Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
15 June 2009  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Express Intelligent Enterprise

Events

Technology Senate
Technology Sabha
Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Management - Article

Peer-to-Peer

Manning the network

NDMC has deployed Cyberoam 1000i UTM appliance that plays the critical role of protecting its entire network, writes Nivedan Prakash

New Delhi Municipal Council (NDMC) is the Municipal Council of India’s capital city—New Delhi. The NDMC regulates and superintends all matters pertaining to taxations, budgeting, revenue, accounts, contracts, audits, sanitation and public health, streets and public safety, etc. In other words, NDMC is directly responsible for the wellbeing of the entire population that resides in New Delhi.

NDMC has installed computers in various departments, offices and in NDMC schools. It has set up an IT infrastructure to provide a back bone to the entire administration and back office operations. It has designed and developed customized software for various departments of NDMC such as Health, Civil, Commercial, and Accounts Departments, amongst others.

NDMC resolved to intensify its efforts in providing better civic services to the citizens and a multitude of visiting patrons from all over the country and overseas.

Business challenges

NDMC was already using Cisco PIX, which did not fulfill their complete requirements. They wanted to replace this legacy firewall and also wanted to protect their 15 servers. A legacy firewall solution only cannot control indiscriminate surfing and blended threats originating on the Web. One of the main challenges faced was “unproductive” use of Internet bandwidth. Opening up access to these sites for all users resulted in bandwidth getting “choked”. Hence selective blocking of sites was required.

Highlighting NDMC’s Internet security needs, K Murugan, Deputy Director–IT at NDMC, said, “With Cisco, we didn’t have the content filtering and mapping options. Earlier they had declared that Cisco PIX is end of life. But it had problems like they did not provide any kind of support, especially post sales for this particular product. And above all, the most important thing was that the Cisco PIX was not able to give the report. We needed a gateway level solution for three specific purposes.”

Murugan further explained NDMC’s requirements, which are as follows:

  • NDMC wished to replace its legacy firewall because the firewall has limited efficacy in combating blended threats. 
  • For total business connectivity, the corporation has three ISP links. So they needed bandwidth management, multiple links load-balancing and link fail-over solutions. Load balancing was a key requirement as they used to carry out manual load sharing using static routes.
  • NDMC tried ISA Server 2000. However, ISA Server could not manage network traffic. In the absence of Web filtering and access accountability, the little bandwidth that was left was consumed by unrestricted surfing. This proved detrimental to the organization’s productivity. Lack of Internet usage accountability led to malicious sites being surfed, which in turn infected the organization’s network. So they needed a good content filtering solution.

"We required a unified solution that met our business security, productivity and connectivity requirements. It is because we wanted a solution that meets our expectations and is easy to configure and affordable to maintain"

- K Murugan
Deputy Director-IT,
New Delhi Municipal Council

Talking about a consolidated solution, Murugan, added, “The prime reason was to replace this appliance with a unified security solution that met our business security, productivity, and connectivity requirements. Not exactly a hardware appliance but the one that had firewall, content filtering, managing multiple ISPs, and load balancing amongst others. We were looking in for unified solution because we wanted a solution that meets our expectations, is easy to configure, and affordable to maintain.”

Cyberoam solution

After a demo of Cyberoam, NDMC’s satisfaction culminated in the purchase of a Cyberoam 1000i appliance, which was deployed in gateway mode in their Delhi Head Office. Nearly 15 publicly accessible servers are placed behind Cyberoam which cater to their municipal school, all mail servers, and Web servers.

This implementation took place in September 2008 at one go. “Earlier we had our demo device from February 2008. We worked on it from February 2008 to September 2008 and we found it to be very efficient and meeting our expectations. We first tried and tested the product and then only we went in for final deployment,” added Murugan.

NDMC went in for a UTM appliance rather than point solution it was load balancing, for which they did not have had any device earlier. As mentioned above, they have three ISPs and with Cyberoam, they can see the actual report of these ISPs. ‘Which IP to be routed through which ISP’—this can be now properly managed. The main reason was to efficiently manage the load balancing. 

“Cyberoam is one of the few devices which is providing more than two ISPs’ support. Most of the appliances can terminate up to two ISPs, but with Cyberoam you can terminate n number of ISPs. We are happy with Cyberoam because it solved a lot of our problems like merging of ISPs and security, amongst others. Cyberoam solution is a complete package. All security aspects are taken care by the Cyberoam solution. We can say—all security solutions in a box,” opined Murugan.

Implementation in a nutshell
Company New Delhi Municipal Council
Solution Cyberoam 1000i UTM appliance
Aim of the implementation To meet the business security, productivity, and connectivity requirements
Phases of the implementation September 2008
Challenges faced
  • Controlling indiscriminate surfing and blended threats originating on the Web
  • Bandwidth management
  • Multiple-links load balancing
Benefits
  • Restricts non-productive surfing and saves a lot of bandwidth
  • On-appliance reporting provides clear visibility of all network activity

Working of the solution

Using the firewall feature, Murugan defined the Access Control List to the 15 servers deployed in the DMZ. This helps the corporation to regulate the people who can access the servers. The data on the servers is highly critical in nature. Any compromise can lead to serious interruption in the corporation’s functioning.

Hence Cyberoam plays a tremendously vital security role by protecting the organization’s entire network. The solution provides granular access controls over the Internet and the network resources. The firewall also provided a central point of control over the UTM security features making the solution user-friendly.

NDMC has deployed Cyberoam in gateway mode, wherein all the three ISP links terminate directly on to Cyberoam. As per their bandwidth capacity, the links have been assigned 2, 4 and 10 weights respectively. Using the load balancing feature, NDMC trifurcated the Internet traffic between all the three links to guarantee continuous and total business connectivity.

As the organization had 1000 Internet users they required continuous business connectivity. Cyberoam’s multiple links load balancing and gateway failover helps them to make optimal use of their ISP links. The ISP link failover feature, ensures that the organization has end-to-end connectivity in case of a link failure. Using multiple complex failover rules, the administrator is able to achieve failover of the ISP link for its true business requirements.

Reaping benefits

Cyberoam’s Web filtering module also helped the organization block inappropriate and unsafe Web content, including phishing and pharming sites. In addition to using the predefined categories, custom categories are created which the organization wanted to block specifically. So, NDMC has been able to block certain sites as per their requirements. Content filtering is implemented using user identity-based policies.

According to the user’s productive need and corporate hierarchy, the user is provided selective access. Except a few senior executives, all the Web mails and instant messaging sites are blocked for all the basic users. Internet access policies are custom designed to meet the professional requirements of the employees. Cyberoam provided an excellent content filtering solution based on users and their professional requirements. Cyberoam’s 82+ category strong Web content filtering technology kept the organization’s Internet resources productively focused.

The ability to curb unnecessary traffic in the form of gambling, streaming media, games and other distractions provides a much more productive network environment. Deployed in a single location, the single Cyberoam appliance is able to meet all the diverse security, connectivity and productivity needs of the organization.

Cyberoam’s On Appliance comprehensive reporting feature of Cyberoam gives NDMC clear visibility into all network events and provides access to the information related to—‘who is using what and when in the network’.

The Internet search reports help to understand the users’ behavior and usage trends which are saving NDMC a lot of time, energy and efforts. This helps him take timely measures to block any upcoming problem.

In short, Cyberoam is a single box solution for all our security needs as it has the ability to protect data and deliver continuous service to customers. With security, Cyberoam also ensures productivity and connectivity.

nivedan.prakash@expressindia.com

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: The Indian Express Limited. All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of The Indian Express Limited. Site managed by BPD.