First Secure SD-WAN In GCC Education Sector (2019)

The UAE Ministry of Education announced that Abu Dhabi will now implement a locally developed technological educational solution. The technology will reach 75,000 students in Grades 6, 7,8,9,10, and 12 from the start of 2018-2021.

 

The Alef Platform

provides personalized learning experiences for all students, so they learn at their own pace, anytime and anywhere. Artificial intelligence allows students to receive individualized instruction and choose how they prefer to learn.

 

Alef Platform includes
· Engaging content (using effective learning techniques such as engaging videos, activities, and games)
· REAL-TIME DATA (Alef platform tracing real-time data to achieve to tracks progress on a district, school, grade, subject, class, and student level)

· ARTIFICIAL INTELLIGENCE (Actionable data insights to teachers and school leaders help effectively support students, provide actionable data, and give intelligent and accurate recommendations. Alef collects over 50 million data points per day!)

 

For a comfortable operation for the Alef platform, we should care IT infrastructure of the MoE school.

The Puzzle

 

Some challenges are waiting for us.

• Bandwidth limitation.
• Connection/session handling.
• IT security for new changes.
• Operational overhead.
• NOC (Network Operations Center).
• Budget.

 

 

Nuts and Bolts to Success

 

To resolve all the challenges, the Alef team proposed "Secure SD-WAN". And it is based on the below-mentioned points.

•  Be agile.
• Automate and Simplify the WAN.
• Automate and unify compliance and estate management.
• Reduce WAN operational costs.
• WAN redundancy.
•  Reduction in CAPEX.

As a Solution Architect, Management has chosen me to provide the best solution to achieve all the mentioned requirements.

 My Role.

After thorough research, consultation, and my previous experience, I recommended the concept of Secure Software-Defined WAN (Secure SD-WAN)

 SD-WAN solutions include business application recognition and steering, WAN path optimization, advance routing, and security – enabling organizations to take full advantage of the ongoing digital revolution at their remote sites (schools) and HQ offices.

Simultaneously, the inadequate security capabilities provide by most SD-WAN solutions. Even when additional security devices to apply as an overlay, it exposes the organization to greater risk than the current traditional WAN solution.

The multiple point security products required to fill the resulting security gaps can quickly overwhelm allocated capital expense budgets. In contrast, the resulting increased infrastructure complexity increases ongoing operational expenses.

To resolve all the security and Network related issues, I recommended a Secure SD-WAN solution that integrates SD-WAN and security functionality into a single, cohesive system.

The criteria for evaluation and selection were based primarily on:

 

• Capabilities for existing transport connectivity (native MPLS/Broadband/LTE).
• Micro-segmentation and encryption with separate control and data paths per segment.
• Integrated and native security (IDS/IPS/NGFW/PROXY/UTM/DNS/WAF).
• API integration to existing ServiceNow application suite.
• Automated multi-path intelligence
• Intelligent path selection for cloud and on-prem applications.
•  Reduce operational costs and complexity.
• Zero-touch deployment
• Single-pane-of-glass management
• Multi-cloud access for business continuity
• Remote VPN overlay connectivity.
• Compliance tracking and reporting.

 

The Solution

 Alef decides "Fortinet" for our technology partner for the Secure SD-WAN solution. 

The first phase

• Deploy additional WAN link in each Site (2 ADSL line Each have a capacity of 250Mbps)
• FortiGate firewall in each branch office location and connecting them to the traditional Network.

The second phase

At this point, all application traffic is identified and redirected according to business requirements. A Python script does all these settings.

After firewall's Physical installation, the python script identifies the school with the school's identification number (ID). Then python script will start to push firewall configuration accordingly [security law, VPN, SD-VAN features, etc.]. After that, it verifies that all services are working (checks service availability and records logs). Additional got to know the relevant service owner—[With the help of email or other media].

All this process will complete within 5 to 10 minutes.

 

The Results with the Secure SD-WAN Solution.

 

The Secure SD-WAN Solution has given high availability, increased bandwidth, local Internet.

Connectivity, improved performance, enhanced security, improved monitoring, data analysis, multi-cloud connectivity, and a higher quality user experience.

Before deploying the Secure SD-WAN solution, the MoE had an MPLS circuit without a standby backup circuit and no bandwidth Optimization in IP based or application based. After deploying Secure SD-WAN, all branch locations now have Alef platform traffic optimization in all Sites (schools).

All Alef platform traffics (application-based and DNS-based identification used here) redirects to the newly installed ADSL line. Each Site has 2 ADSL lines and depending on bandwidth, latency, and jitter, the SD-WAN device selects the best link for all Alef traffic.

All MoE application (DNS-based identification used here) traffics redirects to the MoE MPLS cloud.

Enhanced configuration and management allow the Alef and MoE to easily migrate legacy sites to the Secure SD-WAN solution quickly and reliably. Outside of pre-and post-testing, Alef can migrate a branch office in less than 10 minutes.

The Secure SD-WAN solution has allowed the firm to achieve the Alef Platform bandwidth requirement without changing MPLS bandwidth. The organization's MPLS operating cost per Site is not changed. Still, almost more than 250 concurrent users are using Alef Platform per Site without any bandwidth issue.

Alef launched the project in the first week of August 2019. In the last week of August 2019, we completed 149 schools with secure SD-VAN infrastructure. Without any change in the capacity of the operation team [believe it or not. Only two human resources worked to implement this project. One to physical installation of the firewall and the other to configure the firewall].

 And with the help of automation technology, all the systems and services are integrated as per the business need.