AVAI Ventures Relies on McAfee UTM Firewall to Protect Internal and Client Networks

Taking a holistic approach to serving the automation needs of more than 200 high-end residential and commercial clients, AVAI Ventures (AVAI) creates unified solutions designed to provide efficient and easy-to-use technology environments. As the leader in its space for properties larger than 25,000 square feet, AVAI’s complete solutions often integrate multiple systems which may include audiovisual, data, environmental, life safety, telecommunications, and security.

AVAI manages two IT networks - its own internal network serving 30 employees across four locations, and a client IT network. Internally, the company has a mesh network between all office locations, with each location having a complement of servers to support business operations. The client IT network is a hub-and-spoke network, with each client connecting securely and in an isolated, protected manner to the AVAI operations center. AVAI provides full network monitoring services for all client networks, including device and hardware monitoring, and software alarms.

Security and reliability for internal and client networks
As Director of Technical Services, Jim Cheshire manages both the internal and external platforms as well as the technology deployed for clients. In both internal and client networks, Cheshire’s major concerns are security and reliability. “We have extremely high-end clients that demand performance and perfection,” he says. “We cannot afford to use products that can’t meet those clients’ demands.”

With everything else being equal, low cost equipment is always desirable. But Cheshire notes that for most clients, the actual cost of equipment is seldom a major issue. “Instead,” he adds, “the cost of deployment and maintenance remains our greatest concern.”

AVAI monitors and maintains client networks to the highest standards of security. In addition, AVAI must ensure that each client network remains isolated, so that no client network is accessible in any way to another and that each is protected against external access. At the same time, AVAI’s technicians must be able to easily and simultaneously maintain all client networks from headquarters. “Our clients’ networks house extremely sensitive information and we must ensure that this information is not compromised,” says Cheshire.

For AVAI’s internal network, efficiency of process and maximum uptime are always top priority. According to Cheshire, “The cost of losing a system and any associated system outage is the most costly problem to our organization.”

"For the performance and features that we require, the McAfee products provide the best experience, at a cost to train and maintain that is lower than any other product we have found."

Jim Cheshire
Director of Technical Services, AVAI Ventures

Robust performance and features at a manageable cost
Cheshire and his team chose McAfee UTM Firewall (formerly SnapGear) from Mcafee’s Network Security Business Unit (formerly Secure Computing.) “For the performance and features that we require, the McAfee products provide the best experience, at a cost to train and maintain that is lower than any other product we have found,” says Cheshire.

AVAI has deployed several UTM Firewall devices both internally and at customer sites, deploying the full range to suit each situation. Internally, AVAI headquarters and all branch offices employ McAfee UTM Firewall as the primary router, firewall, and VPN server for each location. Using IPSec connectivity, AVAI has created a mesh network between all locations. Externally, every client site also has a UTM firewall as the primary router, firewall, and VPN server. McAfee UTM Firewall deployments at all client locations are networked via secure IPSec tunnels to AVAI headquarters, in a hub-and-spoke configuration. McAfee UTM Firewall ensures that each of those client networks remains isolated and prevents one client’s network from accessing another’s.

Most of AVAI’s employees work in the field or from remote offices, and easy access to corporate information is a major requirement. McAfee UTM Firewall’s support for native PPTP VPN access makes it very easy for these remote workers to securely connect to the corporate network and data store. Also, the native integration of RADIUS permits AVAI field personnel to use their Windows domain credentials to access the network, just as if they were in the office — regardless of their physical location.

In addition, McAfee UTM Firewall’s powerful packet filtering rules give the AVAI team the flexibility needed to customize each environment to suit many different scenarios. And when a client site requires multiple subnets, the ability to configure VLANs provides the required isolation between those subnets.

Failover capability, satisfied clients
“We have not found a better solution to meet our internal and external client requirements,” Cheshire says. “McAfee products have consistently provided the performance and reliability that is demanded from our high-profile clients.” In addition, the cost to manage and maintain the network has been greatly reduced due to the low learning curve in mastering the product. “Every IT technology we deploy internally is focused on simplifying or automating an internal process. The more efficient we are, the more margin we gain on our top-line revenue. McAfee technology supports this priority by providing an easy-to-use interface and an easy-to-master technology for maintenance and support at client sites.”

“It’s hard to quantify many of the obvious efficiency savings,” concludes Cheshire. “Anecdotally, I am humored by the fact that our IT-intensive organization no longer observes any problems with connectivity from our Internet Service Providers. At one of our office locations, the primary Internet service was provided on the same line as our voice service. The primary service failed, but it was only detected by our company personnel after about an hour of noticing that the phones were not ringing. All other network connectivity was working due to McAfee UTM Firewall’s failover capability. Of course, our network monitoring system had detected the problem and we were already coordinating with the provider to address the issue.”

AVAI Ventures

Customer profile

Serves automation needs of high-end residential and commercial clients for properties 25,000 square feet and larger

Industry

Engineering

IT environment

Two networks — internal network serving four locations, and a client IT network

Challenges

Establish secure connectivity between client sites and headquarters; provide secure access to headquarters for field employees; provide the highest level of reliability and up-time; and maintain control over cost of deployment and maintenance

McAfee solution

McAfee UTM Firewall (formerly SnapGear)

Results

  • UTM Firewall’s IPSec failover ensures that office connectivity never suffers an outage in the event of a failed ISP connection
  • Automated failure detection and connectivity failover ensure that maximum uptime is achieved internally and at client network sites
  • PPTP VPN capability allows workers in the field to securely access headquarters
  • Ease of operation and low maintenance costs contribute to bottom-line profitability