The hosting arm of Xerox has found a way to save money by switching from multiple brands of firewall to a single vendor's whose gear supports other functions as well, enabling the provider to eliminate separate network devices and their separate management consoles.
Based on Xerox's return-on-investment calculations, the Stonesoft firewalls paid for themselves in just over a year when used only as firewalls. But when adding their VPN, content switching and multi-link WAN load-balancing capabilities - which were not considered when the gear was bought - the devices have generated more savings, according to Denys Foley, the infrastructure manager for Xerox Global Services in Rochester, N.Y.
"We spend less time setting up VPNs and their policies," he says. "I have also taken my content switches out of the Web farm, and I let the firewalls handle distributing the load among Web servers. I get rid of licenses and training, and I can manage all [these functions] from one console."
Xerox Global Services hosts data for other companies at its data centers in Rochester and in Charlotte, N.C., and requires high-availability links to its customers. That includes high availability for the firewalls that protect the connections, Foley says. So, four years ago, using firewalls from Check Point, Cisco and Network Associates, the company sought separate clustering software to bind multiple firewalls together.
In the course of that search, Foley came across Stonesoft, which makes StoneBeat clustering software for Check Point firewalls and learned that the company's StoneGate firewalls included clustering as a standard feature, so he gave one a try. He liked it and over the past three years has replaced all but two of his old firewalls at Xerox's 20 sites with StoneGates.
"I think the thing that caught our eye more than anything was the management console and the ability to cluster," he says.
The big push for clustering was so if one firewall failed, another automatically assumed its role, making protection reliable enough that Xerox didn't need a second and third firewall administrator shift to be on hand if something went wrong. "Staffing at second shift was three people; after midnight the third shift was one or two," Foley says. "We no longer needed them. The cost of this type of people was very high compared to putting in clustered firewalls."
The firewall management platform generated more savings. Xerox Global Services provides firewall protection for other Xerox divisions, and StoneGate's management software allows system administrators from those divisions to view the logs for their firewalls when they troubleshoot network problems.
"Now they have access to their own firewall logs, so they look at that and can see their traffic is leaving the network," Foley says. "That has cut down on the phone calls and trouble tickets. Before, we first had to prove the problem wasn't the firewall, so now I save a lot of money on all my Xerox sites."
The single firewall brand also reduces training costs because IT staff has to train on just one platform rather than three, as was the case before. And now everyone on the staff can handle any firewall because there is only one brand. "Before, some of my people could handle one of them. Some could do two. I think I had only one that could do all three," he says.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment