Freely subscribe to our NEWSLETTER

Matthew Marl is the IT Manager at Pembrokeshire College with responsibility over the maintenance and development of a multi¬faceted IT and communications strategy. As Matthew explains, he and his team’s remit falls into three major areas: to facilitate the research and learning experience of students, to underpin the IT requirements of College business functions, and to manage the requirements of the Innovation Centre and its resident businesses.

“Our network hosts 1,400 of our own PCs and laptops in addition to many more devices brought in and used by students. The traffic loads can be very large at peak times, particularly for users who want to access the Internet. We are fortunate to operate a high-capacity 34Mbps broadband connection provided by JANET (UK Joint Academic Network).”

In addition to desktop anti¬virus (AV) protection onboard classroom/library PCs and laptops, Matthew was also operating a Cisco ASA5200 firewall appliance to provide primary security between the trusted confines of the corporate network and the connection onto the Internet. In a bid to add an additional layer of protection for users, Matthew sought to complement the existing firewall with network¬based AV protection. The addition of an AV ‘module’ to the Cisco set¬up however resulted in a severe decrease in Internet access speed. “Switching on the AV functionality on the Cisco firewall created a bottleneck which made it really difficult for users to benefit from any sort of decent web browsing experience, even at the best of times,” Matthew recalls.

“At peak times, like the daily lunch hour, the entire system would often fail and have to be rebooted; these service interruptions had big knock¬on effects.”
That period was unpleasant for all concerned, as students and staff alike would often complain about the Internet service being offered. The IT team needed to relieve the bottleneck and deliver a return on the large investment made in the College’s 34Mbps link. The new solution would also have to cope with the added demands for an open access wireless network that could conceivably enable all students to access the Internet as well as limited College resources. “The old system couldn’t address the added security requirements we placed on it and therefore had to be replaced.”
Solution.

The IT team at Pembrokeshire College set about finding alternative solutions, primarily by canvassing

Matthew felt his teams resources and time were too limited to allow for testing numerous alternatives. “We wanted to conduct one pilot, and for that pilot to be successful. As it turned out, we are very glad we went with Nouveau Solutions.”

For the pilot, Fortinet provided a single FortiGate®¬3600 integrated multi¬threat security appliance, capable of delivering a suite of key security functions without impinging network performance. Planned to take place between November 2007 and January 2008, the pilot could not wait for a ‘quiet time’ to be implemented; instead it was straight in at the deep end. “In the education sector, a lot of large infrastructure changes are typically made in the quiet summer months when traffic loads can be simulated or estimated. With the Fortinet device, we wanted to guarantee we were placing it under maximum stress so we’d know it would not pinch performance at crucial times.”

Success

Having been a runaway success, the pilot concluded with the immediate switchover onto a permanently deployed FortiGate¬1000A¬FA2 appliance, which was completed by Nouveau Solutions. The Fortinet appliance offered the right performance levels to meet the College’s security requirements. “The FortiGate¬1000A transition was a smooth one. Running AV and firewall in tandem, we were also able to utilise the platform for VPN. None of this extra load diminished network performance.”
Given the evident reliability of Fortinet’s integrated multi¬threat security appliance, Matthew and his team decided to turn on additional security services. “We previously operated SurfControl web content filtering (WCF) on a separate server, located behind the firewall. It was easy to switch off and remove these network elements, and use the FortiGate’s WCF functionality instead. Again, no performance impingements arose from this. We were able to consolidate our security infrastructure while increasing security functionality and traffic load – all without hitting performance anywhere near as much as the old solution.”

Web content filtering and anti¬virus/anti¬spyware are two of the award¬winning FortiGuard® subscription services provided by Fortinet. FortiGuard IPS and anti¬spam subscription services are also available, and all are continuously updated by Fortinet’s international 24x7x365 Global Threat Response Team, which automatically delivers updates to deployed Fortinet security platforms.

Since the FortiGate¬1000A has been up and running, Pembrokeshire College has successfully introduced its open wireless network, which has meant significantly more users and traffic now come under the watch of Matthew and his team. “When you offer open access to the Internet, you have to do so with responsibility. We were able to separate the open wireless network traffic from the rest of the network, whilst utilizing the FortiGate’s WCF without any additional investment in the infrastructure. There are also some other really helpful features, such as the disclaimer about adhering to college policy and responsible web usage that pops up on users’ browsers whenever they log on via the open access network. It helps us brand the service as our own, by using one of the FortiGate¬1000A¬FA2’s eight ports we’ve created a safe zone entirely distinct from our trusted network where all users can access Intranet, Moodle learning environment and other web resources.”

Looking to the future, Matthew is confident that – from a security perspective at least ¬Pembrokeshire College’s strategic aims will continue to be served by their Fortinet investment. A forthcoming project will test the two accelerated ports on the device by routing all College videoconferencing traffic through them.

“The FortiGate¬1000A¬FA2 went beyond our expectations, coping with the challenges of layered security functions admirably; the CPU usage stats never go much higher than about 45% even when it’s being hammered. It is a highly versatile piece of equipment which delivers high speed internet in a very challenging environment.”

Nouveau Solutions is exhibiting at 360°IT, the IT Infrastructure Event held 22nd – 23rd September 2010, at Earl’s Court, London. The event provides an essential road map of technologies for the management and development of a flexible, secure and dynamic IT infrastructure. For further information please visit www.360itevent.com