The Customer's problems and needs
- Low quality of the wireless network: slow roaming, low connection speed, insufficient coverage
- Potential risks of attacks on corporate users and services
- Low speed of use access to information services
- Need to meet Russian legislative requirements with respect to providing guest internet access
- Upgrade the wireless network, implement a centralized architecture using a controller
- Upgrade the network core and implement transition to high-performance switches with 10 Gbps ports
- Create a security system for protecting the network perimeter against outside threats
- Implement an email security system
To solve the tasks, we upgraded the Foundation's wireless local area network by installing Cisco 5508, a high-performance WLAN controller. That controller became the network's logical center. The controller made it possible to implement centralized user authentication, ensure seamless roaming between access points.
VSS pair of Cisco Catalyst 4500X switches was installed as the network core. These switches represent the high-performance network core whose function is to route all data flows.
Within the project scope, a cluster of new generation Cisco ASA 5515 firewalls was installed and configured. The firewalls support the function of intrusion prevention based on the Cisco Firepower module. The devices performs the functions of URL filtering, application filtering, service protection by the IPS module, and antivirus check of uploaded files by the AMP module.
In addition to the firewall, we implemented the Cisco Web Security Appliance proxy server. The proxy server made it possible to protect corporate users when using online resources. We also implemented the Cisco Email Security Appliance solution for email protection.
The WNAM authentication system was implemented for authentication during guest Wi-Fi access. This system makes it possible to implement authentication scenarios with SMS signup confirmation.
We performed the following work within the scope of the project:
- Predesign site study
- Technical documentation development (single-stage design)
- New equipment installation and setup
- Migration of all devices to the new network
- Acceptance testing
Benefits for the Customer
- Increased efficiency thanks to the improved quality of wireless access to services as well as the higher speed of the data transfer network in general
- Significant mitigation of information security risks both for users and services
- More convenient usage of the email service thanks to the reduced amount of spam the users receive