Achieved stable operation
Reduced five-year TCO by 40%
Stabilize authentication infrastructure operation
Extend SSO to G Suite
Azabu University had been using single sign-on (SSO) for internal systems since 2006, but an upgrade in 2011 led to instability plaguing its authentication infrastructure. Overhauling the system in 2016, the university chose F5 Network’s BIG-IP Access Policy Manager (APM) to achieve its top priority of operational stability.
Azabu University traces its history to the foundation of the Tokyo Jui Koshujo (Tokyo Veterinary Training School) in Azabu, Tokyo, in 1890. Azabu Veterinary College was established as a tertiary educational institution in 1950, and was renamed Azabu University soon afterward. The university’s veterinary teaching hospital provides conscientious, state-of-the-art veterinary medical services, and contributes to education and scientific research in clinical veterinary medicine.
The university needed to resolve the ongoing instability issues of its authentication infrastructure, which was implemented in 2011. “System faults were occurring on the server due to memory leaks, and we were plagued by numerous problems for three years after its deployment,” says Kazutaka Zenno, Deputy Administrative Director of the university’s Center for Science Information Services. The system’s tiered configuration, using several different products, exacerbated the problems.
In August 2016, the university’s engineers began researching options for a replacement infrastructure that would achieve the stability they sought. They narrowed the field to three vendors, and called on the candidates to make proposals that November. Ultimately, the university chose the vendor that proposed using F5 BIG-IP Access Policy Manager (APM). “Achieving the stable operation of our authentication infrastructure was a priority for us, and BIG-IP APM is a quality solution that has proven itself time and again,” says Zenno.
Achieving the stable operation of our authentication infrastructure was a priority for us, and BIG-IP APM is a quality solution that has proven itself time and again.
From the time Azabu University decided to adopt the system to when it completed the transition and launched services, the deployment of BIG-IP APM solution took a grand total of 50 days’ time—half as long as it took to upgrade the previous infrastructure in 2011. Engineers didn’t even need the spare days they’d built into the schedule in case they encountered unexpected challenges.
In the university’s new authentication infrastructure, BIG-IP APM provides the SSO, secure access from off-campus, and VPN functionality. Active Directory—which was already running on the existing on-campus systems—works with BIG-IP APM to acquire users’ login credentials. Gluegent Gate, a cloud-based SSO access control service, and SAML perform user authentication for accessing G Suite. SSO for accessing Cybozu’s Garoon is done using a combination of BIG-IP APM’s Form Authentication feature and iRules, working in tandem with SAML ldp. Authentication for access to other campus systems is performed by rewriting HTTP headers according to iRules.
We encountered no problems at all deploying BIG-IP APM, and are glad we went ahead with the consolidation.
We’re very happy with how smoothly the transition went, and our five-year TCO is 60% of the previous system’s.
Because Azabu University sought operational stability above all else, it opted for a product with an earned reputation for reliability. When its engineers deployed BIG-IP APM, they were relieved that they no longer had to track down faults and glitches. They were also pleased that the new solution enabled them to conserve valuable space, cut power consumption, and dramatically reduce total running costs.
The biggest benefit of the transition to the new authentication infrastructure was the operational stability it brought from day one. “We don’t have to check the logs anymore, because there are no faults occurring that we have to track down,” says Zenno. He adds that their deployment of BIG-IP APM has also greatly reduced operational workload: now his team only looks at the logs in the course of routine work to check capacity (for example, to see how many sessions are running). BIG-IP APM’s affinity with cloud services such as Gluegent Gate and G Suite means that they work together without issue.
Azabu University was also able to streamline its whole system by consolidating its authentication infrastructure, which previously required multiple pieces of equipment, in a single implementation of BIG-IP APM. “At the pre-planning stage we felt that integrating SSO and our VPN with the BIG-IP platform entailed some risks,” recalls Toshihiko Ogihara, who serves as a Chief Administrator of Network at Azabu University and was involved in selecting the equipment to be used in this upgrade. Installing the previous system had caused significant disruption, and his IT engineers worried that something similar could happen—with far-reaching consequences. However, those issues never came to pass with the new system. “We encountered no problems at all deploying BIG-IP APM, and are glad we went ahead with the consolidation,” he says. Consolidating the equipment saved valuable space and cut power consumption as well: Where previously 25 devices took up a full 42Us, now three devices occupy only 4Us. In addition, the server room is much cooler.
Azabu University’s consolidation of its equipment also brought about a dramatic TCO reduction. Masaru Murakami, Advisor to the President, and Director of Center for Science Information Services, says that that the transition to the BIG-IP platform was so seamless that, other than minor changes in the log-in screen, end users experienced no perceptible differences. In addition, the cost benefits are huge: “We’re very happy with how smoothly the transition went, and our five-year TCO is 60% of the previous system’s,” he says. Going forward, along with expanding the scope of SSO, Murakami and his people intend to deploy F5’s VPN application to provide VPN access from smart devices, too.