NCR Trims Network Growth by 10 Percent
Saves $5 Million Annually With Cisco PIX Firewall
and NetPartners' URL Filtering WebSENSE
When consumers go shopping this week, they will more than likely encounter
an NCR solution, whether it's a point-of-sale device, an ATM machine, or
a virtual bank. For more than 100 years, NCR, a $6.5 billion multinational
company headquartered in Dayton, Ohio, has served consumers and retailers,
making the transaction process easier and more efficient. NCR's wide array
of equipment and services enables its customers to gather, analyze, store,
and use the valuable information gathered from customer transactions. And
with the growing prevalence of the Internet, NCR has successfully propelled
itself into the new generation of electronic commerce.
"The overall benefit to NCR has been dramatic. We've achieved tremendous
cost savings and greatly improved performance, leading to higher worker
productivity and satisfaction."
David Pike
Director of Global Network Solutions, NCR
The Challenge
In the last few years, NCR, with 33,100 employees worldwide, has increasingly
relied on the Internet and extranets (access to and from non-NCR entities)
to conduct electronic commerce with partners, distributors, resellers, and
customers. According to David Pike, NCR's Director of Global Network Solutions,
the number of NCR extranet applications alone will increase 1000 percent
in the next year. Traffic on the company's data network has grown up to 42
percent per year, forcing NCR to maximize use of every router and switch
and continually upgrade circuit capacity---an ongoing high cost.
As traffic onto the Internet - and costs associated with that traffic -
mushroomed in the last two years, NCR began analyzing the traffic crossing
its Internet gateway in Dayton, Ohio. The results were startling: a significant
portion of its Internet traffic was not related to NCR business. In addition
to raising productivity issues, this traffic consumed significant bandwidth
on the Internet access links in addition to the high amounts of bandwidth
consumed on NCR's internal WAN network.
"We knew that some percentage of our traffic was non-business-related, but
we never imagined it was as high as it turned out to be," says Pike.
To restrict non-business-related traffic, the company decided to install
the NetPartners
WebSENSE URL filtering
Internet access management software on top of NCR's existing NT-based firewall.
The WebSENSE software enables companies to restrict Web sites accessed by
marking certain sites as off-limits. Companies can enforce policies regarding
Internet use by denying access to non-business-related sites. The software's
WebSENSE Reporter features reports on internal Internet usage. After installing
WebSENSE software, however, NCR learned that the existing firewall couldn't
scale or handle the throughput requirements of both packet filtering and
URL filtering.
NCR's firewall was deficient even before they began implementing port-address
translation (PAT), a feature that translates all internal IP addresses to
one IP address. With PAT, the outside world would see all of NCR's department,
client, and host computers as only one IP address, improving security and
enabling NCR to more easily and cost-effectively select multiple ISPs.
The Solution
NCR replaced its firewall with the PIX Firewall from Cisco Systems. This
dedicated security appliance has its own real-time operating system that
supports both WebSENSE and PAT and provides very high performance.
The PIX Firewall solution offered several advantages. Because the PIX Firewall
features three or more interfaces, NCR could create what is known in security
circles as a "demilitarized zone" (DMZ). One interface connects to the internal
network, the second to the Internet, and the third to the DMZ--an isolated
network for public servers to further protect e-mail or Web hosting from
hackers.
The DMZ absorbs throughput and allows the PIX Firewall to offer higher
performance. NCR installed NetPartners WebSENSE URL filtering Internet access
management software on the DMZ network, which offloads processing from the
PIX Firewall. NCR also placed WebSENSE on its own server platform, further
removing processing overhead from the PIX Firewall.
$5 Million Annual Savings, Improved Productivity
Pike says the results have been outstanding. One PIX Firewall serves the
needs of all 33,100 NCR employees, supporting multiple T1 connections to
the Internet at NCR's corporate headquarters. Though only a fraction of these
employees access the Internet at the same time, the PIX Firewall handles
approximately 3,000 connections at peak times. The PIX Firewall simultaneously
interfaces with WebSENSE (filtering URL sites), runs PAT for every internal
IP address or runs Network Address Translation (NAT) for security on the
DMZ, and interfaces to the backup PIX Firewall---handling all of these functions
with the highest levels of performance and security.
"We've been impressed with the performance of the PIX Firewall," says Pike.
"We are presently the only enterprise company that can run PAT for all of
our internal hosts and client computers. In addition, the PIX Firewall
continuously interfaces to WebSENSE and, as our statistics reveal, has been
instrumental in cutting excess traffic and freeing bandwidth for other strategic
uses."
While NCR's network previously grew at 42 percent a year, the company now
projects that URL filtering WebSENSE will reduce its network growth to 32
percent. That's 10 percent less network growth per year and a 24 percent
reduction in annual network growth--an enormous reduction of traffic. Pike
estimates that NCR saved $1 million in 1998 alone from reduced need for new
circuits and network infrastructure. NCR saves another estimated $4 million
annually by eliminating wasted employee time. In addition, by eliminating
unnecessary traffic and increasing network capacity, users running legitimate
applications have reported a significant increase in performance.
"The overall benefit to NCR has been dramatic," adds Pike. "We've achieved
tremendous cost savings and greatly improved performance, leading to higher
worker productivity and satisfaction."
"We have had excellent collaboration with our suppliers," says Pike. "Cisco
Systems worked closely with us to fine-tune the PIX Firewall so that it worked
superbly with NetPartners WebSENSE and was able to handle PAT enterprise-wide.
It was a tough challenge, but the benefits have been exceptional and we're
now in a stronger position for future Internet activity growth."
Published with permission of Netpartners Inc.
© 1999 Cisco Systems Inc.
Copyright ©1996-98 NetPartners Internet Solutions, Inc.
|
