VPN delivers the goods: solution ensures seamless failover in the event of Internet access outages or lost connections.
Headquartered in Itasca, Ill., AIT has 34 offices nationwide, 330 global service centers and more than 800 employees. Additionally, the company employs a large network of independent contractors that rely on AIT's network to access critical supply chain management and accounting applications 24/7.
With a growing business on the line, AIT decided to reevaluate its frame relay and network redundancy service provider. Network interruptions and costs had been on the rise and AIT realized that it could not expand its business without a higher level of performance and reliability.
"We had to take an honest look at our operations. We were overpaying for low performance and inadequate customer service and realized our service provider was not holding up its end of the bargain," says Dan Chesler, network administrator for AIT.
As it started evaluating network security vendors, AIT had four objectives: reduce costs, improve redundancy in its wide area network, centrally manage network security and eliminate single points of failure.
"It's a tall order for a single solution. There aren't many products available that could meet all four objectives," says Chesler.
AIT decided to implement Stonesoft's StoneGate solution primarily because of its patented Multi-Link technology, which ensures seamless virtual private network (VPN) failover in the event of Internet access outages or lost connections between firewalls and outside networks. The solution provided a full-scale stable firewall with deep-packet inspection capabilities. The StoneGate solution also can aggregate multiple high-speed Internet services without routing and provide site-to-site VPN across those multiple links.
Initially, AIT implemented the solution at one of its busiest offices in Minneapolis. The company implemented three firewalls, two of which were clustered at the company's headquarters. The implementation was complete within two months, and AIT decided to roll the implementation out across a majority of its network stations, including corporate offices, remote locations, customer sites and independent contractor sites. In total, AIT implemented 43 appliances at 41 different sites over a nine-month period.
CHANGE IN INFRASTRUCTURE
After the appliances were installed, Stonesoft worked with AIT's network administrators to create standard security policies at its corporate headquarters in Itasca that could be easily pushed to each appliance across their network--all from a single central command center. The implementation, however, required a substantial change in AIT's infrastructure and, to some extent, a leap of faith from AIT's IT team.
Previously, AIT used a traditional flame relay circuit that was costly, but provided AIT a high level of security. The company was fearful of losing quality of service (QoS), performance and security by routing traffic over a public infrastructure.
AIT also had envisioned going with a central DSL provider to serve all of its stations. Their provider of choice, however, could not support many of the company's stations, requiring AIT to provide one-off providers for cable, DSL or T-1 service.
Over the course of the StoneGate implementation, AIT learned that most service providers place a higher priority on repairing T-1 circuits than DSL circuits. As a result, the company opted to use more T-1 lines than originally anticipated.
Stonesofr played a technical consulting role in helping AIT solve many fundamental network challenges. Stonesoft's R&D team recreated many of AIT's unique network challenges in its labs and designed specific solutions that met their needs.
One example is the company's rollout of a voice-over-IP (VoIP) system. AIT implemented the StoneGate solution and its VoIP system concurrently. To ensure network performance and QoS, Stonesoft worked with AIT to route and load balance VolP traffic through StoneGate appliances.
Chesler acknowledges the challenges with the StoneGate implementation while championing Stonesoft's approach: "That's okay, though. Perfect implementations don't exist. What we don't have, thankfully, is a vendor with a 'take it or leave it' attitude. Stonesoft's team worked with us to find workarounds and solutions to issues that are specific to our industry and our market niches."
According to Chesler, "If you go back and look at our four objectives, we've met each one of them. We've reduced our network spend, achieved redundancy, centralized network security and eliminated most of the single points of failure."
It took less than six months for the company to achieve a full return on its investment. Most of its stations were paying an average of $1,500 a month for a 256-KVCS frame line. Today, most stations have two lines that are roughly $99 each per month--$1,300 a month savings per station. At the headquarters in Itasca, which is the hub for the Frame Relay, the port primary domain controller (PDC) and asynchronous transfer mode (ATM) circuit cost savings is about $33,000 a month.
The visibility and ease of use of the centralized control provided by the StoneGate solution have also had an impact on AIT's network operations. The company now has the level of granular control needed to support its expanding shipping and logistics business. Today, AIT's growing network of independent contractors has access to all of the critical applications needed to ensure accurate ordering, delivery, tracking and accounting.
The next step for AIT was to roll out the StoneGate SSL VPN to its IT department and select contractors who needed anytime access to the network for maintenance or troubleshooting. Since the SSL VPN does not require a pre-installed VPN client on each machine, the AIT team can access the company network from anywhere, regardless of computing device. Using the SSL VPN portal, AIT is able to set a policy allowing secure access to desktops, which contains all the applications and connections IT and contractors need to do their jobs.
Since implementing the solutions, AIT has continued to increase the number of independent contractors on its network. On average, independent contractors say they are saving $1,200 each month, while enjoying faster network speeds and resiliency.
While the StoneGate solution's failover and load-balancing capabilities were tested rigorously in implementation, the ultimate test came when AIT's Boston office underwent a complete network overhaul. To improve Internet access and performance, the office migrated from a cable line and DSL modem to two T-1 lines from different vendors. During this time, AIT relied solely on Stonesoft's Multi-Link technology to ensure network access to employees and independent contractors.
Most recently, the company encountered another major network failure when switching local and long distance carriers in its Minneapolis office. Once again, the StoneGate solution was able to handle all traffic and ensure connectivity while the primary circuit was being repaired.
"Sometimes, we don't even know there's an issue with our network until the ISP calls our help desk to alert us," says Chesler. "Knowing there's been zero interruption in our business is a great feeling."
Chesler's goal is to virtualize much of the company's network security functions while continuing to add services like VoIP to more of its offices and service centers. He expects the StoneGate solutions to provide the improved security and visibility AIT needs, without purchasing more physical hardware.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Network Security; virtual private networks|
|Comment:||VPN delivers the goods: solution ensures seamless failover in the event of Internet access outages or lost connections.(Network Security)(virtual private networks)|
|Date:||Mar 1, 2009|
|Previous Article:||Media converters bridge the gap: combined with fiber-optic cabling, devices help solve legacy issues in industrial environments.|
|Next Article:||Assess APPS in use.|