VAOS Success Story

Checkpoint replacement with
SecureGUARD TMG 2010 appliances

Sector

Oilfield Services

The Solution

SecureGUARD TMG950 Appliance based on Microsoft Forefront Threat Management Gateway 2010 (TMG)
The Microsoft security solution has been expanded by adding the partner’s convenient management and support functionalities, deeply integrating them into the customer’s Microsoft infrastructure.

The Challenge

VAOS Ltd. is a company that specializes in oilfield projects in the inaccessible desert regions of the Sahara. The company headquarter is located in Malta and there are branch offices in Linz (Austria) and Libya. A number of smaller branches are also connected. These are mainly located in the middle of the desert, which means that extreme demands are made on the IT infrastructure as well: Besides the high temperatures of up to 58° C, there are long distances of hundreds of kilometers between branches and there is no reliable power supply, telephone or internet connection.
At all locations, the old solution on the basis of Checkpoint was to be completely replaced, the small subsidiaries were to be connected via satellite.
The central administration of the entire solution from the technical location Linz was a main focus of the project, which meant i.e. implementation of access to distributed Microsoft systems, a distributed Active Directory with 4 domain controllers at four different locations, a distributed Microsoft Exchange mail system with four mail servers as well as distributed update (Microsoft WSUS) and client deployment (Microsoft Windows Deployment Server) infrastructure at four locations.
A VoIP telephone connection to all branches via site-to-site VPN was also asked for, as well as access to the SAP applications (including access from the outside).
Of course, IT security had to be guaranteed throughout all connections at all locations.

Technical Solution

The technical solution was implemented via the security software Forefront Threat Management Gateway 2010 (TMG) from Microsoft, integrated into a SecureGUARD TMG950 appliance, which supplements and expands the former by adding management and support functionalities.
At the IT headquarters in Linz, a virtualized Microsoft Enterprise Management Server (EMS) has now been installed in addition to a cluster with two nodes. Two SecureGUARD TMG950 appliances are used for the two nodes. The other two large locations at Portomaso and Tripoli are both connected via TMG950 appliances. For the smaller subsidiaries with their small numbers of users, the SecureGUARD Starter Edition was sufficient: This is an economical alternative allowing locations with only a few users to be connected, as it uses a modified version of the TMG Workgroup Edition. Its price is very reasonable due to the limitation to 25 simultaneous users.
All branches are connected via site-to-site VPN and are administered centrally from Linz. This is made possible by the “Branch Office Deployment” function of SecureGUARD Appliance Management in conjunction with the new functionality of the Microsoft Enterprise Management Server in Linz, which allows for the central administration of the Standard or Workgroup Edition.
The SecureGUARD programmers ensured the communication of customers and suppliers via the enterprise software SAP by using a self-developed NAT driver specially designed for the Microsoft TGM 2010. Comprehensive enterprise security is provided by the functionalities of the new Microsoft Threat Management Gateway 2010: firewall, antivirus scanning, URL filtering and HTTPS inspection protect all branches.

Result

The new security functions of the TMG allow the entire administration of the customer to be carried out from one location. Downtimes are minimized as a result of the improved Disaster Recovery, in which Microsoft combines a firewall as well as malware and content protection into one unit. On the part of VAOS, this saves personnel and a considerable amount of time during operation, thus reducing the costs required for implementing IT security. The functionalities of the SecureGUARD Appliance Management System and of the wizards, such as the Branch Office Deployment Wizard, guarantee faster software roll-out.