Universities consist of some of the most complex IT environments where the users need to have fast, reliable and secure access to information while at the same time be able to protect sensitive data.
The University of Technology Sydney (UTS) is no exception.
The head of IT at UTS knew it was time to modernise the university network and, by working with a partner, the team saw the replacement of network firewalls as an opportunity to make improvements on the existing infrastructure.
As a part of the process, the company engaged Airloom, a partner which specialises in mobility, cloud and cyber security. Airloom is an F5 Networks partner, and leverages the vendor's application delivery controller (ADC) portfolio to help meet end client's application delivery needs.
Airloom chief revenue officer, Malcolm Salameh, told ARN that rather than offer the uni a simple upgrade from its existing F5 firewalls, the company was able to work with the team at UTS to determine what other services the uni could use.
For example, the university serves a large number of international students, which means the network receives a large amount of internet traffic from these countries.
In order to minimise the possibility of cyber attack, Airloom and the UTS team set up the system which included a web application firewall (WAF) so the network would only accept traffic from countries where students originate, all other traffic was blocked.
This rules-based approach allowed the UTS team to eliminate blocks of traffic which had no place being on the network. This reduced the surface attack area of the university considerably.
More than just a cyber security play
UTS IT technical services manager, Steve McEwan, explained that the university previously had two data centres, a production facility (run by Macquarie Telecom in North Ryde) and a disaster recovery site (on campus).
“We didn’t have any contingency so if we lost the DR site we would lose our F5 connectivity,” he explained.
As a result, the uni took the opportunity to re-architect its network to bring in more capability.
“At that time, we didn’t have a lot of the features around cyber security and those were the things we wanted to implement," McEwan said.
“We were running different boxes for different services as well. For example, we had a Juniper box for remote VPN access, so we have now brought that into the F5, which is great because it is one less box to manage, one less contract to manage, one less account manager to deal with.
“The beauty of the F5 for us is that we have been able to do some consolidation of infrastructure. One of the things we really wanted to drive was the cyber security capability. For us, the data is paramount and we needed to secure that, we were just not doing that very well," he said.
McEwan added that the project was about trying to be proactive and employ all the capabilities that could provide the best level of protection.
“It is all about reputation. We don’t produce a product, the product is basically the teaching,” he said.
Keeping it simple in a complex environment
Due to the nature of the organisation, the university holds large amounts of sensitive data on students and staff including student transcripts, student accommodation information and other proprietary information.
The UTS IT team is made up of 35 people, but the organisation doesn’t have a dedicated F5 engineer. There are people who maintain and manage the F5 infrastructure but their roles require them to perform other functions as well. This meant the new system needed to be deployed in such a way which would require minimal input from UTS once it went live.