cost effective long distance replication between GCAA sites * Delivered enterprise business continuity features * Easy to manage array of clusters * Easy to switch storage to any node * High throughput that will lead to GCAA application and services performance improvement * Reduced time for tape backups * Increased disk utilisation reducing the number of server units and cooling requirement in the data centre * Reduced time for provisioning additional storage. 5. Health and Safety The Ministry of Health in Kuwait rolled out new Trend Micro security solutions at the organisation. Kuwait has one of the best healthcare systems in the Gulf region, with services delivered by the Ministry of Health at approximately 90 primary healthcare centres, hospitals, and specialty health centres across the country. As a healthcare provider, the Ministry has the responsibility of protecting patient privacy. "Our main security strategy is focused on protecting our data--it is crucial that we protect personal patient information from leaks and hacking. These are our main challenges. We also have research and study teams in the organisation, and must protect the data associated with their work," said Hussain Eidan, operations manager, Information Systems Department, Ministry of Health at the Government of Kuwait. To block malware and other security threats, the infrastructure was originally protected by solutions from two leading security vendors, but a few years ago, the Ministry's Information Systems Department because dissatisfied with the security products in place. Solution Dissatisfied with the level of protection and management complexity offered by the original security solution, the Ministry of Health's technology team approached Trend Micro after researching and testing the various security products on the market. The Ministry of Health decided to switch to Trend Micro Enterprise Security solutions. "We found that Trend Micro was best for our environment, and our evaluation results were also supported by recommendations from consultants that we respect," said Eidan. Today, the Ministry of Health's infrastructure is protected by Trend Micro Enterprise Security for Endpoints, which includes Trend Micro' OfficeScan. Trend Micro Enterprise Security products and services are powered by the Trend Micro Smart Protection Network infrastructure that delivers advanced protection from the cloud. Threats are blocked in real-time, before they reach hospitals or healthcare centres. The bulk of ever-growing pattern files are kept on central scan servers rather than individual endpoints, keeping the agent footprint small and reducing the need for frequent updates. Issues faced: The Ministry said that there were few problems during the Trend deployment, although Trend did have to manually clean some of the machines within the Ministry of Health network. Ravi Patil senior Technical Account manager at Trend Micro said that the uninstallation of the old anti-virus was the biggest challenge because it had corrupted in some places and had to be manually removed. Results By deploying the new version of Trend Micro's solution which features smartscan technology, bandwidth usage has been slashed for remote locations such as clinics and hospitals. The old antivirus was automatically uninstalled on the implementation of the new client on the majority of the machines, and the solution was fully deployed in 90 locations within a three week period. This included the deployment of officescan servers in the Ministry of Health's main office "We have found [the latest release of] Trend Micro OfficeScan to be an excellent and very dependable product," said Eidan. "The new plug-in manager offers more and enhanced features along with the new simple widgets for better control and accessibility. More importantly for us, the performance and scanning is even faster than in the previous release. This means that there is less resource utilisation and makes it easier to operate." OfficeScan helps the Ministry tailor security across the various departments and sites, and configure Smart Protection servers to optimise the network utilisation. 6. UAEU creates a private cloud Institution uses Arrive Systems solutions to create a campus-wide integrated network. The United Arab Emirates University (UAEU) rolled out education solutions from Arrive Systems, to connect to its own private cloud network, to create a campus-wide integrated educational network. Each UAEU classroom with a standardised interactive whiteboard and Arrive's RoomPoint, which performs the combined tasks of the Room PC, DC power adapters, lecture capture, AV switcher and content delivery platform. The media processor appliance (MPA) eliminated the need for faculty to bring a laptop to the classroom as the cloud makes applications and content available to all users at once. The university has also replaced equipment racks with a wall mounted modular media processor appliance that provides network access via a thin-client and audio-visual switching. "The strategy to standardise on the educational technology and cloud connected content delivery at UAEU using open standards Intel based architecture, provides the ability for students and faculty to experience the same user interfaces irrespective of different delivery devices and venues as well as promotes scalability when adopting next generation technologies. It also allows for the end-point systems to be light weight with the cloud connected network doing much of the heavy lifting," said Aneeta Gupta, president and chief executive officer of Visionaire. The Arrive RoomPoint and InfoPoint devices both use Intel processors with improved energy consumption profiles. The RoomPoint MPA is comprised of 100% folded aluminium, to reduce carbon footprint and energy consumption, and also has no fans or other moving parts. "The Intel Atom is designed to make it easier for users to take advantage of benefits of the Intel Architecture based on their specific needs. The Intel Atom is built directly into the CPU of smaller devices to improve performance and sustainability - much like Intel creates technologies that advance the way people live, work, and learn," said Taha Khalifa, regional sales manager for Intel in the Middle East. 7. TE Data develops state-of-the-art data centre Company overcomes logistical and power availability issues to implement international standard data centre. TE Data is one of the leading ISPs in Egypt. In 2009 it finished its state of the art data centre and due to the demand in the Egyptian market, and the growth of customer needs, TE Data decided to build a new data centre following international standards. The company decided to implement a tier3 data centre which provides availability percentage of 99.982% per year (concurrently maintainable) as per TIA-942 standard, which currently is the highest standard data centre in Egypt, with multiple power sources, UPS's and a huge generator, as well as multiple fibre cores connected to different exchanges. The overall capacity of the data centre is 200 racks and 950 KVA. The cooling system and ventilation of the data centre were designed to help provide the maximum possible power. Its target was not to provide the cheapest prices to our customers but the highest quality, which let us win some of the most prestigious clients in the region, such as the some of the largest banks and insurance companies in Egypt, in addition to international technology customers such as Verizon and Orange. Implementation details TEData started the implementation on March 2011 and TEData's data centre was launched on 1st March 2012. The implementation was divided into two phases, it started with the planning phase including technical solution design, site preparation and complete risk analysis under the supervision of one of the international consultancy offices. The implementation phase included equipment delivery, installation process and testing process. Problems or challenges: Power requirements and power availability from the electricity company were a big problem and it was a big challenge to allow the business case to be flexible to absorb the cost of a new separate power station. The company also faced a big problem with equipment delivery due to logistical problems and successfully squeezed the implementation schedule to overcome the impact of this delay. The project is satisfying all of the company's customers needs, TEData's data centre is one of the leading data centres in Egypt which is complied with the TIA-942 standard from the capacity (Power, Cooling and Space) and redundancy sides. TeData is beating competition based on quality and availability and not on price., giving them the ability to beat them on big international and local customers, who have mission critical applications. 8. Snowhite boosts security Company partners with Cyberoam to overcome IT security and unchecked web-browsing challenges Snowhite is one of the leading men's wear showrooms in the Gulf with a total of 25 showrooms in Dubai, Sharjah, Abu Dhabi, Fujairah, Ras-al-Khaimah, Kuwait, Qatar, Oman, Bahrain and lately in Al Ain. Snowhite looked into a number of security products in order to address their multiple business challenges. Cyberoam emerged as the security solution of their choice from among a number of other players. The industry then deployed one 200i and one unit of CR15wi at the head office and Thirty Four units of CR15wi at branch office all over the Gulf in Bridge mode. Organisation needs Protecting the Network Edge, putting a stop to uncontrolled surfing and providing a stable and secure VPN connectivity were some of the business challenges faced. Cyberoam hardware firewall provided the solution by protecting Snowhite data servers with its applications, and data against attacks from external entities. Moreover servers in their networks hosted client's information which had to be protected. Also, online transaction via credit cards was a sensitive issue with rising instances of online fraud. Cyberoam offered the organisation a gateway firewall for its first layer protection of the entire network. Similarly for uncontrolled surfing Cyberoam Content Filtering solution put a lid on users from surfing the internet uncontrolled. Also, Cyberoam provided provide access to sensitive data across a more secure and stable VPN to Snowhite with independent networks at remote sites supporting hundreds of users. Technologies used - Cyberoam VPN: The VPNC-certified Cyberoam communicates with most third party VPNs, making it compatible with existing network infrastructures and providing secure access with remote workers, partners, suppliers and customers. - Cyberoam IPSec VPN : Cyberoam IPSec VPN supports IPSec, L2TP, PPTP VPN, establishes road warrior, Net-to-Net, Host-to-Net VPN connections, full support to IPSec and IKE, network authentication and encryption through DES, 3DES and AES, automatic failover of VPN connectivity for IPSec and L2TP connections across multiple ISP gateways. - Layer 8 Identity-based VPN Access technology ensures access on identity and work profile-based access policies to employees, partners, customers while providing control over 'Who Accesses What'. - Threat-Free Tunneling Technology scans IPSec, L2TP, PPTP, SSL VPN traffic for malware, spam, inappropriate content and intrusions thus ensuring security of endpoints and network while comprehensively stopping threats entering from devices. - Layer 8 Identity-based Reporting part ensures reporting with username provides instant user identification and prompt corrective action and thus meets regulatory and security compliance. - Cyberoam Firewall: Cyberoam ICSA-certified and Checkmark Level 5 Certified allows one to create firewall rules embedding user identity into the firewall rule matching criteria. This unique feature is designed to allow Cyberoam to secure dynamic IP environments like Wi-Fi and also environments where user share endpoints as in educational institutes and BPOs. - Cyberoam Web Content Filtering offers comprehensive URL databases with millions of URLs grouped into 82+ categories, it blocks access to harmful websites, preventing malware, phishing, pharming attacks and undesirable content that could lead to legal liability and direct financial losses. - Web Categorisation: Cyberoam on-appliance database of Web filter with 82+ categories along with provision for custom categories automatically updated through WebCat -- The Website Categorisation Engine provides comprehensive and company-specific web filtering. Cyberoam Web Filtering Options includes URL, keyword, file type and database filtering that ensures comprehensive web and content filtering. - Web security feature blocks third-party proxy and tunnelling software, Google cache pages, embedded URLs in websites, malware, phishing, pharming and Java Applets, Cookies, Active X while enforcing 'safe search' in all the search engines. - HTTPS Controls in web filtering provides visibility into encrypted HTTPS Traffic, prevents unauthorised file upload and download over HTTP and HTTPS and blocks unauthorised, malicious and illegal HTTPS websites. - Cyberoam web filtering ensures regulatory Compliance, implements Internet Safety Policy, offers credentials of active member of Internet Watch Foundation (IWF)and Prevents Data Leakage. Layer 8 Identity-based Controls in web filtering helps apply Username, group, work-requirement based policies, schedule-based access control and user authentication through ADS, RADIUS, SSO, local and thin client. Challenges Cyberoam proved to be Snowhite's ultimate choice in security solutions as it stood up against all the security challenges they faced. The challenges were: - Protecting their internal servers t-Controlling unbridled web surfing by employees - Securing the communications between the head office and the branch offices. Cyberoam's implementation into the Snowhite network is simple Plug-and-Play with minimal additional configuration. 9. Topaz addresses bandwidth issues and security challenges Company fights viruses and spam with SonicWALL's Network Security Appliance. Topaz Energy and Marine is a leading oilfield services company providing marine and engineering solutions to the global energy industry. Based in Dubai, the company has a primary focus on MENA and the Caspian Sea. The marine division operates approximately 100 offshore vessels. It has an in house IT team of 15 people with 16 locations around the globe including United Arab Emirates, Qatar, Azerbaijan, Bahrain, Nigeria and Brazil, all of which are connected through VPN tunnels. The challenge In 2004 Topaz deployed SonicWALL Network Security Appliance resulting in greater performance, reliability, efficiency and manageability and inadequate performance. One of the main problems faced by the company was the lack of bandwidth. Previously, Topaz used different solutions for its firewall and VPN connectivity. However the complexity in managing, prompted the company to switch to SonicWALL in 2004. Topaz which had no protection for their network, were left vulnerable to viruses and spam mail that negatively affected bandwidth and the application access across the network. This resulted in the loss of critical information and a decrease in employee productivity, due to a lack of network access. It was a constant struggle for the company to regulate and manage their bandwidth and staff was unable to access vital information.With productivity at a low, the company required a quick and effective solution which incorporated their 16 sites worldwide. In 2004 two locations were deployed with SonicWALL's Pro Series 3040, 4060, 5060, and within a year it was rolled out across all locations globally. The firmware is upgraded three times a year and in 2010 the Pro Series were upgraded to SonicWALL's Next-Generation Firewalls NSA E5500, 4500 and 3500 NSA series. All locations have two lines; one lease line for VPN tunnels and a second line for internet access. The lease line offers 12 megabytes at each site. ADSL lines are between 40-100 megabytes and based on local connectivity and capacity. Social media sites are blocked and rules are set based on management decisions. The Result: The successful implementation resulted in 100% uptime. Due to the SonicWALL GUI, the deployment was easy to manage. Subsequently, performances increased beyond 10% and still leaves room to scale. In 2010 Topaz implemented SonicWALL's ES 5500 NSA series at their headquarters in Dubai as well as their 3500 and 4500 which are all managed centrally at the head office. Now, thanks to SonicWALL, Topaz is able to effectively communicate with their global offices through a shared network. They also installed a remote desktop (assisting sites globally to overcome problems) and ensured that sites had folder access, fast and effective webmail and the latest deployment of the JD Edwards World Solution Company ERP. Future: SonicWALL is currently working on extending the Topaz network to include hand-held devices. Plans are underway for Topaz to install SonicWALL Aventail E-Class SSL VPN, which provides users of Windows, McIntosh, Linux, iOS, Android and Windows Mobile devices 'in-office' experience. This will give easy and secure access to executives who are constantly travelling and enable them to keep abreast of important news. SonicWALL will also assist Topaz in expanding into other new upcoming locations in different regions. 10. Dubai Municipality upgrades threat protection Organisation fights viruses and spam by overhauling old firewall clusters, introducing better security. Dubai Municipality had multiple network security zones that were hosted through multiple firewall clusters, implemented in 2001. DM's old architecture had reached its scalability limit and lacked any advanced persistent threat technologies. As part of Dubai government's endeavor to provide as much e-services as possible, complex applications were added over the years and the existing firewall technology did not have any application-layer threat protection capabilities. An upgrade was necessary to ensure that crucial government infrastructure and applications are well-protected from the evolving IT threat landscape. The DM IT Infrastructure team had to ensure that DM's strategic objective of complete automation of e-services is aptly supported by the IT Security Infrastructure. Hence, DM undertook a meticulously planned proof-of-concept methodology, through which it tested multiple OEM products for the feature-sets that would satisfy DM's long-term IT vision that involves highest levels of threat protection, scalability, and ease of maintenance. The solution also needed to reduce the Dubai Municipalitt's operation expenditure (annual maintenance costs). Requirements One of the key requirements of the solution was that the implementation had to happen with minimal downtime. A Project Steering Committee that overlooked the entire progress and decision-making, finally approved Fortinet's FortiGate network security virtualisation solution. DM chose its long-term IT Security Partner, Paramount Computer Systems, to implement this solution. Technology used: The security implementation solution, based on Fortinet's firewall technology, satisfies all of DM's immediate and long-term requirements. It provides hardware consolidation through virtualisation and any further infrastructure growth needs (scalability) can be easily accommodated with the addition of virtual firewalls. The FortiASIC processors ensure dedicated processing as compared to the standard CPU-based architectures. The solution ensures application-layer protection through inbuilt application controls mechanisms. Challenges: The project had strict deadlines, to ensure that it aligned with DM's 2014 vision of complete automation of its services. Given that the implementation impacted the entire DM IT infrastructure, there were multiple dependencies on other government IT departments and 3rd parties (vendors). Payback from the Solution: The virtualisation & consolidation aspects of the implementation enabled DM to save costs in terms of annual maintenance costs. The Unified Threat Management features of the chosen technology allowed DM to save on additional technology investments and will enable further cost-savings by consolidating the VPN services at DM. Within a period of two years, the implementation will save DM approximately $16,355, in addition to achieving the ROI. One of DM's goals is to reduce its carbon footprint - the solution is expected to reduce the power consumption by 19.3% compared to the previous infrastructure as well as reduce the datacentre cooling needs. The consolidation has enabled DM to improve its Business Continuity by reducing its IT Security infrastructure point of failures from 3 to 1. The implementation followed ISO27001 standards and allows the IT team for granular control over operations and security alerts, thus saving operations efforts and reducing reaction time to mitigate security issues. The consolidation will also enable DM to save on manpower costs that might have been incurred to maintain multiple technology products.

2012 ITP Business Publishing Ltd. All Rights Reserved.

Provided by an company
COPYRIGHT 2012 Al Bawaba (Middle East) Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2012 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Article Type:Company overview
Geographic Code:7UNIT
Date:Oct 31, 2012
Previous Article:Branch office security - what are the problems?
Next Article:Flight security.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters