United States International University, Kenya, East Africa
INCM Deploys Cyberoam NGFW to Sieve Internet Traffic and Establish Secure VPN Tunnels
About United States International University, Higher Education

United States International University (USIU) is located in the Kasarani area, off Thika Road in the suburb of Kenya's capital city of Nairobi. It was founded in 1969 as the Africa campus of United States International University in San Diego, California. The University is an independent, not-for-profit institution serving over 5,000 students representing 62 nationalities. 85% of the students are domestic and the rest of the 15% are international.

The University's program offerings are career oriented with Five (5) undergraduate majors in the Chandaria School of Business, Three (3) in the School of Humanities and Social Sciences and Three (3) in the School of Science and Technology. Typically, in higher education they speak about the 3 programs i.e. Undergrad, masters and doctoral programs.

 


"We needed a security solution that could help us regulate Internet utilization by students. Earlier, we did not have any measure to monitor or control Internet usage, which was not cost effective"

Ms. Regina Mutoko
ICT Director
United States International University Africa


The University uses the Internet mainly for business, educational and research purposes. The Video Conferencing infrastructure has matured over the years and is extensively used to conduct classes with their partners in US institutions as well as meetings with Board Members, vendors, partners as well as conduct interviews with International respondents. Their ICT vendors and support staff also use the Internet to provide support. In addition, students on the campus use it to undertake research and collaborate with counterparts from around the world, remotely. Internet services form an important component of ICT Service Delivery and it was imperative that the ICT Department come up with ways of managing this resource across the different requirements of faculty and students while ensuring high availability as well as security on the Internet.

Ms. Mutoko, the ICT Director at USIU said, "We needed a solution that was dynamic and flexible enough to allow us to strike the right balance between availability, security and ease of management".

According to the ICT Director, some of the issues that they faced included:-

Need of an Intelligent Multitasking Device

The need was to aggregate bandwidth from two separate ISPs and ensure 100% uptime throughout the year, while providing access to sites and materials that were safe and in line with University Policy. The other requirement was to ensure that the available resources were allocated to users according to business priorities, the academic calendar or even events taking place on the USIU campus.


The Cyberoam’s On-Cloud Management Service Solution

USIU was looking for a security solution that could help them regulate Internet usage and ensure that increase in Internet capacity was measured in line with their strategic plan. After extensive online research, they came across Cyberoam which suited their business requirements. In addition, local support availability was an added benefit for them. They started off by purchasing One (1) CR500ia Appliance.

As the network expanded and number of students increased, it became evident that there was need to purchase another appliance with greater hardware capacity and processing power. Since, they were impressed with the performance of the existing Cyberoam unit, they decided to continue with Cyberoam and purchased Two (2) CR2500iNG Appliances. They deployed all Three (3) Appliances as Proxy Servers. The CR500ia Appliance is used to manage the University's Wi-Fi network, while the 2500iNG Appliances are used to manage the Internet on the LAN. The latter are deployed in High Availability mode and have provided 100% Internet uptime across the Two (2) Internet Service Providers.

After deploying Cyberoam in the network, the benefits that they notice are:

  • Layer 8 Technology - Identity Based Security

    Cyberoam's Layer 8 technology provides a robust network security system which can include a user's human identity as part of the Firewall rule matching criteria. It treats user identity as the 8th Layer or the human layer in the network protocol stack, enabling educational institutes to overcome the limitations of conventional UTMs/firewalls which bind security to IP Addresses alone. By implementing Layer 8 security in their networks, administrators can gain real-time visibility into the online activity of users while creating security policies based on their usernames.

  • Regulated Internet Usage

    Cyberoam is integrated with the University's Active Directory server for authentication. Cyberoam's Automated Single Sign-On feature is also implemented, which ensures that the users are transparently authenticated to use Internet as soon as they log into the computer using their Windows credentials.

    The authentication is used to create Identityaware Internet access policies in Cyberoam's Firewall and Web Content Filter. The ICT Department created distinct access policies for faculty and students. Once the policies were in place, the content filtering solution kicked in. With a database of more than 100 million Websites neatly grouped into more than 89 categories like "Social Networking", "Games" etc.

    USIU was glad to see that all the students and the faculty are protected from surfing damaging content on the Internet.

    Moreover, using Cyberoam's scheduling features, USIU has created access rules to ensure that the students can't browse certain websites before 6:00 pm.

    The ICT Director said, "The University can now deliver a myriad of service levels based on the granularity of rules that Cyberoam allows us to create in response to new requests or user behaviour".

  • Maximum Network Uptime

    Cyberoam's Multi-Link Load Balancing and Automated Failover feature intelligently manages the Two (2) ISP links in the USIU network. Ms. Mutoko has assigned equal weights to each link and hence, all the Internet traffic is load balanced over both the ISP links. In case of failure of one link or when the link is at
    limited capacity, the entire traffic is redirected to the alternate link ensuring that business critical services are always up and running.

    The ICT Director commented, "We can now accommodate more students on the available bandwidth by customizing the rules to optimize utilization of current resources".

  • To Conclude

    Expressing her satisfaction, Ms. Mutoko said, "With Cyberoam around, we can rest assured that the Internet is used judiciously and that our students are protected from harmful Web content". She continued, "From our perspective, the investment on Cyberoam has turned out to be money well spent".