The Hilcona head office in Schaan, Liechtenstein employs around 700 people. This central European location is home to senior management, central administrative functions, and the company's production facilities for chilled fresh, frozen, and preserved convenience foods. Founded over 70 years ago as a small cannery by Toni Hilti, the company has grown to become a giant in the food processing industry, and the undisputed market leader for fresh convenience foods in Germany, Austria, and Switzerland.
In the summer of 2007, Ronny Buol, team leader of IC-Technik at Hilcona, began to search for a new network security solution that was geared more precisely to the specific needs of the company. Buol explains: "In the past, Hilcona had always used two different Internet connections, and we wanted to reduce this to one. In addition, we wanted to replace the Novell BorderManager solution. We had in mind a hardware-based UTM solution that would also work well within our budget."
To find the best solution, Buol turned to MTF Micomp in Triesen, Lichtenstein. Buol explains his reasons for choosing MTF: "We already had a long-standing and very close relationship with MTF, and they are based conveniently close to us. However, by far the decisive factor was the company's proven expertise." MTF offers a myriad of high-quality IT services - from straightforward IT installations, to highly complex networks, server environments, and security solutions. MTF provides an end-to-end service, from consulting and design to procurement of system components and installation. It also offers comprehensive after-sales service, including maintenance, repairs, and warranty work.
Ronny Buol discussed the basic requirements of the project with Rubén Saiz, CEO of MTF Micomp. Hicona's main objectives were to:
"There were two potential solutions which could satisfy these requirements: one from WatchGuard Technologies and one from Astaro. We talked everything through in great detail," remembers Saiz. In the end, they decided on WatchGuard. Buol explains why: "I had known WatchGuard for many years, and had only ever had good experiences with them. That's why we chose the familiar WatchGuard product over the new solution from Astaro. What's more, we were already using an older version of WatchGuard, albeit one that no longer had any technical support, together with our existing BorderManager software from Novell." It also turned out to be the most cost-effective solution: "We were able to use the configuration of our existing WatchGuard solution and simply implement our new requirements. As a result, project planning and cost accounting were no longer necessary."
Hilcona's existing WatchGuard appliances were replaced with two Firebox® X Peak™ e-Series (X5500e) devices by the MTF team. Buol was delighted with the implementation process: "It all went very smoothly and quickly. MTF pre-configured the new devices and tested them thoroughly at their own site for one day. It then took just one hour to install both devices at Hilcona. The only thing left to do was fine tune them."
Those involved in the project were aware that neither of the existing two Internet connections had built-in redundancy. Saiz explains: "That's why we had to introduce a redundant connection. Now the primary connection is via standard copper cabling, and if there is a system failure, we can fall back on the secondary connection, which uses a directional aerial. Ronny Buol underlines the need for this high availability back-up system: "Apart from the fact that we depend on a reliable Internet connection in our day-to-day work, we also receive over 900 orders via Electronic Data Interchange (EDI) per day. We simply can't afford the system to be down for long periods of time."
Thanks to the redundant connection, Hilcona now enjoys very high levels of system availability. Even if one connection were to fail completely, the system would switch immediately to the secondary connection. Each connection is secured by its own Firebox X5500. "If there is a connection failure, it takes barely two seconds to switch from one firewall to the other - end users won't even be aware it has happened," explains Buol. The WatchGuard solution also integrates anti-virus, anti-spam, and web content filtering software. Other important features include rule management, drag-and-drop VPN creation, and analytics.
Hilcona's other locations are also equipped with Firebox devices, which are connected via a dedicated line to the company's head office in Schaan: there is a Firebox X 500 Core® in use for around 30 users in Leinfelden-Echterdingen, Germany; a Firebox X 550 e-Series Core for 40 users in Orbe, Switzerland; and a Firebox X 20 e-Series Edge for 20 users in Lupfig, Switzerland. These external Firebox devices are all managed from the office in Schaan.
In contrast to Novell BorderManager, which offered restricted Internet access to Hilcona employees, the UTM solution from WatchGuard allows much wider access. "Now, we can take essentially the complete opposite approach. Everyone has access to the Internet and everyone knows the rules they should follow. Anyone who doesn't follow the rules will simply have their access blocked," says Buol.
The IC-Technik team leader is very positive about the whole experience: "With such a sensitive topic as network security, the important thing is to work with companies we trust - and WatchGuard and MTF certainly didn't fail to deliver in this respect. Quite the opposite in fact - they exceeded our expectations. The changeover happened without any major disruptions and we achieved the objectives we set at the start."
Initially, the Firebox devices at Hilcona were running version 9.0.1. of the Fireware software. WatchGuard has since launched three new software versions for its proven UTM solutions - Fireware 10, Edge 10, and WSM (WatchGuard System Manager) 10. These have allowed WatchGuard to make great steps forward in managing the UTM devices. Particularly impressive features of WSM 10 include centralized logging and enhanced historical reporting, with real-time data monitoring. What's more, it is highly scalable and delivers significant time and cost savings.
"We will shortly begin testing the new software on our own premises before implementing it at Hilcona," says Saiz. Buol adds: "I am already excited about the possibilities - and based on our experiences to date, I feel very positive about the future."
MTF Micomp AG was founded more than 25 years ago. With over 20 employees and branches in Triesen, Chur, and Davos, it is the perfect size to provide a professional service, ample capacity, and meaningful economies of scale, while still maintaining close, personal relationships with all of its customers. A member of the MTF Group, MTF Micomp AG is part of one of the largest IT providers in Switzerland. Its customers benefit from the Group's purchasing power, excellent geographical coverage within Switzerland, and proven expertise as a result of excellent knowledge-sharing.
With such a sensitive topic as network security, the important thing is to work with companies we trust - and WatchGuard and MTF certainly didn't fail to deliver in this respect. Quite the opposite in fact - they exceeded our expectations. The changeover happened without any major disruptions and we achieved the objectives we set at the start.
Ronny Buol, IC-Technik team leader