Security Company Keeps Systems Protected and Available with F5 Technology Reliance Protectron Security Services, provider of security systems and HVAC services, needed to create a reliable IT environment for its business applications, including Microsoft Exchange Server 2010 and Citrix XenApp. To this end, the company implemented F5 Application Delivery Controllers using F5 deployment guidance. Now, Reliance Protectron can ensure availability even in the event of a disaster, and it has consolidated traffic management for multiple applications on a single platform. Further, the company uses F5’s easy-to-manage security and access control policies to ease remote access and ensure compliance with Payment Card Industry (PCI) Data Security Standards. Business Challenges Reliance Protectron Security Services is one of Canada’s largest security monitoring and installation companies, serving more than 350,000 residential, commercial, industrial, and wholesale subscribers. The company is based in Montreal, Quebec, has approximately 1,500 employees, and also provides heating, ventilation, and air conditioning (HVAC) services to more than 1.5 million customers. Reliance Protectron relies on a number of business-critical applications such as Citrix XenApp to deliver virtualized applications to employees working on the company’s network or remotely—including personnel working from home offices and overseas call centers that monitor alarm activity and provide support for HVAC customers. Reliance Protectron needed to create a redundant infrastructure for its XenApp environment to ensure that users have highly reliable access to applications such as Microsoft Dynamics SL, where the company manages HVAC customer account and equipment information; and its Sybase business intelligence software for managing building and safety-of-life security system alarms. The company maintained a secondary data center in Ottawa, Ontario, for disaster recovery, but it needed to ensure that failover would happen seamlessly during maintenance or in the event of an unplanned outage. “Our business is 24/7,” says Cindy Dalmasie, Network Administrator at Reliance Protectron. “Users need to access XenApp without a hitch.” Reliance Protectron relies on Microsoft Exchange Server 2010 as a critical communications link among employees, customers, and partners. Approximately 10,000 email messages flow through its systems daily. The company cannot afford email downtime and needed to ensure that its Exchange 2010 environment is easy to manage, monitor, and protect. Finally, Reliance Protectron needed to support PCI standards for its web applications, where it handles confidential customer financial data. F5 won out in all categories: configurability, compatibility with other technologies such as XenApp and Exchange 2010 … and quality of documentation and support.” Cindy Dalmasie, Network Administrator, Reliance Protectron Solution Reliance Protectron evaluated different systems for managing traffic among its servers, including Citrix NetScaler and F5 BIG-IP Local Traffic Manager (LTM). “We created a matrix of our requirements and compared the capabilities of both systems against it,” says Dalmasie. “F5 won out in all categories: configurability; compatibility with other technologies such as Exchange 2010, our alarm system software, and XenApp; and quality of documentation and support.” In addition, Reliance Protectron was attracted by the extensible nature of the BIG-IP solution, which allowed it to add BIG-IP Access Policy Manager (APM) for additional access control capabilities. Reliance Protectron implemented a pair of BIG-IP LTM devices, one in each of its data centers in active/passive mode, to perform intelligent load balancing among servers running Citrix XenApp and its Exchange 2010 servers. The devices support automatic failover to ensure reliability in the event that a data center becomes unavailable. Reliance Protectron used the F5 BIG-IP LTM Deployment Guide for Citrix XenApp to configure BIG-IP LTM using an Application Template. It also used the BIG-IP APM Deployment Guide for XenApp and took advantage of F5’s Application Ready Solution for Microsoft Exchange Server 2010, which provides step-by-step guidance on how to achieve faster, more streamlined deployments. The company used the F5 Exchange Server 2010 Deployment Guide (version 2.2) to configure BIG-IP APM to support pre-authentication and proxy for all Exchange HTTP-based protocols, including Microsoft ActiveSync, Outlook Web App, and Outlook Anywhere. “We use BIG-IP APM as a proxy for access to Citrix XenApp and Exchange 2010,” explains Dalmasie. Reliance Protectron also takes advantage of BIG-IP LTM SSL offload capabilities to migrate CPU-intensive SSL encryption and decryption (for instance, from its security camera monitoring application) to the BIG-IP devices. The company also uses F5 iRules—a customizable scripting language that gives IT departments complete and granular control over application traffic— to create custom redirects for flexibly managing IP traffic to web servers. “Now, we can easily manage our Citrix and Exchange Server applications—and support other applications like Microsoft SharePoint Server as we grow—from a single platform.” Cindy Dalmasie, Network Administrator, Reliance Protectron Benefits Using F5 technology, Reliance Protectron ensures high availability for its business- critical applications and enhances its network and data security environment. The company takes advantage of comprehensive F5 deployment guides and support to ease IT management and administration. Improves availability, ensures top performance With BIG-IP LTM, Reliance Protectron can ensure that users are directed to high-performing servers and can automatically fail traffic over to its disaster recovery–focused data center to retain full application delivery capabilities during maintenance or an unplanned outage. The BIG-IP system’s SSL offload capabilities help the company provide users with access to high-performing applications—a necessity as they manage mission-critical alarm and HVAC control systems around the clock. “Our users have expressed enthusiasm about the improvements,” says Dalmasie. “BIG-IP devices help us ensure that our servers are performing well.” Enhances security With BIG-IP APM, Reliance Protectron consolidates and manages remote access to Citrix XenApp and other line-of-business systems, as well as to Exchange 2010. The company capitalizes on BIG-IP APM endpoint security to ensure that each computer or device that attempts to access the network is fully patched and protected, and meets access requirements. “With BIG-IP APM, we can automatically inspect each user device— this is essential to maintaining strong security for our payment data and the health of our network,” says Dalmasie. Eases management and administration Reliance Protectron finds F5 product documentation and customer support to be superior. “The F5 deployment guides and templates made the environment very easy to configure, much easier than competing solutions,” says Dalmasie. “Furthermore, the support we have received from F5 has been fantastic.” Reliance Protectron also finds that the F5 environment is easy to customize and adapt, and uses F5’s unique iRules technology to manipulate and manage traffic. For instance, with iRules, Reliance Protectron can implement custom redirects and policies to easily manage application traffic. “IRules customization capabilities help us further enhance our specific security environment with confidence.” Reliance Protectron realizes additional management benefits because BIG-IP products allow it to consolidate Application Delivery Networking activities on a single platform. “Now, we can easily manage our Citrix and Exchange Server applications—and support additional applications such as SharePoint Server and CRM as we grow—from a single platform,” says Dalmasie. Reliance Protectron also plans to implement BIG-IP Application Security Manager (ASM), an advanced web application firewall, to protect its web applications and confidential customer financial data. It will use BIG-IP LTM to manage traffic and access to its Microsoft SharePoint Server environment and its customer relationship management system (CRM).