network-campus-university

Less could mean more for a campus network


By dumping its multi-appliance network approach in favor of an all-in-one solution, a Kentucky school beefed up security, improved the user experience—and saved money.

network-campus-universityIn deciding how to protect a university network and optimize their performance, IT departments often face a choice: Go with best-of-breed applications for each service, even if integration sometimes poses a headache, or opt for an all-in-one solution that wraps multiple services into a neat bundle. When the headaches start to outweigh the performance benefits of standalone solutions, the all-in-one approach can look mighty attractive.

Asbury University, a small faith-based school in Kentucky, reached that tipping point two years ago when it decided to trade in its multi-appliance network arrangement for an all-in-one solution—in this case, Dell’s SonicWALL E6500 series firewall. “We were dealing with separate appliances for network access control [NAC], user authentication, our VPN, and our web-content-filtering system, plus we had our firewall for network security and intrusion detection,” said Paul Dupree, CIO and assistant vice president of IT Services at Asbury University. “The devices didn’t always work seamlessly together and they weren’t communicating as efficiently as possible.”

Dupree was particularly concerned that exploitable flaws existed in the interfaces between these different devices and applications. “I think there was some vulnerability inherent in our model of four separate appliances that relied on protocols between the network appliances,” said Dupree. “There were no heavily documented vulnerabilities, but we would hear rumors of students finding ways around our web-content filtering, for example. As a faith-based institution, we have a specific mission to block certain types of websites from on-campus users.”

The user experience was also less than ideal. The old web-filtering software, for example, relied on proxy settings, so all students and employees who brought their personal devices to campus had to input the proxy settings before they could access the Internet. “It was a huge process and a pain for the end user,” said Dupree. “It also resulted in a lot of technical and support calls to our help desk. My overarching goal was to simplify the user experience.”

Although Dupree had originally employed the Dell SonicWALL solely as the firewall within the networking system, he started using its other features as problems mounted with the multi-appliance approach. “It now provides us with far more than you would expect from a firewall,” he said. “There is the web-content filtering that we manage per our acceptable-use politics, and our NAC has also been collapsed into the Dell SonicWALL. That’s been a huge bonus for us.”

(Next page: Breaking down the benefits)

Breaking down the benefits

Following the switch, according to Dupree, the user experience improved dramatically. “No changes need to be made to a device’s network settings,” he said. “The experience now is similar to what you would experience at a hotel as a guest. By moving the web-filtering component to the firewall, it becomes totally transparent—it is inherently part of the transmission stream.”

At the same time, Dupree feels that the integrated solution provides a higher level of security than the previous setup. “With everything collapsed to a single appliance and a single software code base, we don’t rely on appliances playing nicely together,” he said. “Everything is handled internal to the firewall. You can’t bypass NAC, because then you’re bypassing the firewall, which means you can’t access the Internet.”

The SonicWALL allows the network administrator to manage access in ways that are typical of most NAC systems, setting different permissions for different groups, such as faculty, staff, and students. The VPN, for example, is specific to a certain class of users, whereas the web-content-filtering software is applied across the board to comply with the school’s mission.

Network traffic is also prioritized to ensure mission-critical functions operate at optimum speed. “We give priority to our learning management system, which is hosted in the cloud,” said Dupree. “At the same time, we de-emphasize certain entertainment-type classes of websites.”

In September, Asbury upgraded from the SonicWALL E6500 series to the SuperMassive 9200 series, which offers 10 Gbps of firewall throughput, 3.5 Gbps of malware protection, and 5 Gbps of application inspection. For redundancy purposes, the school deploys two of the devices. “We have the appliances connected together, and they fail over automatically in the event of a problem,” said Dupree. “It also provides us with a maintenance window with zero downtime.”

According to Dupree, the move to an all-in-one system has also saved his institution time and money. “I think we’ve seen at least a 50 percent savings by getting rid of those other appliances,” he said. “We’ve gone from a multi-appliance, multiple-device setup to a single device that performs multiple functions. It simplifies the job for the IT staff, lowers costs, and requires fewer licenses because there aren’t as many vendors involved.”

Andrew Barbour is a contributing editor with eCampus News.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.