04:45 PM
Go With the Flow
As part of a network redesign in 2003 that involved redeploying its IT infrastructure at colocation facilities in Boston and Dallas for business continuity and disaster recovery purposes, Amica Mutual Insurance Co. ($3.4 billion in assets) wanted to ensure its investment was protected. The Lincoln, R.I.-based direct writer of property, casualty, home and liability policies decided to use the opportunity to improve network security.
The carrier originally considered running antivirus and URL filtering software as part of a hub-and-spoke system on a frame relay network, relates Ron Rivet, Amica's network operations section manager. However, according to Rivet, Amica was not willing to run the applications on its existing servers, so additional servers would be required, complicating the network design and increasing the potential for network communications bottlenecks. Instead, Amica sought a network security architecture that would both minimize potential downtime and help balance data loads.
With the help of a consultant that Rivet declines to identify, Amica selected an in-line solution from Concord, Mass.-based Crossbeam Systems -- the X80 network security switch and X-Stream flow-processing technology. Even though the solution cost slightly more than additional servers, Rivet says, "It wasn't so much about the money; it was about the high availability and throughput." He declines to cite specific cost figures.
In October 2004, a Crossbeam switch preloaded with security applications was installed along with the rest of the network infrastructure at each colocation facility over a single weekend. Rivet explains that the switch serves as a gateway to Amica's internal infrastructure, so there were no compatibility issues with the carrier's IP-based environment. Within the new configuration, all incoming traffic first hits a Juniper Networks' (Sunnyvale, Calif.) ISG 2000 firewall, then passes through to the Crossbeam switch for antivirus checking and URL filtering before continuing on to the rest of Amica's network.
Crossbeam's X80 security switch uses blades, also known as processing modules, for processing, eliminating the need for a dedicated security application server. The blade configuration provides for scalability -- the more blades, the greater the capacity -- providing for easy installation of additional security applications once they have been certified by Crossbeam, Rivet notes. Whereas an architecture that relies on servers to run security applications would require additional servers to provide additional processing power, Crossbeam provides Amica with the less-costly option of simply adding blades rather than servers.
The Crossbeam solution also offers better load balancing than separate servers, according to Rivet. To test the switch's load-balancing capability, Rivet says he removed one of the blades to confirm that the others would take over the processing. "We wanted to make sure that everything was safe when it came in the front door," he relates.
As a result of the network redesign, uptime has improved, and Amica now blocks more than 2 million attacks a month, Rivet relates. He adds that the Crossbeam X80 will serve as a platform for future security applications to help minimize the complexity of the carrier's infrastructure.
Amica Mutual Insurance simplifies network security architecture and minimizes downtime with scalable solution from Crossbeam.
Network Security
company
Amica Mutual Insurance Co. (Lincoln, R.I.; $3.4 billion in assets).
lines of business
Property, casualty and liability policies.
vendor/technology
Crossbeam Systems' (Concord, Mass.) Crossbeam X80 network security switch and X-Stream software.
challenge
Simplify network design while maintaining high availability of security applications.