Ikran Services

  • your partner forinnovation

case studies

DESIGNING INNOVATION

The continuous search for improvement and the strong focus on the customer and the market has led us, over the years, to accumulate diverse expertise in different sectors. These capabilities are often translated into more or less complex projects, which allowed the improvement of the employed techniques and the procedures, in subsequent experiences. Following are some of these projects explained, most challenging and interesting from both the technical and organizational view, in a list updated continuously.

DIPARTIMENTO DELLA PROTEZIONE CIVILE

REQUEST: The client required a highly reliable and fast network that would guarantee the functions even during the emergencies and interconnects three main branches. Also wanted to have total control of public addresses.

SOLUTION: Designing of a next generation network with annual upgrades without causing inefficiency and excessive costs. RESULT: The network grown from having 1Gbit/s of bandwidth to a total of 40Gbit/s with all the requests of the customer satisfied.

RESULT: The network grown from having 1Gbit/s of bandwidth to a total of 40Gbit/s with all the requests of the customer satisfied.


Security by design: To ensure the highest standards of security we decided to move the third level (Gateway) of the network directly on the next-generation powerful firewall (NGFW) DELL- SonicWALL Supermassive 10000. In this way, each subnet of the network is totally secured through the use of control systems such as: Anti-virus, Anti-Spyware, IPS/IDS, Content-Filter, Deep-Packet-inspection, Application control and many others. Everything without compromising the speed, given that the FW is able to draw 20Gbit/s of data traffic.

Speed and simplicity at level 2: If most of the operation is carried out directly on L3, a fast and reliable backplane is always required, but we decided to make it simple and easy to manage. We have chosen the power and reliability of the Black Diamond 8800 of Extreme Networks, able to provide through its 10 slots to all ports a speed of 10Gbit/s necessary to form the backbone of the network. VLAN, LACP and EAPS. Nothing more complex, has been configured on L2 to allow the technicians to concentrate on more complex operations of L3.

Virtualization at the highest level: Think of maintaining tens of physical servers when there are alternatives which are technically strong and economically clearly unacceptable: for this we decided to provide to the customers four HP C7000 equipped with VMWare ESX 5.5, with all the power needed to virtualize each single server and provide the system designers a simple and reliable single point of management.

Provider? No Thanks: The client was tired of talking to the Italian service provider for change of its public directives. So we proposed and implemented (from the bureaucratic requirements to physical implementation) the exterior routing protocol for excellence: BGP. This allowed the customer to manage independently all of its public addresses, by creating a highly reliable and multi-homing system with two separate service-providers, as to manage the routing in case of any disaster recovery.

FEW RESULTS
  • Reliability up to 99.999% in the last four years of delivery.
  • Performance increased from 1gbit/s to 40gbit/s.
  • Interconnection of locations via MPLS L2 link.
  • Delivery of the virtual services hosted on HP c7000 10gbit/s.
  • Commissioning of network security by using a firewall such as gw l3.
  • Implementation of the BGP protocol for self-management of public IP.

CORTE DEI CONTI

REQUEST: The client required a highly reliable and fast network that would guarantee the continuity of the service through the use of a second site in Active/Active mode. Furthermore wanted to virtualize each network layer through the use of VDOM Fortinet.

SOLUTION: Designing a next-generation network and gradual implementation using VDOM Fortinet.

RESULT: A next-generation highly reliable, secure, fast and easy to manage network.


The power of the fabric: The client wanted to virtualize and simplify the network as much as possible. To do this we used Brocade networking equipment in support of Fortinet Firewall already in use by the customer. Through the use of Brocade VDX we created a self-managed fabric by the same equipment that has transformed 10 switches into a single virtual entity of unique management (or fabric Ethernet). The Level 3, as usual, is directly on the firewall allowing to have integrated security by design with a single point of management. The overall is balanced by Radware and secured from the Advanced Persistent Threat thanks to FireEye.

Many networks but only one device: The logical structure of the network, seemingly complex, physically very simple. Everything is handled on the Fortinet firewall and separated (and then put safely) through the use of the VDOM. This allows to use the same hardware at level 2 to create separate networks at the level 3. All this without losing performance and security.

FEW RESULTS
  • L3 Migration on the firewall.
  • Disabling STPx protocol and TRILL implementation.
  • Complete commissioning of the network security.
  • Delivery of the virtual services hosted on HP and IBM 10gbit/s

ASSOCIAZIONE BANCARIA ITALIANA

REQUEST: The client wanted a mapping of the network and a resolution of the obvious design problems created by the previous network operators. Implementation of a NAC system for the Wi-Fi network.

SOLUTION: Mapping of the current network and creation of new topologies and configurations that will solve design problems.

RESULT: The network resulted well documented, redundant and with an increase of speed by 1Gbit/s. All this without changing a single device. Implementing the PacketFence as NAC solution at low cost.


Restructuring: The client wanted to maintain all of its current HP branded network equipment, however, following a network survey we found complete lack of redundancy, configurations default, the absence of sub-netting and many more. We decided a complete redesign of the topology and configuration bringing the network to the speed and safety standards through the use of LACP aggregation, implementation of MSTP, sub-netting and hardening of the configurations on all the branches of Rome. All this without even changing a single device.

Much more than a NAC: A modern Wi-Fi network is not enough to be fast and well installed. It must provide security, ease of management and monitoring of who is connected at any time of the day. To do this we have chosen to implement PacketFence; a complete and powerful open source NAC. Thanks to it we were able to implement the VLAN Isolation, the IDS checks for single user with Snort and the Automated Vulnerability Assessment with OpenVAS. All within the same machine. For access using captive portal the choices are many: User and Pwd of Active Directory, access via SMS, login via Facebook or Google, and more.

FEW RESULTS
  • Multiplication of available bandwidth from 1Gbit/s to 2GBit/s.
  • Implementation of L2 MSTP protocol with load-sharing.
  • Hardening of the network devices and the default gateway.
  • Implementation of an open source NAC for Wi-Fi security.
  • Drafting of a complete documentation of the Italian ABI network.

© 2013 © Ikran Services SRL- Tutti i loghi e marchi contenuti in questo sito appartengono ai rispettivi proprietari.