STORY SUMMARY
A research-intensive university with over 23,000 students, the University of Southampton is a leading entrepreneurial institution in the United Kingdom. When the University sought to significantly expand throughput to support an increase in students, improve network stability and services to users, heighten security, and lower IT management burdens, they selected Palo Alto Networks Nextwave Channel Program Platinum ASC CPSP Partner Khipu Networks, working with European Electronique under the NEUPC procurement framework, to partner with them to meet their long-term strategic goals.
CLIENT QUOTES:
"Palo Alto Networks allows us to significantly increase bandwidth, deliver more services faster, and elevate security. The visibility, scalability, and dynamic threat prevention of Palo Alto Networks makes us confident that we can fully protect and support our academic mission." – Simon Lane, Senior Professional Specialist, Enterprise Systems Development, University of Southampton
"The throughput of Palo Alto Networks allowed us to connect to the 10Gbps 'Janet,' which enabled us to improve connectivity and expand services to end users. We're pleased we have a solution in place with the ability to support our university as it continues to grow. " – Simon Lane, Senior Professional Specialist, Enterprise Systems Development, University of Southampton
BIG RESEARCH REQUIRES BIG BANDWIDTH
It's no surprise that major research and collaboration with commercial companies are routine at the University of Southampton. After all, the University is renowned for its scientific research in computer science and engineering, in particular, and is home to a large High Performance Computing (HPC) center. Protecting intellectual property, sensitive communications, and providing the bandwidth and tools to support and accelerate academic research are priorities and challenges for the University's IT team. Add to this the fact that the University is expanding its student body and it's little wonder that finding cost-effective, easy-to-use, and efficient network security tools with multiple capabilities is critical.
"Our IT staff has lots of projects and initiatives going on at once, and we have to run multiple systems," says Simon Lane, Senior Professional Specialist, Enterprise Systems Development, University of Southampton. "Technologies that can automate processes, or help us be more proactive, or save time, are essential."
Expanding Student Body Seeks Expanded Bandwidth
The University of Southampton deals with many of the issues that bedevil most educational institutions such as bandwidth, network latency, security, and today's more sophisticated threat landscape. On top of this, the University – which already has over 23,000 undergraduate and postgraduate students and 5,000 staff – is in the midst of a major expansion. "We're adding students and putting WiFi in about 6,000 student residence hall rooms," says Lane. "Increased bandwidth needs and a growing student population put a lot of demand on our network. It is a challenge to keep up to ensure the availability of resources, uptime, and responsiveness."
Bandwidth availability had been an ongoing issue for the University. "A number of institutions often have bandwidth constraints that cause performance and latency issues," says Matthew Ashman, Sales Director for Khipu Networks, the University of Southampton's strategic IT partner. "Keeping up can be an ongoing obstacle to research, and to delivering the support that staff and students need."
The University of Southampton had two 2Gbps Internet connections from 'Janet,' the United Kingdom's high-speed network for research and education. In addition to providing connectivity, 'Janet' affords access to a wide range of services such as videoconferencing, web mail, ISP, and research services. It is a key part of the national infrastructure enabling the UK to deliver world-class higher education and research. The 'Janet' network is considered mission-critical to the country's knowledge economy.
MORE GIGS REQUIRED
To solve issues with network latency, the University sought to increase its 'Janet' links from 2Gbps to 10Gbps. "Our incumbent software-based firewalls running on commodity hardware had limited throughput and couldn’t handle the additional bandwidth required to enable things that our science and HPC departments wanted to do, which was hindering their work. The students currently living on campus in our residence halls generate a lot of traffic, and we were poised to add more. They needed better support too." To meet growing demand, the University needed multiple security platforms with the ability to handle a minimum of 10Gbps of throughput each.
PROTECTING 'JANET'
Most universities permit free network access in the name of academic freedom, but this philosophy often means security and bandwidth consumption tradeoffs. "We allow most things, which adds obstacles to securing everything," says Lane. "Lots of research projects are sensitive because they use medical data or are collaborations with global companies. DoS attacks are a constant threat to our assets and users, and responding to and trying to prevent exploits a challenge because we have to protect tens of thousands of people inside the network on various devices. We needed to consolidate and standardize our security infrastructure to provide better security – and deliver and maintain access control policies – while still enabling academic freedom."
The University of Southampton's incumbent firewalls were unable to keep pace with the throughput or security needs, and were causing other problems. "They were cumbersome to use and it was cost-prohibitive and a never-ending cycle for us to try to keep them updated, which leads to vulnerabilities," says Lane. "They also lacked visibility, and the process of pushing out a new policy had become unreliable.” The University needed a better, long-term solution.
The Khipu and University of Southampton partnership
Khipu Networks is a cybersecurity company – and longtime Palo Alto Networks Nextwave Channel Program Platinum Partner and certified Authorized Service Centre (ASC) – that delivers a wide range of network, wireless, and cyber security solutions, technologies, and services. The University of Southampton selected Khipu to provide a solution that would enable the University to upgrade to 10Gbps 'Janet' links, improve security and scale easily to accommodate future growth. "The university's requirements were based upon a modern security platform that is application-aware, scales easily, and offers strong throughput." says Ashman.
Khipu Networks introduced the University to the Palo Alto Networks security platform. It consists of a Next-Generation Firewall, Threat Intelligence Cloud, and Advanced Endpoint Security. The security platform delivers application, user, and content visibility and control, as well as protection against network-based cyberthreats integrated within the device through a purpose-built hardware and software architecture. The Threat Intelligence Cloud provides central intelligence capabilities, as well as automation of the delivery of preventative measures against cyberattacks.
Khipu also recommended the Palo Alto Networks Panorama Network Security Management Solution. Panorama, running on a virtual appliance, provides centralized management and logging capabilities for organizations to easily manage all security platforms from one location and interface, and quickly deploy uniform policies to all devices.
"We ran various vendors through a rigorous evaluation process and based on cost, performance, and capabilities Palo Alto Networks won out," says Lane. "We liked its visibility and security control, which is backed by a global threat analysis system with rapid and automated response via dynamic updates from the Palo Alto Networks cloud. We also liked that with Panorama we can push a button and update our security policies." Palo Alto Networks delivers integrated protection from advanced malware and threats by proactively identifying and blocking threats commonly used in modern cyberattacks.
AN ADVANCED DEGREE OF SECURITY & THROUGHPUT
The University of Southampton purchased three Palo Alto Networks PA-7050 next-generation firewalls and deployed them in high availability: two on its 10Gbps 'Janet' links at the main campus and the third on a new 10Gbps 'Janet' link at the University's new data center. Khipu Networks led the installation of the PA-7050s. It marked the first time Palo Alto Networks latest chassis based firewall had been deployed in the United Kingdom. "The Palo Alto Networks systems are supporting 10Gbps of throughput, and we've turned on many of their advanced features too," says Lane. "We will use them to bolster internal security as well." The deployment includes a subscription to Threat Prevention, including IPS, and Panorama.
The team from Khipu Networks played a pivotal role in delivering the complete security solution for the University of Southampton. "We worked with Simon and his team in the design, integration, implementation, migration, commissioning, and support of the Firewalls," says Ashman. The University plans to use Khipu Networks' KARMA (Khipu Automated Remote Monitoring Application) Service. The service will proactively monitor the health of the University's Palo Alto Networks security platform and other security systems.
SUPPORTING INNOVATIVE SCHOLARSHIP
The University of Southampton is already noticing the impact of Palo Alto Networks. "The first step in our process was a light installation of Palo Alto Networks, and it is proving very reliable," says Lane. "We have no problems pushing out policies, and we don't fear that issuing policies will fail anymore. Palo Alto Networks gives us confidence."
The University's newfound network visibility is improving security. "We know way more about what's happening on our network than before," says Lane. More importantly, network latency and resource availability are no longer problems, and new services can be deployed and supported for students and faculty.
"One big reason we moved to Palo Alto Networks is because it has the capacity to handle high throughput and evolve with our needs, and not degrade as we start processing more traffic," says Lane. "The ability to handle the 10Gbps 'Janet' links is a huge leap that makes the network more reliable and faster, and enables staff to transfer large files or conduct HPC research. It also allows IT to provide more services, scalability, and Disaster Recovery protection."
The Future
The University of Southampton has already reaped numerous benefits from the first phase of its deployment of Palo Alto Networks, and plans to take advantage of more of the security platform's benefits. "We will investigate how the visibility and applicationawareness of Palo Alto Networks can help take care of copyright infringement issues more efficiently," says Lane.
For mobile and endpoint security, the University has the opportunity to explore Palo Alto Networks GlobalProtect™ and Traps Advanced Endpoint Protection. GlobalProtect™ extends the safe application enablement of a customer's policies to all users, regardless of location or device used for access. Traps prevents sophisticated vulnerability exploits and malware-driven attacks via endpoints.
Due to deploying Palo Alto Networks security platform, the University of Southampton has solved issues related to network security, reliability, and latency, and can support new services and easily scale. "The comprehensive capabilities of Palo Alto Networks enable us to secure and more fully support our academic mission," says Lane.
