Catholic Education South Australia provisions scalable and secure applications with F5 Networks

Catholic Education South Australia (CESA) is the parent body that directs policy development for Catholic schools in South Australia. CESA works in partnership with Catholic schools across South Australia to provide a range of facilities and resources to support Catholic education and families. The focus is to promote excellence in teaching and learning for the 6,000 staff and 49,000 students across 103 Catholic schools.

Together with F5, CESA has created an intelligent and agile infrastructure to securely deliver optimised applications to its stakeholders, including schools and students. CESA deployed F5 Application Delivery Controller ;(ADC) solution, which include BIG-IP Local Traffic Manager (LTM) and Access Policy Manager (APM), to scale applications to meet significant bandwidth demands and generate greater business agility.

On top of those modules, the organisation also implemented BIG-IP Application Security Manager (ASM) to provide application layer protection for the many applications and content made available across the Internet.

CESA supports the delivery of IT services to over 98 schools distributed across South Australia. CESA was using a traditional load balancing solution to distribute traffic workloads and accelerate application delivery. However the product had limitations in hybrid environments.   

Increasingly, CESA required a solution beyond traditional load balancing. More specifically, it was looking for a solution that was sophisticated enough to manage a hybrid environment, customise and automate tasks, as well as scale with CESA’s growing demand.

Simon Sigré, Senior Network Engineer at CESA explained, “Our biggest challenge early on, as we started delivering more and more applications to schools, was scale. With over 98 schools connected to our wide area network, CESANet, the aim was no longer around how to get the customer to connect fast, but how we could serve content and provision new services faster. Traditional methods simply didn’t provide us with the horizontal scaling that we needed and we couldn't keep up. We needed a customisable framework for deploying applications and automating tasks.”

Later, as CESA became more application-centric, it realised that the current security measures were no longer advanced enough to meet its need for application level protection.

“Being an education network and moving into the application space meant that traditional Intrusion Prevention System (IPS) solutions were no longer appropriate. We were required to start building Layer 7 (L7) security policies that wrapped like a glove around each web app,” said Sigré.

It was through these necessities and on the back of peer recommendations that CESA came to adopt BIG-IP LTM and APM solutions and later on added the ASM module. 

CESA deployed BIG-IP LTM to act as the bedrock for the organisation to provision, optimise and deliver over 300 services. It provided the ability to publish applications out to the Internet in a quick and timely manner within a controlled and secured environment. F5 crucially provides both the performance and the horizontal scaling required to meet the highest levels of throughput.

At the same time, BIG-IP APM provides schools with the ability to leverage virtual desktop infrastructure (VDI) applications downstream, scale up and down and not have to install costly VDI gateways on site, whilst also centralising the security decisions that come with it.

“LTM and APM allowed us to rapidly deliver changes and provision policies when publishing applications. As part of this we developed custom iApps to rapidly and consistently deliver, as well as reconfigure the applications that we publish out to the Internet in a secure, seamless and manageable way,” said Sigré.

On choosing to add application layer security to its portfolio of F5 solutions, Sigré commented, “ASM gave us that extra advantage, where we were able to build some high level templates that matched the base technologies in use and then start customising to accommodate the subtle differences of each new service.  Specifically, ASM allowed us to tailor security profiles that fit like a glove to wrap seamlessly around every application, in a way that traditional firewalls cannot. It also gave us a level of assurance that all our applications are delivered in a secure manner.”

On deciding to work with F5, Sigré said, “F5 is a leader at what they do. For us, picking a vendor that was in line with our philosophies in rapidly delivering new technologies and that had an open community and strong partner network around them was important. F5’s partner SecureWare played a pivotal role in keeping me abreast of technology”.

Today, CESA is able to optimise and ensure a secure and fast end-user web browsing experience. For instance, the powerful yet simple scripting syntax of iRulesTM enables it to inspect inbound and outbound application traffic for malicious content and offers a way to customise load-balancing algorithms to improve efficiency and availability.

“iRulesTM is the most flexible language I have come across for modifying inbound traffic and writing code. We even published our re-writing tools on F5 DevCentral. F5 is developing functionalities faster than we can try out new features. Never have we worked with a vendor who is so on the cusp of development,” said Sigré.

“The ability for CESA to publish a new service in a safe and secure manner is so quick and easy now. Being able to make a service publicly accessible is now no longer a complicated task,” said Sigré.

“F5 BIG-IP Platform is like a network Swiss army knife, when you look at how we use LTM, APM, ASM, iRules and iApps in our environment, the one application adds tremendous value to every service we deliver,” said Sigré.