Migrating applications from brick-and-mortar data centers to the cloud can present formidable challenges for any enterprise. But the stakes are highest for Software-as-a-Service (SaaS) solution providers, whose entire business model is based on delivering secure, managed applications with guaranteed levels of performance. To succeed, they must have the compute, networking, and security infrastructure to back up their service promises.
One such provider of enterprise software solutions for the higher education sector selected AWS to obtain the network coverage and server scalability that it needed. And for security, it turned to Fortinet, both to protect its cloud environments and to provide a consolidated, single-pane-of-glass view across the new cloud security infrastructure and its on-premises security tools.
This SaaS provider offers a broad range of managed applications geared specifically to higher education institutions. Everything from student recruitment, admissions, and alumni relations to finance, human resources, and IT is delivered as a service, so schools can focus on their educational missions.
The provider began by hosting its applications at its own brick-and-mortar data centers, but later migrated to public cloud services, as these became widely available and cost-effective. Now, the SaaS provider focuses primarily on the cloud delivery model, although it continues to provide flexible access options, including on-premises and hybrid solutions.
The SaaS provider’s main cloud service is AWS. As it approached its migration to the cloud, the company had two main goals with respect to its security infrastructure. First, it needed to ensure that its cloud edge is protected, while minimizing impact on application throughput. Second, it wanted to upgrade its wide-area network (WAN) edge security for customers who continue to use on-premises devices to access its services. In doing so, it hoped to consolidate visibility and administration tasks across both its cloud and on-premises security infrastructure to enable more efficient management.
In keeping with the shared responsibility model, leading cloud provider AWS secures its infrastructure, but customers are responsible for protecting their applications and data running on the AWS platform. Fortinet has been working with AWS for years and has developed multiple integrations that give AWS customers cloud-native visibility and control over their AWS workloads and applications. Recently, Fortinet introduced FortiGate-VM integration with AWS Gateway Load Balancer (GWLB), which improves availability and scaling in Amazon Virtual Private Cloud (VPC) environments.
FortiGate-VM adds value in an Amazon VPC environment by protecting both internet-bound traffic and inter-VPC network traffic, with features such as high-performance IPSec virtual private network (VPN) and Secure Sockets Layer (SSL) VPN, as well as Intrusion Detection and Prevention System (IDPS), Deep Packet Inspection (DPI), web filtering, anti-malware protection, and other features.
The VPN connectivity to the cloud was the linchpin of the SaaS provider’s migration strategy. It had been using VPN connections to provide secure access to its brick-and-mortar data centers. Some schools had a single VPN connection from their campus network to the SaaS cloud; in others, individual users connect to the SaaS application directly from their laptops. With the onset of the COVID-19 pandemic, this second scenario became the predominant access mode, as university employees started working from home.
For the SaaS provider, the FortiGate-VM virtual NGFW offered the fastest cloud-edge security solution. In fact, in tests against a similar offering from its legacy networking vendor, the provider found that the FortiGate-VM performed five times faster. More extensive testing also validated that the FortiGate-VM firewalls could support the 99.999% availability the SaaS provider was striving for.
The SaaS provider is now deploying 3,000 FortiGate-VM firewalls in AWS. Because FortiGate firewalls are so widely used, the popular Terraform provisioning tool offers FortiGate templating capabilities, which help security admins quickly create consistent, efficient configurations. Using these templates, the SaaS provider can get a customer up and running securely in AWS in a matter of minutes. As such, the company was able to assign just one staff member to deploy and manage the entire cloud-based firewall deployment.
The legacy devices that the SaaS provider was using for on-premises access had a maximum throughput of about 45 Mbps. The replacements for these devices needed much higher throughput, especially as they would be serving as VPN concentrators for all the new remote workers. The legacy networking vendor offered an option for a higher capacity access over VPN, but this would have been a much larger—and more expensive—device. Considering the provider’s sizable installed base of on-premises equipment, this was a prohibitively costly option.
Fortinet offered a more attractive alternative: compact FortiGate NGFWs. Like the larger FortiGate models, the entry-level and midrange FortiGate NGFWs that the SaaS provider deployed have dedicated security processors, enabling them to process VPN traffic at speeds up to 700 Mbps, while also having the capability to perform the full range of traffic inspection and threat detection tasks.
To facilitate remote access from home, the SaaS provider had users install FortiClient endpoint software on their laptops. In addition to establishing an IPsec VPN connection to the SaaS applications, the FortiClient solution also protects the user’s laptop, preventing any malware that may have infected it from spreading to the rest of the network.
This SaaS provider thrives because it understands its education customers’ need to offload IT complexity and overhead. The decision to work with Fortinet stemmed from that same need, in this case to simplify and rationalize the costs of its security infrastructure. By consolidating its security solutions with Fortinet, the SaaS provider has achieved a 75% reduction in the TCO of its cloud, on-premises, and hybrid security. It expects to add to these gains by deploying the Fortinet Fabric Management Center (FortiAnalyzer analytics and automation and FortiManager centralized management) in the near future.
Learn how Fortinet’s adaptive cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.