4-page Case Study - Posted 6/26/2008
Views: 237
Rate This Evidence:
Swedish Educational Institution Strengthens IT Protection for More Than 100,000 Mailboxes
The Royal Institute of Technology (KTH) is Sweden’s leading institution for technical education. In 2007, KTH began a project to migrate Microsoft® Exchange Server 2003 and UNIX-based messaging applications to one system based on Microsoft Exchange Server 2007. Because client computers that access the system were increasingly outside the IT department’s control, the institute needed comprehensive protection for e-mail at the server level. To address this challenge, KTH deployed Microsoft Forefront™ Security for Exchange Server to complement existing perimeter and filtering security measures. Now, Mailbox and Hub Transport server roles are protected by five scanning engines in one integrated solution that saves time for IT managers and offers high performance. The solution will also easily scale to support the institute’s more than 100,000 mailboxes when the migration project is complete.
 |
One of the best things about Forefront Security for Exchange Server is having multiple scanning engines and no single point of failure. This gives us a level of protection and reliability we’ve never had before.  |
|
|
Roger Järnbrink
Project Leader, Exchange 2007 Implementation
Royal Institute of Technology |
|
|
Situation
Founded in 1827, the Royal Institute of Technology (Kungliga Tekniska Högskolan, or KTH) accounts for one-third of Sweden’s educational capacity in technical research and engineering. The institute has more than 12,000 full-time undergraduate students, 1,400 postgraduate students, and 2,800 employees. The main campus is in central Stockholm, with other campuses located in nearby communities.
In recent years, the institute’s messaging systems have used multiple technologies, including Microsoft® Exchange Server 2003 and UNIX applications, in a distributed environment. In 2007, KTH decided to transition these systems to a centrally managed environment that is standardized on Microsoft Exchange Server 2007—a process that is still under way. When the transition is complete, the new Exchange Server 2007 system will support more than 100,000 mailboxes for current and former students, staff, and researchers.
Although the Exchange Server environment at KTH is becoming more centralized, client computers are increasingly managed by other departments and individual users. Only about 1,500 of the 6,000 client computers in the institute’s local IT environment are directly managed by the IT department. Additionally, as an academic institution, KTH promotes an open, collaborative atmosphere with ready access to information. These two factors create particular security challenges for the KTH IT department.
“More users are becoming their own computer administrators, but many of them do not have security expertise,” explains Roger Järnbrink, Project Leader for Exchange 2007 Implementation at the Royal Institute of Technology. “Also, to make an open environment work, students, researchers, and staff must all be able to work in the same domain using the same Exchange Server system, but this can pose risks. We can’t control the client computers, so it’s critical that we provide strong security within the areas that we can control.”
Even before the migration to Exchange Server 2007 had begun, KTH recognized the need to protect the new messaging system and its users from Internet-based threats, while preserving the flexibility and openness that promote academic collaboration.
Solution
In December 2007, KTH tested Microsoft Forefront™ Security for Exchange Server and chose the software to strengthen the security of the institute’s new messaging infrastructure. This software integrates multiple scan engines into a comprehensive, layered solution that helps to guard against viruses, worms, spam, and inappropriate content.
KTH selected Forefront Security for Exchange Server because the technology cost-effectively addresses the institute’s need for server-level protection that can be managed with minimal IT effort. “When we looked at both pricing and features, we concluded that Forefront Security for Exchange Server is one of the best offers on the market,” says Järnbrink.
Additional protection is provided by the institute’s existing implementation of Microsoft Internet Security and Acceleration Server 2004, which supports firewall, virtual private networking, and Web caching functionality. Microsoft System Center Data Protection Manager 2007 offers backup and recovery capabilities, and third-party products provide additional edge security and filtering.
|
When we looked at both pricing and features, we concluded that Forefront Security for Exchange Server is one of the best offers on the market. |
|
|
Roger Järnbrink
Project Leader, Exchange 2007 Implementation
Royal Institute of Technology |
|
|
For the first half of 2008, KTH continued the project to consolidate its messaging systems. In May, the institute deployed Forefront Security for Exchange Server to production. At that time, the Exchange Server environment included about 7,000 mailboxes. KTH expects to migrate the remaining mailboxes later in the year.
Benefits
By deploying Forefront Security for Exchange Server, the Royal Institute of Technology gains the protection of multiple scanning engines in one integrated, automated solution that helps save time and effort for IT managers. The software promotes both stronger security and improved reliability while maintaining high performance.
Multilayered Protection Against Internet Threats
With the new solution, KTH can run up to five scanning engines at the same time, and in different combinations across the server environment. The software ensures that the optimal combination of selected engines is used at each layer of protection. Järnbrink says, “One of the best things about Forefront Security for Exchange Server is having multiple scanning engines and no single point of failure. This gives us a level of protection and reliability we’ve never had before.”
Järnbrink also cites the protection of the different server roles in Exchange Server as a key benefit: “In the new environment, we have less control over client computers, so our main goal is to check e-mail at both the Hub Transport and the Mailbox database level. Forefront Security for Exchange Server provides this functionality in a way that’s easy to implement.”
Easy-to-Manage, Automated Operation
Integration, automation, and management features in Forefront Security for Exchange Server help KTH streamline IT administration. “Once installed, Forefront Security for Exchange Server operates more like a part of the overall Exchange Server environment than like a separate application,” says Järnbrink. “This is important because supporting a lot of different programs requires more IT effort. And any solution that integrates this well and that is so easy to manage is going to be a big timesaver for us.”
Also, the new solution automatically downloads the latest threat signatures, so KTH IT managers don’t have to worry about remembering or setting aside time to do it themselves. “With automatic updates in Forefront Security for Exchange Server, we’re saving a couple of hours each week, and over time that adds up,” Järnbrink says. “For a small, busy IT staff like ours, automating even simple tasks gives us more time to do other work.”
High-Performance, Reliable Support for Exchange Server
Even with its multilayer protection and automated operation, the new solution does not significantly diminish system performance. “We’ve tested other antivirus products for Exchange Server and have not been satisfied,” says Järnbrink. “They often consume too much CPU time or cause Exchange Server to work incorrectly. However, after deploying Forefront Security for Exchange Server, our servers continue to perform well.”
He adds, “The reliability of Exchange Server has always been high, but I believe adding Forefront Security for Exchange Server will make it even higher, especially during periods of virus outbreaks.”
Järnbrink concludes, “With a centralized Exchange Server system that many tens of thousands of active users depend on, our servers can’t be offline for even five minutes. Forefront Security for Exchange Server is an important part of keeping that system up and running.”
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com
For more information about Royal Institute of Technology (KTH) products and services, call (46) 8 790-6000 (Sweden) or visit the Web site at:
www.kth.se
Microsoft Forefront Product Portfolio
The Microsoft Forefront comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.
For more information about the Forefront product portfolio, go to:
www.microsoft.com/forefront
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published June 2008
