Epiq, a worldwide provider of legal services and technology, adopted Microsoft Office 365 to reduce cost and labor overhead in its data centers. To integrate Office 365 into its overall infrastructure, the company deployed solutions from F5, including one to unify application access, resulting in a simpler, more efficient, and more secure IT environment.
Epiq is a leading global provider of integrated technology and services for the legal profession, including eDiscovery, managed services, bankruptcy, class action and mass tort administration, federal regulatory actions, and data breach responses. Of these, eDiscovery represents the largest share of the company’s business. Its key challenges include the pace, the sheer volume of data, and the project load. “We are constantly managing a high volume of client requests, new projects, and situations that don’t always fit inside our normal data center pattern,” explains Joseph Mehegan III, Manager of Enterprise Services at Epiq. “We have to stay nimble, while also keeping our eyes on our data centers to ensure that we’re building stable, repeatable, supportable solutions internally.”
As part of that ongoing mission, the company recently adopted Microsoft Office 365 cloud services to reduce its IT support burden. Integrating the Office 365 services into its existing IT infrastructure would be a big project but made good economic sense. “For years, we’ve been looking for ways to move away from maintaining email servers,” says Mehegan. “In the end, the Office 365 licensing model and the fact that Microsoft handles upgrades and patches were the really big draws.” Epiq would need to implement federation and conditional (or adaptive) access solutions to ensure that only authorized users could access a particular system. Its goals also included minimizing costs, conserving labor resources, and maintaining strong security.
To address these issues and better protect and manage Office 365, Epiq deployed several application delivery controller technologies from F5. Specifically, it chose the F5 BIG-IP platform, including BIG-IP Local Traffic Manager (LTM) for SSL acceleration, service monitoring, and intelligent traffic management. “We manage our wildcard certificates using BIG-IP LTM, so we don’t have to manage a single certificate along with the SSL upload,” says Mehegan. Epiq uses BIG-IP DNS with Office 365 to route authentication requests. BIG-IP Access Policy Manager (APM) replaced both the company’s Citrix Access Gateway and its Citrix web interface.
More generally, he adds, “We noted significant advantages of F5 over other vendors’ products. We saw a lot of possibilities, and after a lot of vetting, F5 was the route we took. The reputation of F5 seemed a lot stronger in the market to us.”
As part of the company’s efforts to implement federation, Epiq included key requirements in several projects in recent years. One was the ability to differentiate between its internal network users and those using an external network and to grant or block access to services based on the source IP. The Office 365 project was no exception.
“As we learned more about F5 technology, we realized we could apply any rules and any traditional access criteria we wanted,” says Mehegan, noting that Epiq has gradually implemented this capability through BIG-IP APM. He adds that when the Office 365 project came up, Epiq chose not to set up a traditional Active Directory Federation Services (ADFS) environment. “ADFS wasn’t a practical option from a cost and complexity perspective,” says Mehegan. “BIG-IP APM brings capabilities that would have otherwise required ADFS and Microsoft Azure Active Directory Premium Edition.”
Epiq engaged F5 Professional Services to assist with the Office 365 deployment and demonstrate how to apply restrictions to Windows PowerShell scripts. Says Mehegan, “Today, you can’t get any PowerShell access to Office 365 at Epiq unless you’re coming from one of our authorized egress points.”
By adopting Microsoft Office 365 and using F5 solutions to better protect it and merge it into the company’s overall infrastructure, Epiq gains a more flexible IT environment that easier to manage and operates at a lower cost.
Mehegan describes F5 as a future-proofing platform because its components work seamlessly and offer comprehensive functionality. “It’s a one-stop solution. We knew that we would deploy more F5 devices in the future but without tradeoffs,” he says. “The platform is robust enough and works flexibly enough to have staying power in our data centers. Every year we learn more capabilities.”
He cites the company’s use of BIG-IP APM as a specific example. “In general, our team looks at every project and says, ‘Can we replace some of its components by using BIG-IP APM?’ We prefer to do it that way because one solution is easier to support than many. It’s also more flexible from a licensing perspective and supports high-availability configurations.”
The flexibility of the combination of Office 365 and F5 solutions translates directly into simpler IT management and lower costs for Epiq. “One of the challenges that any IT organization faces is maintaining an easily supportable solution,” he says. “The more complex a solution is, the more people it needs, more expert staff you have to hire. Simpler is better.” He adds that efficient use of good talent is often harder in a complex environment too. “Given that we’re a medium-sized company, it can be hard to carve out a role for someone whose only job is to run ADFS, for example.”
Continuing the ADFS example, he notes that the guide for federating users with F5 to Office 365 was only three pages long, although more advanced documentation was available if needed. “It effectively required no rollout. This compares with two months for an ADFS test rollout followed by a month for a production rollout. Plus, our chosen production solution based on BIG-IP APM is smaller and has better licensing terms.”
Mehegan says that using F5 solutions saves Epiq money not only by being easier to manage but also by making other products and services easier to administer. He describes it as a powerful entrance point to the data center. “Apart from local and global intelligent traffic management or SSL buffering, which any similar device would be expected to do, we really appreciate how F5 can reduce the complexity of application deployment. IT managers should factor that into the cost of F5 solutions, because they can replace entire virtual desktop infrastructure stacks, Citrix solutions, and others.” He adds that IT departments can replace a lot of public-facing gear that would otherwise need to be installed, patched, and secured.
He concludes, “I consider F5 a foundation in our data center. Before we tell someone that something can’t be done or that a request from a client or a customer or authentication request can’t be processed, we check with F5 first, because chances are they can tell us how to do it.”