Breaking down the benefits
Following the switch, according to Dupree, the user experience improved dramatically. “No changes need to be made to a device’s network settings,” he said. “The experience now is similar to what you would experience at a hotel as a guest. By moving the web-filtering component to the firewall, it becomes totally transparent—it is inherently part of the transmission stream.”
At the same time, Dupree feels that the integrated solution provides a higher level of security than the previous setup. “With everything collapsed to a single appliance and a single software code base, we don’t rely on appliances playing nicely together,” he said. “Everything is handled internal to the firewall. You can’t bypass NAC, because then you’re bypassing the firewall, which means you can’t access the Internet.”
The SonicWALL allows the network administrator to manage access in ways that are typical of most NAC systems, setting different permissions for different groups, such as faculty, staff, and students. The VPN, for example, is specific to a certain class of users, whereas the web-content-filtering software is applied across the board to comply with the school’s mission.
Network traffic is also prioritized to ensure mission-critical functions operate at optimum speed. “We give priority to our learning management system, which is hosted in the cloud,” said Dupree. “At the same time, we de-emphasize certain entertainment-type classes of websites.”
In September, Asbury upgraded from the SonicWALL E6500 series to the SuperMassive 9200 series, which offers 10 Gbps of firewall throughput, 3.5 Gbps of malware protection, and 5 Gbps of application inspection. For redundancy purposes, the school deploys two of the devices. “We have the appliances connected together, and they fail over automatically in the event of a problem,” said Dupree. “It also provides us with a maintenance window with zero downtime.”
According to Dupree, the move to an all-in-one system has also saved his institution time and money. “I think we’ve seen at least a 50 percent savings by getting rid of those other appliances,” he said. “We’ve gone from a multi-appliance, multiple-device setup to a single device that performs multiple functions. It simplifies the job for the IT staff, lowers costs, and requires fewer licenses because there aren’t as many vendors involved.”
Andrew Barbour is a contributing editor with eCampus News.