UTM appliance picks up slack when domain controller fails

Monday, 18 November, 2013

ACS Aviation Solutions has deployed a unified threat management appliance in its Australian and Ireland offices, creating a sure site-to-site connection and VPN tunnel between the two.

ACS provides auditing, training, consulting and other services to organisations in the aviation industry. It is one of only eight companies worldwide - and the only organisation in the Southern Hemisphere - authorised by the International Air Transport Association (IATA) to conduct safety audits on airlines.

IT Administrator Jorge Silveira described the organisation as a small business with a considerably large network management requirement. “We run an enterprise-grade infrastructure with virtual machines, thin clients, physical computers, redundant controllers, two different print servers, Windows services, backups and more,” Silveira said.

The company maintains offices in Melbourne and Dublin. From an IT perspective, ACS has approximately 20 power users working across the two offices, plus another 50 auditors and field workers who require remote access. Given the nature of the ACS’s work, all data is highly confidential and security is paramount.

To protect the network, Silveira has deployed a WatchGuard XTM 330 unified threat management (UTM) appliance in the Melbourne office. The device combines firewall functionality with networking features including management and reporting tools.

Silveira said that with the new device, “In terms of traffic monitoring, I can log into the system and monitor what comes in and out of the network. I can see what traffic has been blocked and can determine whether a packet should be allowed or not.”

Shortly after deploying the appliance, ACS upgraded its internet to fibre. “With that we got a range of IP addresses and WatchGuard has been able to handle all those addresses correctly, exactly the way I want them handled within the network. For example, one address is used for remote users, another is for internet traffic and another is for telephony traffic.”

When ACS relocated its Dublin office, Silveira used the opportunity to deploy a second XTM 330, which he then connected to the one deployed in Melbourne, creating a secure site-to-site connection and a VPN tunnel. Next, using the tunnel and Windows 2012 Server replication capabilities, Silveira set the system up so that all activity on the Dublin server would be replicated in Melbourne in real time, and so that all Melbourne activity would be replicated in Dublin.

The result is a secure network that hosts the company intranet and provides disaster recovery capability.

“It allows people to view our infrastructure as one single network. If anything happens to users in one site, they can still securely access their files from the other,” Silveira said.

The infrastructure was tested earlier this year when the domain controller in Dublin went down due to a hardware interruption. Because the server was not available, Dublin traffic was rerouted through Melbourne, enabling all staff to log on and operate as normal.

In the next few months, Silveira plans to begin using the appliance to manage VPN connections for remote users. This will ensure validation of connections occurs at the firewall, rather than in the server. Silveira likens the approach to a doorman who asks visitors to wait outside while he checks their credentials, rather than first inviting the stranger in. The result is that traffic is validated between the firewall and the server, rather than between the server and the user, therefore providing another layer of protection for the network.

Related Products

D-Link PowerLine pass-through powerline

The D-Link PowerLine AV2 2000 gigabit pass-through powerline starter kit includes two...

Trend Micro Incorporated XGen endpoint security

The Trend Micro Incorporated XGen endpoint security identifies benign data and known threats. It...

Kingston IronKey D300 managed encrypted USB flash drive

The Kingston IronKey D300 managed encrypted USB flash drive deploys an advanced level of encryption.

  • All content Copyright © 2022 Westwick-Farrow Pty Ltd