Cyberoam: An Ideal UTM for Engineering Institutes
About Jaiprakash Sewa Sansthan JUIT, JIIT and
The primary focus of Jaiprakash Sewa Sansthan (JSS), a trust established by The Jaypee group, is to provide education at all levels of the learning curve. The trust owns three premier engineering institutes in North India. While Jaypee University of Information Technology is a State University, Jaypee Institute of Information Technology, is a Deemed University. Jaypee Institute of Engineering and Technology is a premier Engineering college affiliated to the JUIT.
“The resources in any institution are always finite and the authorities have to see to a fair distribution of the same. Cyclic access and downloading facilities enabled us to provide our staff and students a fair share of computer and internet resources, and the aggressive users were not allowed to block the resources.”
Jaiprakash Sewa Sansthan
JUIT, JIIT and JIET
“Our prime concern was to provide safe networking environment for a large number of users, comprising students and staff. The total number of users from all the three institutes comes to almost five thousand, “said Akhilesh Sachan, Senior Consultant, who shoulders the networking responsibility for all the three institutes.
With a new batch of students entering and the final year students graduating, users changed every year. To implement customized policies for a specific group of users that changed every year was a major challenge. The security solution should be able to recognize its users and not just the machines, and provide security and services according to the institution's rules and regulations.
As the three engineering Institutes are located in three different states the solution ought to be easily configured and easily and centrally monitored.
The Cyberoam Solution
Sachan turned to Cyberoam Unified Threat Management solution (UTM). He deployed three Cyberoam UTM solutions at the three institutes as all the three engineering educational establishments had diverse micro-level user needs and operated independently. The remote management HTTPS console provided by Cyberoam facilitated a single remote system administrator to monitor and manage all the three UTM appliances, quite effectively.
“I particularly liked the seamless installation of Cyberoam. I was amazed at the information Cyberoam provided and how quickly we were able to lock up the holes in our security, which was impossible without Cyberoam's user-based approach,” said Sachan.
In an engineering education environment, a single machine is used by many different users. So an IP level security solution would not suffice. Sachan just created the users and the groups on the domain server. Cyberoam's integration with Active
Directory Services (ADS) and Automated SSO proved to be very simple and led to user identity-based policy creation for various user groups and complete granular control.
While anti-virus and anti-spam modules kept the network clean and secure, WebCAT Cyberoam's web categorization database provided excellent content filtering service. Because Cyberoam is a user identity-based UTM, Sachan was able to give group-wise access. Job sites are out-of-bounds for staff while unhealthy and unproductive sites are restricted for students. Certain groups are provided time- bound access to news sites.
“The resources in any institution are always finite and the authorities have to ensure fair distribution of the same. Cyclic access and downloading facilities enabled us to provide our staff and students a fair share of computer and Internet resources, and the aggressive users were not allowed to block the resources,” explained Sachan. Using Cyberoam, final year students were given Internet access round the clock. Students involved in projects are provided with a special policy to enable longer Internet access. Multiple logins are blocked, preventing misuse of resources and providing a higher level of security.
Application-based control enabled Sachan to allow certain applications based on the institute's policies. “IM application and download managers are blocked in all the places, while certain download rights are provided selectively to students involved in specific projects,” Sachan explained.
Similarly, bandwidth is allocated according to the user-group policies. This ensured that expensive bandwidth was neither cornered nor abused.
Each of the three institutes has two ISP links. Cyberoam's multiple link load balancing and gateway failover module automatically balanced the load on both the ISP links. In case of link failure, it diverted traffic to the working link automatically.
The other important feature of Cyberoam, according to Sachan is the ease and simplicity of management. His physical presence is not required on every site. He can centrally and remotely manage all the three Cyberoam installations using a secure web console.
In Sachan's words, “Cyberoam UTM is a powerful solution which provides the best value for money.”