Case Study
Twin Rivers Unified School District
StoneGate Earns High Marks on Network Security Overhaul
StoneGate Reduces Complexities and Costs of Managing an Expanding Network
This reality check arrived between 2007 and 2009, when district oversight more than doubled from 12,500 students and 23 sites (including schools, adult education centers and administrative facilities) to 30,000 students and 67 sites.
“As our responsibility grew, the network became harder and more expensive to manage. Logistically speaking, we were constantly adding new firewalls and VPNs that had to be manually configured whenever a change occurred on the network. That’s fine if you have a team of 10 IT guys, but we only have a team of three,” said Marcum, IT systems manager for Twin Rivers.
These network woes were compounded by a demand to reduce network costs and the effects of less-than-optimal customer service from Twin Rivers’ current security vendors. To guarantee reliable access, Twin Rivers had implemented not only multiple ISP connections, but also multiple clustered security devices to eliminate single points of failure. Initially, Marcum’s team attempted to cluster CheckPoint firewalls, including a geographically dispersed four-node cluster and Rainfinity for their multiple ISP connections. However, once the solution was in place, they struggled to get the products to work as claimed.
Simplify and Centralize
Marcum and his team knew that the only way to overcome their challenges was to simplify and centralize Twin Rivers` network infrastructure. Top on the list of priorities was to find a solution that offered clustering technology for improved load balancing, enhanced network redundancy, flexible deployment and cost-effective pricing.
Marcum evaluated three different firewall technologies against their criteria before finally selecting Stonesoft’s integrated StoneGate Firewall/VPN solution. The flexibility of the solution was a dealmaker for Twin Rivers.
Marcum comments, “One of the reasons that made StoneGate such an attractive solution – aside from meeting all of our criteria, of course – was that we could test how the solution would run in our environment first without the need to immediately replace our CheckPoint firewalls.”
Stonesoft’s
engineers worked with Twin Rivers during a testing phase to install the solution and demonstrate
the performance of its clustering technology. During this critical evaluation period, Stonesoft
proved its ability to secure and support multiple network entry points. Twin Rivers also
tested Stonesoft’s StoneGate SSL VPN solution to extend the security and scalability to its wired
and wireless networks and to provide improved mobile access to its users.
With performance established in the testing phase, Twin Rivers moved forward with upgrading its mix of CheckPoint and Rainfinity firewall/VPN appliances to the StoneGate solution. The implementation was a total replacement, but took less than 72 hours to complete. Traffic and performance rolled over seamlessly to the new appliances.
With StoneGate’s combined security and high availability features, Twin Rivers was immediately able to transparently load balance traffic between multiple firewall clusters, including its geographically-dispersed four-node cluster. Stonesoft’s patented Multi-Link™ technology which is built in with the StoneGate Firewall/VPN appliances provided automatic failover and load balancing capabilities for multiple ISPs, giving the district the power to ensure internet redundancy and the fastest connections across all facets of its infrastructure.
The performance and painless implementation of the appliances alleviated Marcum’s security and failover concerns, but it was the single management interface that spelled out the cost savings. The StoneGate Management Center allowed Twin Rivers’ IT administrators to see what was happening across the entire network. If they needed to make a change, they could use the management center to configure one device and push that configuration out to all other devices. The StoneGate Management Center also armed Twin Rivers with the remote management to quickly administer routine updates across multiple networks without the need to travel on-site to each location.
Marcum comments: “We’ve only got a team of three, but we can execute like a team of 10. The StoneGate Management Center has taken us out of fire-drill mode and given us the ability to handle network security and performance proactively.”
Less Time, Less Spend, Less Worry
Today, Twin Rivers network security and performance is supported by eight StoneGate devices in its network, including a four-node and internal two-node cluster of StoneGate Firewall/VPNs, one StoneGate SSL VPN and a StoneGate Firewall/VPN appliance.
Instead of spending an estimated 90 percent of its time handling firewall issues, the district’s IT department can now focus on other aspects of network management. Prior to implementing the Stonesoft solutions, Twin Rivers’ IT staff was constantly fixing, rebooting, taking down and rebuilding firewalls to keep their network and Internet up and running. Plus most time the fixes were done after hours. Now when the IT staff works on the firewalls it’s mainly to update configurations, such as changing access to resources/users to further the education of the student. Even when there is a firewall issue, it can be addressed during normal business hours without a second of downtime.
Each day, the IT team monitors connectivity and access through the StoneGate Management Center’s centralized event logging capability. From this single view, team members can see traffic in real-time, whereas the previous Check Point solution did not provide easy access to this type of data. The IT team sends a daily summary of activity to the network group for investigation of any abnormal issues, and weekly summary is sent to the network group and management.
Less man hours, fewer on-site support calls and less down-time has translated into a substantial reduction in the total cost of ownership and much higher customer satisfaction. Now Twin Rivers can work with just one vendor – Stonesoft – versus two vendors – Check Point and Rainfinity. Stonesoft has also raised the bar with customer support. In the past, it had been extremely difficult to get “on-site” support from Check Point, leaving Rainfinity to often troubleshoot issues that didn’t exist in their clustering/load balancing application.
“We’ve basically hit the trifecta of security management. We don’t have to worry about the network going down or being breached. We’ve reduced our expenses across the network. And, it takes less time to do our job,” said Marcum.
Maintaining the Edge
Lonnie Rooke, one of Twin Rivers’ IT administrators, continues to customize the StoneGate solution to meet the district’s changing network and budget demands.
“One of our biggest security issues right now is preventing data leaks between internal and external users. That prompted our decision to increase our internal security standards and implement our newest StoneGate appliances – the SSL VPN and an internal two-node firewall cluster,” said Rooke.
Rooke also notes that one of the smartest things that Twin Rivers did during its security overhaul process was to base their selection on more than just product performance. Customer support, one of the key selection criteria by which Stonesoft was judged, has been integral.
“Stonesoft’s team is responsive and knowledgeable. We’re working with reps that have been there for a long time, know the solutions inside and out, and understand what makes our challenges unique,” said Rooke.
Twin Rivers continues to maintain its position as a technology leader in California’s education system. The stringent requirements they made in qualifying their network security partners has paid off.
Marcum sums his satisfaction up by saying: “We haven’t had to grow our network security budget or staff proportionate to the growth in our district. That’s really pretty phenomenal when you think about it.”
“We’ve basically hit the trifecta of security management. We don’t have to worry about the network going down or being breached. We’ve reduced our expenses across the network. And, it takes less time to do our job.”
Dave Marcum - IT Systems Manager
Twin Rivers Unified School District - Twin Rivers Leverages E-rate Funding
Twin Rivers used E-rate funding to aid in the purchase of the solutions. As a trusted security
vendor to the education industry, Stonesoft is certified by the federally funded program that
helps qualified educational institutions receive technology grants.
The Schools and Libraries Program of the Universal Service Fund, commonly known as “E-rate,” is administered by the Universal Service Administrative Company (USAC) under the direction of the Federal Communications Commission (FCC), and provides discounts to assist most schools and libraries in the United States to obtain affordable telecommunications, Internet access and associated networking infrastructure. The aim of the program is to ensure that schools and libraries have access
to affordable data and telecommunications services.
Twin Rivers Unified High School District Challenges
- Multiple insufficient products for firewall clustering and ISP failover capabilities
- Poor customer support
- Unreliable network performance
- Difficult deployment of network devices
- Limited ability to efficiently manage expansive network
Results with Stonesoft
- Firewalls with built-in always-on connectivity technologies
- Superior tech support
- Ensured network reliability
- Ease of deployment for changing network demands
- Simplified management for a limited staff
About Stonesoft
Stonesoft Corporation (NASDAQ OMX: SFT1V) delivers proven, innovative solutions that simplify network security management for even the most complex network environments. The StoneGate Platform unifies management of entire networks - including StoneGate and third-party devices – blending integrated threat management, end-to-end high availability and network optimization into a centrally controlled system. As a result, Stonesoft provides the highest levels of proactive control, always-on connectivity and compliance at the lowest total cost of ownership (TCO) on the market today. Founded in 1990, the company is an established leader in network security innovation with corporate headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia. For more information, visit www.stonesoft.com and http://stoneblog.stonesoft.com.
