Article

Open source Astaro security appliance installed at insurance company

Pam Derringer, News Writer
At Underwriters Safety & Claims, security abruptly rose to the top of IT Director Grant Nickle's to-do list late last fall when it became clear that the existing security system needed replacement.

    Requires Free Membership to View

For more on Linux security:
Rowgen the full package, IRI CoSort says

Hardening SUSE Linux Enterprise Server in eight steps

At the national, privately owned insurance company headquartered in Louisville, Ky., the two security servers, one for the Cisco Pix firewall and the other for Novell's BorderManager, were both nearing the end of their useful lives.

After evaluating current product offerings from the existing vendors, as well as Barracuda, SonicWall and Juniper, Nickle chose Astaro Corp.'s Security Gateway and installed the multi-threat appliance in late December.

"We had to do something," he said. "To replace what we had [with newer versions] would have been a lot more money and consume[d] much more power."

Astaro won out over competitors on cost, quality and features, with other bids falling short on two of the three categories. Astaro excelled in all three, he said. And the fact that the Linux Foundation recently recognized the open source company for its contribution to the latest Linux 2.6.25 kernel release didn't hurt either.

Since 2002, Astaro has sponsored the Linux netfilter kernel subsystem team, which Astaro developer Patrick McHardy leads. The Foundation ranked McHardy personally as the second most active Linux developer in number of change sets and the 12th most active in total number of changed lines in the new Linux 2.6.25 release.

Astaro's benefits
Moving to Astaro has been positive. Not only does Astaro cost a third of the previous system, but it requires half as much space (one server versus two) and consumes less power, Nickle said.

Underwriters particularly liked the multifunctional capabilities of Astaro, which acts as a firewall and an Internet access gateway, content filter and VPN (virtual private network) for remote access, all in one system, he said.

Management of the security device was well thought-out, with an intuitive interface that makes it easy to alter settings and configure the system, he said. Configuration took only 20 minutes to run and two or three hours to customize with the help of a wizard, Nickle said. And inputting changes via a Web browser is much faster than working directly with the old Cisco hardware, he added.

Astaro's security event log, a feature that Underwriters has long wanted, was a particularly welcome addition, the IT director said. With its advanced reporting functions, Astaro's log data can be directly incorporated into a report for regulatory auditors, he said. A preconfigured Sarbanes-Oxley report was "the cherry on the sundae," Nickle said. However, reporting in general is much improved over the previous Novell BorderManager system, and users no longer have a hard time getting the data that they need, he added.

With only a three-person department, the IT staff went slowly and tested the system a lot before going live because it couldn't afford to have the help desk "go crazy" dealing with user problems, Nickle said.

Finally Astaro's overall performance is faster than its predecessor, so much so that users have made unsolicited queries asking what IT did to speed up e-mail delivery, which is filtered through the security appliance, he said.

"It has to be a lot faster" for users to bring up the subject themselves, Nickle said.

Management is happy because the Astaro security appliance cost less to buy, is cheaper to maintain and gives executives direct Internet access without logging in, he said.

Kudos to Novell, VMware
So security is a problem solved for Underwriters Safety and Claims. But Nickle still has a long to-do list: implementing virtualization, slashing the number of server from 35 to eight and consolidating operating systems, all within the next five months. He's also involved with opening new offices across the country, building new Web portals and converting accounting and communications to different operating systems, he said.

Nickle chose VMware for virtualization because of its extensive tools and ability to host more guest operating systems. But out of philosophical preference, Nickle wants to maximize his use of open source products and run as many of his servers as he can on Novell's SUSE Linux Enterprise.

Novell's SUSE Linux Enterprise is "light years ahead" of its competitors, Nickle added. "They all should take their hats off to Novell for improving the Linux kernel and giving the results back to the community."

Linux and open source also makes it easier for Nickle to satisfy evolving company objectives. When it comes to the company owners, for instance, Nickle's goal "is never say no," he said. Linux helps him achieve this goal because the IT cost for proposed changes like company acquisitions is "almost nothing" with open source, he said.

"That's why I like Linux," Nickle said. "It's easy to build and maintain. That's why I like Astaro, too."

Let us know what you think about the story; email Pam Derringer, News Writer . And check out Enterprise Linux Log.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: