AVAI Ventures Relies on McAfee UTM Firewall to Protect Internal and Client Networks

Taking a holistic approach to serving the automation needs of more than 200 high-end residential and commercial clients, AVAI Ventures (AVAI) creates unified solutions designed to provide efficient and easy-to-use technology environments. As the leader in its space for properties larger than 25,000 square feet, AVAI’s complete solutions often integrate multiple systems which may include audiovisual, data, environmental, life safety, telecommunications, and security.

AVAI manages two IT networks - its own internal network serving 30 employees across four locations, and a client IT network. Internally, the company has a mesh network between all office locations, with each location having a complement of servers to support business operations. The client IT network is a hub-and-spoke network, with each client connecting securely and in an isolated, protected manner to the AVAI operations center. AVAI provides full network monitoring services for all client networks, including device and hardware monitoring, and software alarms.

Security and reliability for internal and client networks
As Director of Technical Services, Jim Cheshire manages both the internal and external platforms as well as the technology deployed for clients. In both internal and client networks, Cheshire’s major concerns are security and reliability. “We have extremely high-end clients that demand performance and perfection,” he says. “We cannot afford to use products that can’t meet those clients’ demands.”

With everything else being equal, low cost equipment is always desirable. But Cheshire notes that for most clients, the actual cost of equipment is seldom a major issue. “Instead,” he adds, “the cost of deployment and maintenance remains our greatest concern.”

AVAI monitors and maintains client networks to the highest standards of security. In addition, AVAI must ensure that each client network remains isolated, so that no client network is accessible in any way to another and that each is protected against external access. At the same time, AVAI’s technicians must be able to easily and simultaneously maintain all client networks from headquarters. “Our clients’ networks house extremely sensitive information and we must ensure that this information is not compromised,” says Cheshire.

For AVAI’s internal network, efficiency of process and maximum uptime are always top priority. According to Cheshire, “The cost of losing a system and any associated system outage is the most costly problem to our organization.”

"For the performance and features that we require, the McAfee products provide the best experience, at a cost to train and maintain that is lower than any other product we have found."

Jim Cheshire
Director of Technical Services, AVAI Ventures

Robust performance and features at a manageable cost
Cheshire and his team chose McAfee UTM Firewall (formerly SnapGear) from Mcafee’s Network Security Business Unit (formerly Secure Computing.) “For the performance and features that we require, the McAfee products provide the best experience, at a cost to train and maintain that is lower than any other product we have found,” says Cheshire.

AVAI has deployed several UTM Firewall devices both internally and at customer sites, deploying the full range to suit each situation. Internally, AVAI headquarters and all branch offices employ McAfee UTM Firewall as the primary router, firewall, and VPN server for each location. Using IPSec connectivity, AVAI has created a mesh network between all locations. Externally, every client site also has a UTM firewall as the primary router, firewall, and VPN server. McAfee UTM Firewall deployments at all client locations are networked via secure IPSec tunnels to AVAI headquarters, in a hub-and-spoke configuration. McAfee UTM Firewall ensures that each of those client networks remains isolated and prevents one client’s network from accessing another’s.

Most of AVAI’s employees work in the field or from remote offices, and easy access to corporate information is a major requirement. McAfee UTM Firewall’s support for native PPTP VPN access makes it very easy for these remote workers to securely connect to the corporate network and data store. Also, the native integration of RADIUS permits AVAI field personnel to use their Windows domain credentials to access the network, just as if they were in the office — regardless of their physical location.

In addition, McAfee UTM Firewall’s powerful packet filtering rules give the AVAI team the flexibility needed to customize each environment to suit many different scenarios. And when a client site requires multiple subnets, the ability to configure VLANs provides the required isolation between those subnets.

Failover capability, satisfied clients
“We have not found a better solution to meet our internal and external client requirements,” Cheshire says. “McAfee products have consistently provided the performance and reliability that is demanded from our high-profile clients.” In addition, the cost to manage and maintain the network has been greatly reduced due to the low learning curve in mastering the product. “Every IT technology we deploy internally is focused on simplifying or automating an internal process. The more efficient we are, the more margin we gain on our top-line revenue. McAfee technology supports this priority by providing an easy-to-use interface and an easy-to-master technology for maintenance and support at client sites.”

“It’s hard to quantify many of the obvious efficiency savings,” concludes Cheshire. “Anecdotally, I am humored by the fact that our IT-intensive organization no longer observes any problems with connectivity from our Internet Service Providers. At one of our office locations, the primary Internet service was provided on the same line as our voice service. The primary service failed, but it was only detected by our company personnel after about an hour of noticing that the phones were not ringing. All other network connectivity was working due to McAfee UTM Firewall’s failover capability. Of course, our network monitoring system had detected the problem and we were already coordinating with the provider to address the issue.”