arvato systems

Integrated Edge Security Improves Media Company's Network Security and Performance

Arvato Systems provides communication services for parent company Bertelsmann, a worldwide media corporation. The company needed to give remote employees more secure access to Web-based applications, but its firewall solution could not deliver application-level protection. The company also could not ensure consistent remote access to messaging because the high volume of connection requests overwhelmed the network. For improved network protection and stability, Arvato Systems implemented a solution based on Microsoft® Internet Security and Acceleration Server 2006, part of the Microsoft Forefront™ line of business security products. Now employees have better remote access to applications and data, and the company has a more protected IT environment with application-level security. The security solution is also easy to maintain, resulting in better network stability and enhanced productivity.

Situation

We have had no problem providing continuous access. In fact, we haven’t had any downtime in the three years since we installed ISA Server.  Jürgen Schenk System Consultant Arvato Systems

Based in Gütersloh, Germany, Arvato Systems is a business division of Arvato. Arvato is part of Bertelsmann, a global media corporation that includes Random House and Bertelsmann Music Group (BMG). Arvato Systems delivers IT services to the entire Bertelsmann organization, which has approximately 97,000 employees. With operations in 63 countries, the Bertelsmann work force depends on secure, reliable access from any location to corporate applications and data.

Arvato Systems had implemented a messaging solution for Bertelsmann based on Microsoft® Exchange Server 2003 Enterprise Edition that supported up to 35,000 mobile employees, most of whom used Microsoft Office Outlook® Web Access. The mobile employees came from any one of six business divisions, and included sales staff and executives from all levels of the corporation.

Arvato Systems was vigilant against Internet-based threats, and maintained extensive firewall technology to protect corporate IT assets. However, the IT services provider was concerned that firewalls alone delivered inadequate protection for Web-based applications. Employees connected from diverse mobile devices and locations, which increased network vulnerability. “Users connect from anywhere in the world and from any device you can think of,” says Jürgen Schenk, System Consultant, Arvato Systems.

In addition, with up to 5,000 network connection requests daily from mobile users, ensuring continuous access had become a problem. Connecting to corporate e-mail might take several attempts if a server computer overloaded. After those several attempts, the mobile user could usually connect to the other server computer within seconds. However, an estimated 10 percent of all attempts failed to connect at all, and in those instances users had to wait an average of 30 minutes until a server computer was available.

Erratic availability caused an escalation in help-desk calls and affected the productivity of mobile employees. Network access was further compromised if maintenance required taking one of the two messaging server computers offline. This procedure was especially risky because Arvato Systems required redundant systems to deliver 24-hour network access.

The services provider needed an integrated edge security gateway that could deliver application-level protection. Arvato Systems also wanted to ensure continuous network access for remote employees. “We needed a secure solution for mobile clients, one that had enhanced stability and redundancy,” says Alfons Opitz, Senior Manager Global, Arvato Systems.

Solution

Only ISA Server delivers this level of security for outward-facing applications.  Alfons Opitz Senior Manager Global Arvato Systems

When Arvato Systems implemented a new messaging system for Bertelsmann in 2004, it also investigated options for advanced network edge security protection. The services provider had installed Exchange Server 2003, and wanted an integrated security solution that would support more secure use of Outlook Web Access and Direct Push Technology. Direct Push is a feature of Exchange Server ActiveSync®, which delivers new e-mail messages and other information over the air to mobile devices as soon as the data arrives on the server computer.

Arvato Systems IT administrators read about Microsoft Internet Security and Acceleration (ISA) Server 2004 in a technical journal and thought that the solution could deliver more detailed control over Hypertext Transfer Protocol (HTTP) communication. ISA Server includes a stateful application layer filter that examines HTTP commands and data. The HTTP filter helps stop potential threats at the perimeter before they can reach the corporate network.

Arvato Systems implemented ISA Server 2004 to help protect its messaging solution in mid-2005, and a year later chose to upgrade its network edge gateway to ISA Server 2006, part of the Microsoft Forefront™ line of business security products. The services provider initially deployed ISA Server to help protect Outlook Web Access clients, and decided when it upgraded to integrate the security solution with other Web-based applications such as Microsoft Office SharePoint® Portal Server 2003.

Arvato Systems installed ISA Server 2006 on six server computers running the Windows Server® 2003 Enterprise Edition operating system. The ISA Server cluster protects two Exchange Server messaging systems and one SharePoint Portal Server Web farm. Arvato Systems configured access settings for Outlook Web Access and ActiveSync by using the New Exchange Publishing Rule wizard. The services provider also uses publishing wizards to quickly deploy Web farms.

The services provider implemented Web server farm load balancing on ISA Server 2006 to distribute access requests evenly among servers and for failover protection. Arvato Systems also uses load balancing features to safely take server computers offline for maintenance. The security solution includes Microsoft Systems Management Server 2003, which handles software updates and configuration management.

Benefits

Arvato Systems now ensures that Bertelsmann employees can work from anywhere in the world with remote access to Web-based messaging and collaboration applications and data. Integrated edge security helps defend against Internet-based threats at the application level, and easier management improves productivity for all employees. IT administrators can maintain systems without interrupting service, and now have more time for other projects.

We can take a server computer out of production with one click and restart it again, without the users noticing a difference in service.  Jürgen Schenk System Consultant Arvato Systems

Increases Network Availability

Network availability is critical because employees around the world depend on remote access to the messaging and collaboration networks located in northeast Germany. Bertelsmann employees now have nearly continuous access to Web-based applications. In fact, Web server farm load balancing ensures network availability even when a server is taken offline. “We have had no problem providing continuous access,” says Schenk. “In fact, we haven’t had any downtime in the three years since we installed ISA Server.”

Delivers Application-level Protection

By implementing ISA Server 2006, Arvato Systems helps remote employees connect more securely to Web-based messaging and collaboration applications. Connections are more secure because IT administrators can implement comprehensive protocol filters that help stop application-level threats at the network edge.

Arvato Systems has strengthened its perimeter defense with stronger Web-access protection. “Only ISA Server delivers this level of security for outward-facing applications,” says Opitz.

Enables Easier Management, Enhanced Productivity

User experience has improved, and IT administrators report that their job is easier because the security solution is easy to maintain. “We can maintain it with very little effort,” says Opitz. “After the initial configuration, we only have to think about updates, which we manage easily with System Management Server.”

The IT environment is also easier to manage because help-desk calls have gone down. In fact, since implementing its security solution, Arvato Systems has observed an estimated 30 percent decrease in calls related to user access problems. “Trouble tickets have decreased, and we have more time for improving other systems,” says Schenk.

In addition, simplified network management has improved productivity for both IT staff and mobile employees. Traveling employees can keep working with uninterrupted access to e-mail messages and other collaboration tools, and IT staff can manage the IT environment more efficiently. Schenk says, “We can take a server computer out of production with one click and restart it again, without the users noticing a difference in service.”

By implementing a Microsoft Forefront security solution, Arvato Systems has strengthened its perimeter network and corporate security. As a result of improved network security and systems stability, Bertelsmann employees can work from virtually any location worldwide with access to Web-based applications and information.

For More Information

For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com

For more information about Arvato Systems products and services, call (49) (5241) 80-80 888 or visit the Web site at:
www.arvato-systems.com 

Microsoft Forefront Product Portfolio

The Microsoft® Forefront™ comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.

For more information about the Forefront product portfolio, go to:
www.microsoft.com/forefront 

This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. 

Document published July 2007