Customer Solution Case Study
City Upgrades Network Security and Simplifies Management with New Firewall Solution
Overview
Country: United States
Industry: Public and Nonprofit Sector
Customer Profile
The City of Colorado Springs, Colorado, with an estimated population of 320,000, is home to the United States Air Force Academy, the multisport Olympic Training Center, and Pikes Peak.
Business Situation
Colorado Springs wanted to increase the functionality and security of its Web site, while simultaneously decreasing management responsibilities.
Solution
The city chose Microsoft® Internet Security and Acceleration (ISA) Server 2004 as a firewall solution that improves the user experience and allows the IT staff to focus on other responsibilities.
Benefits
n Simplified management
n Increased IT productivity by 20 percent
n Simplified configuration
n More detailed logging reports
n Increased Internet response time by 20 percent / “With ISA Server 2004, we can dig deeper to track down almost any potential issue our network might encounter.”
Paul Walker, Information Systems Manager, City of Colorado Springs
The IT staff working for the City of Colorado Springs, Colorado, found that network security for the city’s computer system infrastructure and Web site required a large amount of manual operation and maintenance. To alleviate the time commitment associated with these manual tasks, the IT staff decided to pursue an upgraded firewall solution that would not only respond more intuitively to user demands, but also simplify management of the network. Satisfied with their previous experience with Microsoft® security software, Colorado Springs administrators opted to upgrade the network firewall to Microsoft Internet Security and Acceleration (ISA) Server 2004. As a result, the city has increased its network security, reduced IT management time by 20 percent, and increased Web site response time by 20 percent.
Situation
Founded in 1871 in central Colorado by General William Jackson Palmer, Colorado Springs today presents a vast array of businesses and cultures. A large part of the economy stems from the location of Fort Carson, the United States Air Force Academy, and several Air Force bases within the city borders. As home to the North American Aerospace Defense Command (NORAD), the city also plays a pivotal role in the U.S. military space program.
Colorado Springs offers its estimated 320,000 citizens, as well as tourists, a wealth of scenic sites that includes Pikes Peak and the Garden of the Gods. As headquarters to the U.S. Olympic Committee and Olympic Training Center, Colorado Springs provides amateur athletes with one of the world’s most highly touted multisport training facilities.
For cities as diverse and large as Colorado Springs, the Internet serves as an important resource for sharing information and services. A visit to the Colorado Springs Web site shows links to everything from city agencies, news, events, and tourist information to government documents and forms, permit information, bus passes, ticket payment, and park services. “Our goal is getting public information out through the Internet for everyone to use,” says Jon Saultz, Principal Information Systems Analyst for the City of Colorado Springs. In 2003 alone, the city’s Web site generated U.S.$1.2 million in revenue. On average, the site handles 12 million hits per month.
The Colorado Springs Web site administrators already had an effective firewall, Web publishing tool, and virtual private network (VPN) solution in Microsoft® Internet Security and Acceleration (ISA) Server 2000. While satisfied with ISA Server 2000 and its security features, IT administrators nevertheless felt that some aspects of the software could be improved. In particular they were concerned with the amount of manual work that the system required of users. Although IT staffers were not actively shopping for a replacement solution, they planned to eventually upgrade to a product that would provide a similarly strong firewall as well as increased functionality and simplified management. The underlying belief was that these benefits, in turn, would result in an even better user experience for the Web site’s visitors.
Solution
In 2003, IT administrators of the Colorado Springs Web site learned of the pending release of Microsoft ISA Server 2004, part of Microsoft Windows Server SystemTM integrated server software. Based on their previous positive experience with Microsoft software and ISA Server 2000 in particular, administrators opted to test the beta version of ISA Server 2004 to see if the upgrade and modifications would address their needs. “The main reason we pursued ISA Server 2004 was because it was a Microsoft application,” says Saultz. “ISA Server 2000 was still doing a great job for us, but we wanted to look at the refinements in the new software.”
As a means of testing ISA Server 2004, the IT staff chose to run both ISA Server 2000 and ISA Server 2004 in their Web site production environment. Moving forward, the Colorado Springs network plans to use two instances of ISA Server 2004, one for VPN and one for Web publishing. ISA Server 2000 will eventually be phased out of the infrastructure altogether.
ISA Server 2004 took 10 minutes to set up and make operational. To simplify the migration process, administrators configured the same settings on both ISA Server versions. Except for this updated firewall solution, the existing Web server system, including the Dell PowerEdge 1650 server, remained the same. The production environment runs on the Microsoft Windows ServerTM 2003 operating system.
The test showed advantages of ISA Server 2004. Every time an administrator creates a rule or modifies a feature of the Web site, ISA Server 2004 uses a standard format of backup that translates the action into XML so that members of the IT staff can read about it or track it later. As a means of improving services, administrators use the log-reporting features of ISA Server 2004 to report to approximately 30 departments about the information coming through the network.
ISA Server 2004 also gives the Colorado Springs network the added security of stateful packet filtering, which examines Internet Protocol addresses, data, and the state of a connection. In contrast to static packet filtering, which bases filtering decisions only on administrator-defined rules and headers, stateful packet filtering also bases its decisions on context that has been established by prior packets that have passed through the firewall. This added level of firewall architecture can analyze packets down to the application layer. Stateful packet filtering, also known as dynamic packet filtering, was available in ISA Server 2000 but had to be manually configured. With ISA Server 2004, this type of filtering is standard.
Benefits
For the IT staff managing the City of Colorado Springs Web site, the upgrade to ISA Server 2004 directly addressed specific needs of the network infrastructure. In addition to acquiring a high-level firewall, Colorado Springs also found features of ISA Server 2004 to be more intuitive and require less manual administration than the previous version. These improvements help simplify management of the network and, in turn, help increase IT staff productivity. At the same time, administrators can keep better track of the network with more detailed logging reports that occur in real time and provide a better understanding of system efficiency. And users are finding their Web site experience more satisfying.
Simplified Management
The IT staff finds ISA Server 2004 easy to navigate in part because it is so logically assembled. “The user interface provides more functionality and responds more intuitively,” says Paul Walker, Information Systems Manager for the City of Colorado Springs.
For example, when first deploying ISA Server 2004, an administrator is given an option of configuring the firewall in several different standard scenarios, such as a three-legged perimeter network (also known as a demilitarized zone). Each scenario is represented by a template that comes with a definition and a picture. The IT staff can configure everything from site-to-site VPN and firewall policies to application layer configuration.
“A great thing about a lot of the Microsoft software is that it’s educational,” says Saultz. “ISA Server 2004 is very accommodating to the many different infrastructures that organizations use in their network environments.”
In addition, the IT staff finds it very helpful that all the application’s features are initially disabled. “We’re used to seeing security software where all features come turned on and you have to manually turn them off,” says Saultz. “This new aspect of ISA Server 2004 helps eliminate surprises.”
Increased Productivity by 20 Percent
As a result of the simplified management, IT staff productivity has increased by approximately 20 percent. This increase leads to better customer service. “It frees me up to do other things related to management,” says Saultz. With more available time to devote to users, the staff is able to solve computer problems in a more timely and efficient manner. “Users see faster resolution of their questions and needs,” says Walker. “We don’t have to mess around with manual tasks and details. Instead of fixing and managing the network all the time, we can concentrate more on our customers.”
Simplified Configuration
With ISA Server 2004, the City of Colorado Springs helps simplify the VPN setup for its network. VPN implementation in the previous environment required the user to go through the software application and make each firewall rule. While this procedure still exists in ISA Server 2004, the process has been simplified. “The user interface has a management piece with all of these intuitive procedures that accomplish tasks with fewer steps,” says Saultz. “It takes administrators a few steps and they’re done.”
For instance, in ISA Server 2004, stateful packet filtering that keeps track of incoming and outgoing communication packets—between VPN clients and internal servers, forexample—now comes as a standard feature. In the older version, the feature was available but needed to be configured. Similarly, complex settings like application layer analysis and firewall policy can be backed up with one click.
An added bonus for the IT staff is that ISA Server 2004 didn’t require any supplemental training. “The setup is similar to ISA Server 2000,” says Walker.
Faster and More Detailed Logging Reports
While administrators felt that the previous logging reports met their basic needs, they now find that the reports in ISA Server 2004 provide much more detail. New logging functionality operates in real time from the user interface and with very detailed event selection criteria. “For us, it means taking fewer steps to track down problems,” says Saultz.
In addition, the IT staff finds that the reports run up to 15 percent faster, saving administrators time by placing more data at their fingertips. “Systems everywhere get knocked out all the time,” says Walker. “With ISA Server 2004, we can dig deeper to track down almost any potential issue our network might encounter.”
Increased Internet Response Time by 20 Percent
Web site users also notice an improvement on the site, with Internet response time increased by close to 20 percent. “The more simplified manner in which rules are applied makes the whole site run better,” says Saultz. “I think that overall site efficiency has improved by 20 percent.”
With improved performance, more remote users can telecommute than before. These users include both government employees and vendor support personnel for various network elements. The IT staff finds that in conjunction with ISA Server 2004, Microsoft Office Outlook® Web Access for Exchange Server 2003 provides access to remote users up to 15 percent faster than before. Administrators expect this number to increase with the recent implementation of the Windows Server 2003 operating system.
Decreased Downtime
The City of Colorado Springs has encountered no downtime with ISA Server 2004. “Even in the early testing version, it stayed up and running,” says Walker. “It’s a very reliable environment.” With the combination of Windows Server 2003 and ISA Server 2004, IT staff members feel more secure in their ability to maintain the network. “We think the combination of Windows Server 2003 with ISA Server 2004 is very solid,” says Saultz.
Microsoft Windows Server System
Microsoft Windows Server System integrated server infrastructure software is designed to support end-to-end solutions built on Windows Server 2003. It creates an infrastructure based on integrated innovation, Microsoft’s holistic approach to building products and solutions that are intrinsically designed to work together and interact seamlessly with other data and applications across your IT environment. This allows you to reduce the costs of ongoing operations; deliver a more secure and reliable IT infrastructure; and drive valuable new capabilities for the future growth of your business.
For more information about Windows Server System, go to:
www.microsoft.com/windowsserversystem