Business & Technology

How One School District is Blazing the Trail to Digital Transformation

By Rajoo Nagar | August 24, 2018

Security Up, Costs Down, for The School District of Philadelphia


The education industry is aware of the power of digital transformation, and yet it is also one of the sectors most hampered by tight spending constraints and the lack of critical IT skills in the areas of security and cloud. With lots of legacy infrastructure and manual processes and paperwork that have been in place for decades, it is a monumental task to convert a digital strategy into a plan of action.

One school district has embraced this digital transformation challenge and started on a journey to more automation, fewer manual processes, and greater mobility in the classroom—all while working within tight budget constraints and a small IT staff.

The School District of Philadelphia is the eighth-largest public school district in the United States, with more than 134,000 students and 18,000 faculty members and administrators. At the same time, their IT budget is a fraction of the overall budget. At less than .01%, it ranks lowest among national school districts. Naturally, this has repercussions for the IT department, as none of these challenges has reduced the need for network security, federally-mandated web filtering, and compliance reporting. And as with any public educational institution, sensitive student data and internet access also require mandated protection from cybercriminals at all times.

Budgetary constraints, however, did not stop the Philadelphia school district from maximizing digitization to reap the benefits of agility. Faced with a growing number of legacy security products in their network that were becoming costly and cumbersome to manage, the IT team also discovered that the new technologies in their environment, including a significant Chromebook initiative underway for the over 150,000 students and staff across their 230 school locations, were overwhelming their legacy firewalls.

And performance wasn’t the only issue. When over a hundred thousand students can onboard the school’s network at any time with BYOD devices and Chromebooks, advanced security capabilities in the firewalls that are protecting internal servers become even more critical. The legacy firewalls at the edge and in front of the server farm were simply not up to the task of inspecting the increased amount of traffic generated by the Chromebooks, nor were they able to defend against the complex array of threats and risky internet behavior from over 150,000 end users, many of whom were teenagers. It was time for a change. 

Figure 1. Before Fortinet

To address these challenges, the Philadelphia School District embarked on a project to replace their legacy firewalls, eliminate point products doing single duty, virtualize their internal server infrastructure, and implement a VMware NSX-based solution with additional micro-segmentation and security policy controls. Key requirements for the new solution included:

·       Protecting east-west application workloads from campus BYOD vulnerabilities

·       Deploying advanced security on the VMware NSX platform that could scale to support as many as 300,000 users in a 98% virtualized environment

·       Replacing legacy firewalls with high performance NGFWs

·       Removing a web proxy cluster that was providing web filtering for Internet access.


After a live production test that evaluated the performance and capabilities of alternative NGFW solutions in their environment, the school district selected Fortinet’s FortiGate 7040E Next-Generation Firewall to protect their physical network, and FortiGate-VMX virtual NGFWs to protect their virtual server farm. The FortiGate-VMX is integrated with VMware NSX and enables advanced, layer 4 to layer 7 policy enforcement and protection for distributed, east-west application workloads and storage. Simplifying things further, purpose built NSX integration in the VMX automatically updates NSX security objects (tags) in the firewall policy without needing manual intervention or an understanding of complex management processes.

Cost was the biggest driver for virtualization, and those savings had been realized. But to manage risk and drive efficiencies, the district also needed the micro-segmentation of east west traffic, with more policy control, security services, and visibility than VMware NSX alone provided. While NSX does a really good job of layer 3 controls and routing, what was needed was a layer 4 to layer 7 inspection and enforcement with a virtual firewall to mitigate advanced threats, which the FortiGate VMX delivered.

The school district then streamlined their network by removing legacy firewalls, load balancers, and web proxy servers. All these capabilities were now delivered using a single NGFW solution with a single OS, combined with unified management across physical and virtual security. As a result, the school district is realizing upper-six-figure savings by retiring the web-proxy solution, along with over 500 hours saved in security administration. 

Figure 2. After Fortinet

Meeting compliance requirements in their new virtualized data center has also become easier. With FortiAnalyzer in place, the IT team is able to automate the scheduling of reports to be sent out, thereby eliminating the manual pulling of reports, which can be time consuming and error prone.

With the new infrastructure and security solutions on their way to being rolled out, the Philadelphia School District is now looking ahead to a full Security Fabric implementation across their network, with full visibility and unification deployed across their physical and virtual network, enabling an amazing experience for students and staff while ensuring protection from endpoint to the cloud.

Fortinet is showcasing these and other Fabric and FortiGate VM Solutions at VMworld

To learn more, visit us at VMworld, Fortinet Booth #2112 and see a demonstration of the FortiGate VM and VMX, and to talk with a security expert about how your organization can realize these same benefit. And while you’re there, enter a drawing to win a Zeiss One VR Headset.

The Philadelphia School District is Presenting Their Story at VMworld

You definitely won’t want to miss Keith Busby, Executive Director, Information Technology Security for the School District of Philadelphia. He will be speaking at VMworld about how Fortinet’s Fabric-driven virtual NGFW security has allowed the 8th largest district in the US to achieve a nearly 100% virtual environment to better serve their students and faculty, while reducing costs in one of the tightest school district budgets in America.


VMware NSX Data Center Service Insertion: Advanced Network and Security

Monday, August 27, 2018

2:30pm-3:30pm, Breakers J, Level 2

Session #SAI2744BU

Find out more at #VMworld:

Read more about Fortinet and VMware: Fortinet Fabric Connector - FortiGate VMX and VMware NSX