SABAG: Focus on Network Security, Scalability and Flexibility 

Project Overview

• Objectives

  Our shared objective was to safeguard the IT infrastructure of the SABAG Group, ensuring protection from potential damage regardless of the location, with special consideration for home office users. We also emphasized scalability and cost-efficiency as essential criteria during the implementation process:

  • Consolidating technologies such as SD-WAN and Next Generation Firewall and managing them centrally to achieve better control over the infrastructure.
  • Improve service availability and create greater efficiency through redundant internet connections and direct connection of SaaS services
  • Get more flexibility and agility through the possibility of integrating cloud infrastructures (Azure)
  • Enable intelligent and automated control of network traffic through traffic steering
  • It should be possible to control and prioritise data traffic based on predefined rules and priorities (traffic shaping).
  • Implementation of various tools to monitor traffic in real time and to quickly identify and prevent threats (traffic visibility).
  • Secure direct web access from the Branch Offices with minimal delay
  • Secure remote access for internal and external users
  • Scalability of the solution must be given in order to accompany the growth of the company.
  • The operation, maintenance and support of the entire firewall and network infrastructure is to be taken over by the BNC.

• Solution

  With the successful implementation of the BNC Secure Access Service, employees of the SABAG Group now enjoy seamless access to all applications, regardless of their location, be it the home office or while traveling. The adoption of the zero-trust approach ensures comprehensive security by thoroughly verifying users, devices, and applications, thereby creating a secure environment. Moreover, the Secure Access Service facilitates site networking and local network segmentation, allowing for the integration of IoT devices and on-prem servers, all managed through firewalls and SD-WAN technology. Centralized control ensures user-based access rights to applications, while the SD-WAN functionality automatically optimizes data traffic to meet the requirements of each application.

• Implementation

  During the design and concept phase, we meticulously develop the target design and detailed procedures. Our team creates comprehensive concepts and designs to ensure a solid foundation for the project. We take into account various aspects, including:

  • Migration concept
  • SD-WAN High Level Design
  • SD-WAN Low Level Design
  • Data centre firewall
  • Branch Firewall
  • Identity-based rules
    
    

  Commissioning Panorama and DC Firewall, and Preparations for Branch Firewall:

  During this phase, we focus on setting up the components required for the migration of sites. The process is executed in parallel with the current SD-WAN environment. We prepare the branch firewalls for the rollout, and the Remote Access Service (RAS) solution is made operational.

  Migration of DC Firewall:

  The next step involves the replacement of existing firewalls in the Rothenburg data centre. After the successful migration, we proceed with dismantling the previous environment.

  Migration of Branches:

  With the existing SD-WAN solution scheduled for replacement by mid-September, we commence the migration of the sites. To ensure a smooth transition, each site is supported by a team consisting of a BNC engineer and an employee from the SABAG Group. Once the site migration is completed, the existing SD-WAN solution is no longer required and can be dismantled.