Case Study

Swisscom Provides Safe Internet Access to Schools Using F5 Solutions

Swisscom is Switzerland’s leading telecommunications provider, with 5.5 million mobile customers and 1.8 million broadband connections. To support Switzerland’s schoolchildren, Swisscom embarked on a project to provide free Internet access for all Swiss schools. With more than 5,000 primary and secondary schools in the country and a potential user base of 900,000 pupils and teachers, Swisscom needed a best-inclass solution for load balancing, URL filtering, proxy management, and security. The initiative had been widely publicized. Stability, performance, and reliability were the project’s highest priorities. F5® VIPRION® and F5 BIG-IP® Local Traffic Manager™ Application Delivery Controllers (ADCs) played a key role in helping
Swisscom deliver on its commitment.

Business Challenges

Swisscom wanted to provide all primary and secondary schools with free broadband Internet access. The company planned to assume the bulk of the installation costs and all charges, so that pupils and teachers could take full advantage of the Swisscom offering. With its Internet for Schools initiative,Swisscom saw the opportunity to fulfill its social responsibility as a major Swiss company by providing direct, long-term support for Switzerland’s education system.
The initiative would ensure that children in Swiss schools came into contact with the Internet at an early age and would begin to develop the media skills that are becoming increasingly important for their futures.

In a public-private partnership, Swisscom worked with federal and local authorities to connect all the country’s schools to theInternet. To connect the more than 5,000 primary and secondary schools, with a potential user base of 900,000 pupils and teachers, Swisscom needed a stable, high-performance, and reliable solution for
load balancing, URL filtering, proxy
management, and security.
Because most users would be children
and young people, a further important
consideration was the provision of accurate
URL filtering to protect users from viewing
inappropriate material. Each of Switzerland’s
cantons (federal states) has its own set
of policies regarding the type of content
allowed. For this reason, the solution needed
to be flexible enough to enable each canton
to adapt the system to its own requirements.
The initial project covered 5,000 schools,
with the remaining few hundred to follow
at a later date. With most potential users
wanting access at the same time—during
school hours—efficient load balancing was
a crucial issue.

Solution

Swisscom called on F5’s partner eXecure,
a systems house specializing in security
infrastructure, to provide design, product,
and implementation recommendations.
eXecure, which already had experience
with large-scale projects combining
security with flexibility and performance,
recommended F5 BIG-IP Local Traffic
Manager (LTM). eXecure supported Swisscom
in building out a test environment mirroring
the production environment and worked
with Swisscom in-house specialists to put
the solution through its paces.
In total, the project took approximately
nine months from inception to going live.
Although both Swisscom and eXecure
staff had made very generous estimates
of potential traffic levels during the design
phase, they were delighted to see that the
schools were making intensive use of the
Internet right from the outset.
“The initiative was so successful so quickly
that we had to act fast to expand it,” said
Martin Theiler from Swisscom’s Project
Management and Engineering department.
“With more than 4,000 HTTP requests and
a throughput of 2 Gbps, the traffic was
often more than 200 percent higher than
we’d initially planned.” As a result, the
second phase of the project—covering
increased bandwidth and additional
schools—had to be started much earlier
than projected.

The system continued to run, but it was
redesigned based on 10 Gbps technology
and resized by Swisscom together with
eXecure and F5. “This solution has been
running smoothly ever since then,” Theiler
said. “Handling this volume of requests
and throughput was quite a challenge,
especially in regard to the interoperability
of the products involved. This was where
F5’s support was crucial. They helped us
every step of the way. It was key to the
success of this project being delivered
on time.”

Today, Swisscom has connected more
than 5,600 Swiss schools to the Internet.
The schools are distributed across about
40 LANs and connected to Swisscom’s
IP‑Plus backbone with 40 firewalls. All of
the schools’ HTTP traffic is routed from
these firewalls to VIPRION proxy virtual
IPs (VIP). The backbone routers are directly
connected to the VIPRION systems’ 10 Gbps
interfaces.

The system has been set up with F5’s
patented cookie persistence technology.
This feature uses an HTTP cookie stored
on a client’s computer to allow the client
to reconnect to the same server previously
visited at a website. This is important
because approximately 100,000 concurrent
users are located behind just 30 IP addresses.
The VIPRION proxy VIP then balances the
load across 10 Blue Coat proxy appliances.
Using the Internet Content Adaptation
Protocol (ICAP) request/response protocol,
the proxy appliance sends requests, through
a virtual server on BIG-IP LTM (ICAP VIP),
to eight McAfee Web Gateway devices
(formerly known as Webwasher).
The firewalls’ source IPs are used as a basis
for defining McAfee Web Gateway policies.
This is important because each canton is
responsible for defining its own thresholds
regarding certain types of content, such
as violence. For DNS name resolution,
the relevant DNS requests are distributed
across four DNS servers through two virtual
servers (TCP/UDP).
Swisscom has repurposed the initial, smaller
solution for future managed security
services. It is used for beta tests of cloudbased
security solutions for customers.

Benefits

Switzerland’s schools benefit from robust,
stable URL filtering in which F5’s solutions
play a central role.
“This is something of a flagship project,
given its extent,” said Theiler. With about
900,000 users in total—of which more than
100,000 are concurrent—the system is one
of Switzerland’s largest centralized web
access and security initiatives.
“Since the implementation was concluded,
the system has been running smoothly and
is extremely stable,” added Theiler. “It is
exactly right for our requirements. We’re
particularly impressed with its reliability and
scalability, enabling us to extend it whenever
we need to.”
F5’s VIPRION chassis-and-blade hardware
is particularly well adapted to projects
requiring scalability, like the Swisscom
schools initiative. Processing power can be
increased by simply plugging an additional
blade into the device without interrupting
any applications.
As Christoph Loitz, Senior Account Manager
from eXecure, concluded: “This was a huge

Login to download

Copyright 2012 - Imago Techmedia Online