SecureGUARD TMG950 appliance based on Microsoft Forefront Threat Management Gateway 2010 (TMG)
The Microsoft security solution has been expanded by adding the partner’s convenient management and support functionalities and deeply integrating them into the customer’s Microsoft infrastructure.
VAOS Ltd. is a company which specializes in oilfield projects in the inaccessible desert regions of the Sahara. The company headquarters are in Malta and there are branch offices in Linz (Austria) and Libya. A number of smaller branches are also connected. These are mainly located in the middle of the desert, so extreme demands are made on the IT infrastructure too: besides the high temperatures of up to 58° C, there are long distances of hundreds of kilometres between branches and there is no reliable electricity supply or telephone or Internet connection.
At all locations, the old solution was to be completely replaced on the basis of Check Point. The small locations were to be connected by satellite.
The central administration of the entire solution from the technical location Linz was a very important focus, i.e. implementation of access to distributed Microsoft systems, a distributed Active Directory with 4 domain controllers at four different locations, a distributed Microsoft Exchange mail system with four mail servers, distributed update (Microsoft WSUS) and client deployment (Microsoft Windows Deployment Server) infrastructure at four locations.
A VoIP telephone connection to all branches via site-to-site VPN was also asked for, as well as access to the SAP applications (including access from the outside).
Of course, IT security had to be guaranteed throughout all connections at all locations.
The Technical Solution
The technical solution was implemented via the security software Forefront Threat Management Gateway 2010 (TMG) from Microsoft integrated into a SecureGUARD TMG950 appliance, which supplements and expands the former by adding management and support functionalities.
At the IT headquarters in Linz, a virtualized Microsoft Enterprise Management Server (EMS) has now been installed in addition to a cluster with two nodes. Two SecureGUARD TMG950 appliances are used for the two nodes. The other two large locations at Portomaso and Tripoli are both connected via a TMG950 appliance. The SecureGUARD Starter Edition was sufficient for the smaller locations with their small numbers of users: this is an economical alternative allowing locations with only a few users to be connected as it uses a modified version of the TMG Workgroup Edition. The price is very reasonable due to the limitation to 25 simultaneous users.
All branches are connected via site-to-site VPN and are administered centrally from Linz. This is made possible by the “Branch Office Deployment” function of SecureGUARD appliance management in conjunction with the new functionality of the Microsoft Enterprise Management Server in Linz, which permits the central administration of the Standard or Workgroup Edition.
The SecureGUARD programmers ensured the communication of customers and suppliers via the enterprise software SAP by using a self-developed NAT driver specially designed for the Microsoft TGM 2010. Comprehensive enterprise security is provided for by the functionalities of the new Microsoft Threat Management Gateway 2010: firewall, antivirus scanning, URL filtering and HTTPS inspection protect all branches.
The new security functions of the TMG allow the entire administration of the customer to be carried out from one location. Downtimes are minimized as a result of the improved disaster recovery, in which Microsoft integrates a firewall as well as malware and content protection into one unit. On the part of VAOS, this saves personnel resources and a considerable amount of time during operation, thus reducing the costs required for implementing IT security. The functionalities of the SecureGUARD Appliance Management System and of the wizards such as the Branch Office Deployment Wizard guarantee faster software roll-out.
SecureGUARD GmbH has its headquarters in Linz and is a leading Austrian manufacturer of high-quality integrated security solutions. All units, from small low-maintenance and low-noise branch office units to redundantly equipped high-performance units with 8 CPU kernels, have the same SecureGUARD functionality. As a Microsoft Gold Certified Partner, SecureGUARD is intensively involved in the development of the Microsoft Forefront Threat Management Gateway (TMG) and the Microsoft Forefront Unified Access Gateway (UAG). With the Microsoft-certified SecureGUARD appliance for Microsoft TMG 2010 and UAG 2010, SecureGUARD combines hardware, software and support to form a high-quality security solution which can be used in particular in homogeneous Microsoft environments with central authentication.
For more information, please go to: http://www.secureguard.at
Helmut Otto, CEO SecureGUARD GmbH