Needed to enhance the security of the college’s network infrastructure; take advantage of virtualisation; migrate from the old network solution.
Installed two PA-2050 next-generation firewalls replacing the aging Cisco ASA system. The PA-2050 comes with integrated Threat Prevention that leverages multiple threat prevention disciplines including IPS, IDS and anti-malware along with URL filtering and file and content blocking.
Simplified management has resulted in 60 per cent savings in manpower compared to the previous solution. The PA-2050’s advanced security solution and support for virtualisation is a welcome addition to the college’s network infrastructure.
Macao Polytechnic Institute Achieves State-of-the-Art Security and Cuts Management time by 60 Percent with Palo Alto Networks™
Searching For A Better Way To Enhance Learning
Macao Polytechnic Institute (MPI) is a public institution of higher education with an emphasis on applied knowledge and skills. The MPI has 235 academic staff, 297 administrators and 55 professional trainers. Together, they serve around 3,000 full time degree-level students and 20,000 students on non-degree programs across four main buildings, as well as students’ halls and administrative offices. The organisation was looking for a way to streamline its IT and harness the increased security, user-friendliness and centralized IT management promised by virtualisation. A smooth migration from its pre-existing infrastructure was essential to ensure service continuity and minimal disruption.
Combatting Modern Web Threats
Network management had been a cumbersome process with the MPI’s previous Cisco ASA system, because the product was command-line based. This meant that not all of the network could be managed within a single interface, making the task complicated and time consuming. This, in turn, took its toll on IT department resources. With increasing numbers of students and staff wishing to use their personal devices to access the MPI network, compatibility headaches and the challenges of maintaining network availability and preventing malware were increasing.
Against this background, MPI’s IT department attended a vendor seminar in June 2011, and gradually became aware that a secure virtualisation solution could address all of these problems at once.
After evaluating a number of vendors and examining their track record deploying solutions in Macau, as well as implementations at educational institutions elsewhere, MPI chose Palo Alto Networks as the vendor to partner with for their firewall requirements.
Initially Palo Alto Networks, working with its channel partner Mega Tecnologia Informatica Ltd., undertook a detailed study of the network architecture at MPI. After careful consideration of the workload, the type of content that passes through MPI’s network, and the future plans of the college, Palo Alto Networks recommended replacing the existing Cisco ASA 5520 appliance and Websense URL filtering solutions with a Palo Alto Networks PA-2050 next-generation firewall solution.
MPI has about 45 physical servers and over 100 virtual machines/servers. The school used a combination of Storage Area Network (SAN) and Network Attached Storage (NAS) with a total capacity of 25TB. All in all, there are 1,600 desktops installed across the campus. There are around 1,000 laptop computers and mobile devices accessing the Internet, and MPI’s two e-learning platforms, through the university’s wireless networks.
With such a diverse profile of users, security is of paramount importance to MPI. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) features and application identification are very important to have in the modern firewall system. IDS/IPS further protects MPI servers from Internet attacks and threats, in addition to the firewall. Application identification enhances the university’s firewall security by understanding the application, not just the port (for example: web browsing vs. port 80).
In addition, MPI also recognizes that anti-virus and URL-filtering features are important to have in the firewall as these reduce the chances of users downloading malware, Trojan software or accessing phishing or malicious web sites.
The Palo Alto Networks solution provides an all-in-one network security solution, including Level7 firewall, threat prevention, application identification, URL-filtering and anti-virus checking. Its user friendly interface helps the administrators understand the overall network security level and usage. It also simplifies the time and knowledge required in network troubleshooting.
Another key benefit of the Palo Alto Networks solution is its ease-of-use. The PA-2050 is simple to manage, changing network policies is relatively easy, and performance remains strong throughout.
The MPI campus network backbone includes four Cisco Catalyst 6509 switches with a 300Mbps Internet connection. The PA-2050’s URL filtering and Threat Prevention technology provides added security that MPI wanted to have.
The contract was signed in August 2011. Working with Mega, a local systems integrator, deployment was completed by the end of the year.
Voyage Io, Senior Administrative Officer of MPI’s IT Department, said the decision to upgrade the Institute’s infrastructure paid dividends almost immediately. “Being able to migrate seamlessly from the old system to the new one had been a key concern for us, but in the event, it was very easy, with no disruption to students or staff,” he said. “Now, the console gives us total network visibility at any given time.”
Io estimates that the upgrade has cut the man-hours spent managing the network by 60 per cent – time that can now be re-dedicated to strategic IT tasks rather than routine maintenance. Thanks to Threat Prevention, the Institute’s network is now better protected than ever – while also providing students and staff with highly available access to the data and applications they need to pursue their studies and carry out their duties, regardless of whether they are using their own device.
“When you look at the improvements we are experiencing across the organisation, this was clearly money well spent,” said Io. “As consumer technology has become more and more useful for work-related tasks, organisations around the world have faced the same challenges we did—how to accommodate people’s desire to use their smart phones and other personal devices to access company networks and Internet applications without compromising on security. I’m completely confident that we found the solution that was right for us.”