Greenland is special, and so is Nukissiorfiit
Greenland is, by area, the world's largest island that is not a continent. With a population of 56,452, it is the least densely populated country in the world. The Internet connection for Greenland is distributed throughout the country by satellite. Due to the geographic and technical issues in Greenland, data traffic is costly. Data links are based on radio chains and satellite uplinks. Internet traffic is billed by volume. For large infrastructures like Nukissiorfiit, being able to divert non-critical traffic onto cheaper DSL connections, and control the routing internally between locations is a way of lowering costs and improving response times when working from remote locations. As Nukissiorfiit is responsible for the national energy supply, daily operations are generally seen as critical by nature. “We run applications that process personal data as well as sensitive national business data”, says Alu Petrussen, IT Manager at Nukissiorfiit. “Most important are the data of the energy grid and local power plants, water supplies and heating plants. We need to ensure smooth operations at all times.”

Original solution too complex and at end of lifecycle
Originally, Nukissiorfiit was using Novell’s BorderManager to secure their network, which is a multipurpose network security application and was designed as a proxy server, firewall and VPN access point. The computers at the remote locations were using Citrix’s ICA client, a standard ADSL connection and the Novell SuSE Linux Enterprise Desktop, which includes advanced firewalling features. In early 2008, BorderManager reached end of sales and urgent steps had to be taken to find a new solution. One of the key requirements for the new solution was to simplify the management of the Internet security solution. “Our overall end goal was to cut IT support costs through centralized management of the system”, says Petrussen. “We wanted to continue work with the Novell platform, as Novell provides the core technologies in our infrastructure such as directory service, Identity Management, Provisioning services, file/print services and mail/calendar services. So the new solution had to be able to integrate with Novell.” Another goal of the project was to avoid Multiprotocol Label Switching (MPLS), a method for secure data transfer through a tunnel that is installed beforehand. As MPLS is a very costly and inflexible, Nukissiorfiit aimed at using IPSec over DSL.

The first step: An integrated solution that is easy to use
Over a three week period in 2008, the Astaro Security Gateway was thoroughly tested and evaluated. Key evaluation criteria for the test were the ease of use and how well the solution could integrate with Novell. “Astaro had us easily convinced with its ease of use which gave us the possibility to fully manage the system ourselves”, says Petrussen. To secure Nukissiorfiit’s IT infrastructure, two Astaro Security Gateway 425 were set up at the headquarter location in active/passive mode, having installed Astaro’s Full Guard Bundle with all available subscriptions. 16 Astaro Security Gateway 120 appliances were deployed throughout 16 branches in different cities, to act as a network and web proxy. Astaro Command Center was deployed as central management tool and allows for the maintenance of all sites via the headquarters. “As Internet security is of crucial importance and we run a 24x7 operation, no downtime was possible when switching to the new system” says Petrussen. “But thanks to Astaro, Liga and ITQ, the transition between the old and the new solution went absolutely smooth.”

The second step: High level security in even the tiniest of branches
Another challenge for Nukissiorfiit was the connection of the administrative computer at local power stations in around 30 settlements to the Citrix service at the headquarter location. “We wanted to reorganize our network topology in a more efficient way. The latency from a remote settlement to the headquarter location was too high due to repeated satelite uplink/downlinks and a detour across the Atlantic to Denmark”, says Petrussen. “And we wanted to find an easier way to provide technical support to our branches.” In early 2010, Nukissiorfiit took part in the Astaro RED beta programme. Other products that were tested were Cisco and Linksys routers, but the complexity of configuring individual devices and HTTP proxy rules for each location was far too high. So Astaro RED was implemented in order to connect the remote sites to the Astaro Security Gateway 120 in the nearest town from where traffic is forwarded through an established IPSec tunnel to the headquarters. For non-critical traffic like web surfing, the branches are now routed through the nearest town’s Astaro Security Gateway onto the public Internet, using an inexpensive ADSL line and protected from malware by the gateway. All Astaro RED devices were installed within 10 to 15 minutes in each location without any previous configuration, as this could be done on the spot. With Astaro RED, the latency was reduced dramatically, login time to the Citrix service was reduced from up to 10 minutes to 30 seconds on average. Because of the improved network speed, remote assistance, including desktop sharing, is now possible with tech staff in the headquarters and makes support much easier. Improved network speed now allows technicians from abroad to work on the supply systems without costly travel expenses.

Less time for management tasks, reduced IT security costs
“The combination of Astaro Command Center for central management, Astaro Security Gateways at our headquarter location and bigger branches and Astaro RED at the small branches and plants, has saved a lot of time and proved to be an extremely flexible solution”, says Petrussen. “Because of Astaro’s ease of use, we are now able to perform all management tasks in-house and still spend less time on administering the security system than in the old situation. Looking back, we now know that the most important achievement of this project is the centralized management of all security devices throughout the country, and the ability to route non-critical traffic out on local DSL connections and internal traffic through VPN to HQ.”

The future is wireless
For the future, Nukissiorfiit is looking to other Astaro solutions like Astaro Wireless Security. “We have purchased the first few Astaro Access Points for deployment at the headquarter location”, says Petrussen. “Our previous wireless network solution for our training center has not been operating to out satisfaction, and we had to replace it. Astaro Wireless Security was operational within less than 30 minutes and has been in productive use ever since. We are now expanding the WIFI solution to 16 other locations as well.”

About Astaro
Astaro simplifies network security by integrating multiple solutions for network, web and mail security in a single appliance. In the fastgrowing market for Unified Threat Management, the award-winning Astaro Security Gateway protects more than 100,000 networks in 60 countries worldwide. Astaro
products are distributed by an international network of more than 2,500 certified partner companies who offer local support services. Astaro is headquartered in Karlsruhe, Germany, and Wilmington, Massachusetts
(USA).

Our Partners

Liga Distribution ApS distributes IT products in the Nordic region, focusing on
advanced infrastructure and security.

Liga Distribution ApS
Fælledvej 16, D
DK-2200 Copenhagen N
post@liga.com
www.liga.com

IT Quality A/S is a Novell Platinum Partner, specialised in infrastucture and security.

IT Quality A/S
Banemarksvej 50F
DK-2605 Brøndby
info@itq.dk
www.itq.dk