Case Studies Archive Search Case Studies

Swisscom Provides Safe Internet Access to Schools Using F5 Solutions

Swisscom is Switzerland’s leading telecommunications provider, with 5.5 million mobile customers and 1.8 million broadband connections. To support Switzerland’s schoolchildren, Swisscom embarked on a project to provide free Internet access for all Swiss schools.

With more than 5,000 primary and secondary schools in the country and a  potential user base of 900,000 pupils and teachers, Swisscom needed a best-in-class solution for load balancing, URL filtering, proxy management, and security. The initiative had been widely publicized. Stability, performance, and reliability were the project’s highest priorities. F5 VIPRION and F5 BIG-IP Local Traffic Manager Application Delivery Controllers (ADCs) played a key role in helping Swisscom deliver on its commitment.

Business Challenges

Swisscom wanted to provide all primary and secondary schools with free broadband Internet access. The company planned to assume the bulk of the installation costs and all charges, so that pupils and teachers could take full advantage of the Swisscom offering.

With its Internet for Schools initiative, Swisscom saw the opportunity to fulfill its social responsibility as a major Swiss company by providing direct, long-term support for Switzerland’s education system.

The initiative would ensure that children in Swiss schools came into contact with the Internet at an early age and would begin to develop the media skills that are becoming increasingly important for their futures.

In a public-private partnership, Swisscom worked with federal and local authorities to connect all the country’s schools to the Internet. To connect the more than 5,000 primary and secondary schools, with a potential user base of 900,000 pupils and teachers, Swisscom needed a stable, high- performance, and reliable solution for load balancing, URL filtering, proxy management, and security.

Because most users would be children and young people, a further important consideration was the provision of accurate URL filtering to protect users from viewing inappropriate material. Each of Switzerland’s cantons (federal states) has its own set of policies regarding the type of content allowed. For this reason, the solution needed to be flexible enough to enable each canton to adapt the system to its own requirements.

The initial project covered 5,000 schools, with the remaining few hundred to follow at a later date. With most potential users  wanting access at the same time—during  school hours—efficient load balancing was  a crucial issue.

“Since the implementation was concluded, the system has been running smoothly and is extremely stable.” Martin Theiler, Swisscom Project Management and Engineering

Solution

Swisscom called on F5’s partner eXecure, a systems house specializing in security infrastructure, to provide design, product, and implementation recommendations. eXecure, which already had experience with large-scale projects combining security with flexibility and performance, recommended F5 BIG-IP Local Traffic Manager (LTM). eXecure supported Swisscom in building out a test environment mirroring the production environment and worked with Swisscom in-house specialists to put the solution through its paces.

In total, the project took approximately nine months from inception to going live. Although both Swisscom and eXecure staff had made very generous estimates of potential traffic levels during the design phase, they were delighted to see that the schools were making intensive use of the Internet right from the outset.

“The initiative was so successful so quickly that we had to act fast to expand it,” said Martin Theiler from Swisscom’s Project Management and Engineering department.  “With more than 4,000 HTTP requests and a throughput of 2 Gbps, the traffic was often more than 200 percent higher than we’d initially planned.” As a result, the second phase of the project—covering increased bandwidth and additional schools—had to be started much earlier than projected.

The system continued to run, but it was redesigned based on 10 Gbps technology and resized by Swisscom together with eXecure and F5. “This solution has been running smoothly ever since then,” Theiler said. “Handling this volume of requests and throughput was quite a challenge, especially in regard to the interoperability of the products involved. This was where F5’s support was crucial. They helped us every step of the way. It was key to the success of this project being delivered on time.”

Today, Swisscom has connected more than 5,600 Swiss schools to the Internet. The schools are distributed across about 40 LANs and connected to Swisscom’s IP-Plus backbone with 40 firewalls. All of the schools’ HTTP traffic is routed from these firewalls to VIPRION proxy virtual IPs (VIP). The backbone routers are directly connected to the VIPRION systems’ 10 Gbps interfaces

The system has been set up with F5’s patented cookie persistence technology. This feature uses an HTTP cookie stored on a client’s computer to allow the client to reconnect to the same server previously visited at a website. This is important because approximately 100,000 concurrent users are located behind just 30 IP addresses. The VIPRION proxy VIP then balances the load across 10 Blue Coat proxy appliances. Using the Internet Content Adaptation Protocol (ICAP) request/response protocol, the proxy appliance sends requests, through a virtual server on BIG-IP LTM (ICAP VIP), to eight McAfee Web Gateway devices (formerly known as Webwasher).

The firewalls’ source IPs are used as a basis for defining McAfee Web Gateway policies. This is important because each canton is responsible for defining its own thresholds regarding certain types of content, such as violence. For DNS name resolution, the relevant DNS requests are distributed across four DNS servers through two virtual servers (TCP/UDP).

Swisscom has repurposed the initial, smaller solution for future managed security services. It is used for beta tests of cloud- based security solutions for customers.

“[The F5 solution] is exactly right for our requirements. We’re particularly impressed with its reliability and scalability, enabling us to extend it whenever we need to.” Martin Theiler, Swisscom Project Management and Engineering

Benefits

Switzerland’s schools benefit from robust, stable URL filtering in which F5’s solutions play a central role.

“This is something of a flagship project, given its extent,” said Theiler. With about 900,000 users in total—of which more than 100,000 are concurrent—the system is one of Switzerland’s largest centralized web access and security initiatives.

“Since the implementation was concluded, the system has been running smoothly and is extremely stable,” added Theiler. “It is exactly right for our requirements. We’re particularly impressed with its reliability and scalability, enabling us to extend it whenever we need to.”  F5’s VIPRION chassis-and-blade hardware is particularly well adapted to projects requiring scalability, like the Swisscom schools initiative. Processing power can be increased by simply plugging an additional blade into the device without interrupting any applications.

As Christoph Loitz, Senior Account Manager from eXecure, concluded: “This was a huge and at times challenging project, and its success today is due in large part to the great teamwork between Swisscom, F5, and us here at eXecure. The support we had from F5 was exemplary in every way. This web access and content security solution is unique in Switzerland today, and I think we can all be proud of that.”