Novoferm case study

Background

At the beginning of last year, the well-established Austrian company Novoferm GmbH faced the challenge of restructuring its network and linked security environment. In addition to networking the Austrian sites, the aim was to seamlessly integrate the company's subsidiaries in the Czech Republic, Hungary, Croatia, Poland, and Russia, during the changeover. Novoferm developed a management concept and was seeking an incredibly reliable, easy-to-manage network security solution.

The Challenge

Novoferm forms part of the Domoferm International holding which, with six production plants in Austria, Germany and the Czech Republic, is Europe's foremost manufacturer of steel frames. The company also ranks among Europe's leading providers of steel doors and fire doors. However, it now generates around 40 percent of its business from projects providing individually tailored solutions - and the trend is on the rise. For a long time, architects and builders have been reluctant to settle for standard doors and frames and have been requesting unique models, which require an extremely flexible manufacturing concept with a virtually endless range of product variations. Consequently, products are manufactured at the Gratwein and Ganserndorf sites in Austria with very short lead times. Of course, high availability network connections are required for this process. Down time is particularly expensive and any malfunctions in the company's IT network can lead to lengthy and costly delays in production. Therefore, Novoferm relies on a network security solution that shields the network against external threats such as viruses, spam, and malware, while monitoring security levels within the local network

In addition to the two Austrian sites, Novoferm has, over recent years, built up an international network of sales offices in Italy, Germany, the Netherlands, the Czech Republic, Croatia, Hungary, Poland, Russia, and as far afield as Dubai. Most of the offices have been integrated into Novoferm's corporate network and can access various corporate data. Novoferm's sales force throughout Austria represents another user group, which also needs round-the-clock access to the corporate network. The connection's security and stability levels, as well as usability and easy administration, are particularly important for them. Moreover, success of the company requires a "flexible" solution that can be adapted to an increasing number of employees.

Over the past few years, Novoferm has been outsourcing its network security, and an external provider managed its company-wide connections. "However, we were looking for a solution that would enable us to make all decisions ourselves and implement changes at any time. For instance, we found it important to manage all access rights independently within the company, and to be able to react quickly in the event of malfunctions - without becoming involved in lengthy agreement processes with external partners," said Martin Korn, Head of Novoferm's IT & Central Services, explaining the initial situation. "Furthermore, the growing number of subsidiaries abroad had, until now, been using their own providers for their networks, which posed a problem. Subsequently, this situation has meant that various providers were passing the buck in the event of breakdowns, and it was taking an extremely long time to rectify errors," added Manfred Neubauer, Novoferm's IT Network Team Leader. Plans were made to manage all lines within the Novoferm network centrally.

Another important factor was that, above all, the network infrastructure had to be managed centrally from the sites abroad, as they are purely sales offices and do not employ their own IT staff. In addition to these prerequisites, network security was a key issue. Using MPLS technology, IPSec (VPN) tunneling and easily configurable, extremely reliable security functions, the new network needed to stop spam and viruses, block external access, and repel malicious attacks.

The WatchGuard® Solution

With these requirements in mind, Novoferm's IT team, together with their long-term IT consulting partner, Active Internet Performance, started looking for a new, largely self-managing network solution at the beginning of 2008. After testing various approaches, the company decided on the network security solutions provided by WatchGuard Technologies, Inc. "We had already worked with WatchGuard products and achieved pleasing results. These solutions offer a wide range of security functions and are very reliable,' stated Mr. Korn, explaining his decision. The appliance at the heart of the Novoferm network is a high-performance WatchGuard Firebox® X Core™ 750e, which provides comprehensive protection with functions such as deep packet firewall inspection, VPN, zero day protection, anti-spyware, anti-spam, anti-virus, intrusion prevention, and URL filtering. For security reasons, the Firebox was sourced out to an external computer centre in Vienna, where the equipment is well protected by computer centre standards including access restrictions, air conditioning, and an uninterruptible power supply.

At its main Ganserndorf site, Novoferm has another Core X750e linked to the computer centre Arsenal via a standard copper connection and a 20-Mbit directional radio link. "This redundant connection provides us with added security. If a connection failed, the other would take over data traffic without losing any time," explained Mr. Neubauer. However, data exchange within Novoferm's corporate network also has to function smoothly on an international basis. Therefore, the five Novoferm offices in the Czech Republic, Hungary, Croatia, Poland, and Russia are connected to the computer centre via WatchGuard Fireboxes and Branch Office VPN links. "We decided on VPN for the international connections, because MPLS links to sites abroad would have incurred significantly higher costs," explained Mr. Korn. VPN is also used for connecting the Austrian sales force. Using SIM cards and VPN Client, they will be able to dial securely into the corporate network wherever they are. At the same time, the Core X750e ensures data from mobile clients is transferred securely.

Benefits

The WatchGuard network security solution offers Novoferm great advantages. Simultaneous and simple connections via various technologies are possible, all the Austrian sites are optimally connected via the MPLS network, and connections from 2 to 20 Mbit guarantee excellent speeds, data rates and services. "We can now set parameters for the whole network from the central Firebox in the computer-centre Arsenal and, at the same time, manage the individual offices independently. Managing the individual access rights via the WatchGuard solution is very simple. Furthermore, we can react quickly in the event of a breakdown," stated Mr. Korn. This also applies to the offices abroad, which can now access the company's headquarters via the branch-office VPN. IT staff are not required on site thanks to the central management. Should the hardware surprisingly prove defective, WatchGuard guarantees a replacement. As an international provider, WatchGuard has service teams ready to repair any hardware damage in all countries with Novoferm offices, thereby rectifying the problem within a short amount of time.

The new network was officially launched at the beginning of 2009. "We're extremely satisfied with the WatchGuard products. The security solution functions smoothly, and switching to a single provider has made our internal IT department's work considerably easier," confirmed a delighted Mr. Korn. "Owing to the simplicity of the Fireboxes, we'll be able to react in a much more flexible manner. In addition, we have very stable network connections at our disposal - they're just as stable as our own products."

« Return to top »