CEWE Prepares for Its Peak Season Using F5 Solutions

During the holiday season, photo and online print service CEWE must handle peak loads many times greater than those during the rest of the year. To be sufficiently prepared, the company decided to install a powerful application delivery solution provided by F5. In addition, CEWE implemented a web application firewall by F5 to defend against security threats. 

Business Challenges

Germany-based CEWE is an innovative photo and online print service located in 24 European countries. Its 12 high-tech production sites and nearly 3,400 employees make it a technology and market leader. In 2015, CEWE delivered about 2.2 billion photos, 6 million individual photobooks, and photo gift articles to about 25,000 commercial customers—for revenues of 554.2 million Euro.

Due to the combined efforts of CEWE and its trade partners, the company registers continually high growth, with extremely heavy peak loads during the holiday season. For years, the company relied on its load balancing solution, an F5 BIG-IP 8900 application delivery controller, to master the heavy traffic. CEWE wanted to prepare for another surge in usage numbers. The server load had also increased due to stronger encryption technologies.

“We needed a more powerful solution for load balancing our application server, to handle increasing data in the years to come—without experiencing performance problems or even failures,” says Udo Janßen, Online Operations Manager at CEWE. “After all, we wanted to offer our customers first-class, reliable services which are permanently available. In the Internet age, customers often terminate an operation after a few seconds if it does not work to their satisfaction.”

The company also faced constantly growing security threats. A large number of the photo services offered by CEWE are developed in-house and updated almost every week. For that reason, CEWE requires a very high security level to defend against current threat scenarios such as unknown ransomware, DDoS attacks, and malware used to spy on customer data. Moreover, CEWE uses open-source applications based on Apache Tomcat, Java, or PHP, which should be secured through a web application firewall. The goal is to avert security breaches, expenses for remedial actions, and potential damage to the company’s reputation.

Solution

“We were extraordinarily satisfied with the F5 application delivery solutions we had been using. They were running reliably and without problems worth mentioning,” says Janßen. “It was also with their help that we managed to maintain our reputation as an excellent photo service provider. Nevertheless, we started a call for bids in order to analyze the offerings of different vendors and to match them to our needs. We found out that the new generation of solutions from F5 offers the best overall package of application delivery services and web application firewall. It provides central management, gets excellent support by the vendor, has a user interface we are familiar with, and offers a good price-performance ratio. That’s why we decided to go with F5 again.”

CEWE now utilizes a BIG-IP 10055s device with BIG-IP Local Traffic Manager (LTM) and BIG-IP Application Security Manager (ASM)—F5’s web application firewall. Installation of the device and migration from BIG-IP LTM version 10 to version 11 was executed by F5 partner MCS GmbH, a long-time service partner for CEWE. “Due to good preparation by us and our service provider, we were able to bring the new version into service within a few days using maintenance windows,” Janßen explains. “Our IT service partner MCS GmbH executed the integration. There was no training needed as we do the maintenance on our own, due to the experience we have with F5 products.”

While the load balancer was migrated in one step, installation of the web application firewall was completed step by step for the various applications. Here, the open-source solutions had priority. CEWE plans to extend the firewall to include the applications developed in-house. Because of the integrated modules, these features can be supplemented smoothly and managed centrally with the F5 BIG-IQ Centralized Management platform.

Benefits

The new F5 solutions prepare CEWE for peak loads with better protection from novel attacks. The company can also continue to use the management processes it has employed for years.

Higher bandwidth for handling peak loads

“Thanks to F5, we will be able to offer our customers first-class, reliable photo and online print services in the years to come,” says Janßen. “Using the new solution, we achieved a significant increase in data performance. We will be able to handle a 15–20% increase in data traffic without additional investment.”

The company also plans to  expand server capacities by adding new sites. It currently has two redundant, mirrored data centers at the company headquarters in Oldenburg, Germany. Two additional sites are in the planning stage. The goal is to achieve higher reliability and reach new markets. These sites require global traffic management, which could be obtained by extending the current solution in Oldenburg.

More security through a web application firewall

The press has recently reported massive DDoS attacks on connected devices in the Internet of Things (IoT). Popular services that are often used by private users are increasingly targeted by spyware designed to explore sensitive customer data. Another current trend is ransomware attacks, which seek to extort ransom money by restricting access to the victim’s data. To defend against these attacks, enterprises need comprehensive security measures protecting access, infrastructure, and applications.

“We are very exacting about the applications developed in-house. We need to be up-to-date in order to fend off attacks and protect the personal data of our customers the best way possible,” says Janßen. “Also, with third-party applications, we do not want to wait for the developer to provide a patch or an update. So we now use F5’s web application firewall to secure these applications against novel attacks. It also offers a kind of first aid with regard to vulnerabilities. From now on, we will use IP reputation management to further increase the security level through IP address assessment.”  

High level of continuity for IT management

The new F5 solutions prepare CEWE for peak loads with better protection from novel attacks. The company can also continue to use the management processes it has employed for years.

Higher bandwidth for handling peak loads

With its new F5 solution, CEWE relies on the same hardware base as before—with additional power and security through the web application firewall. Because the user interface and most of the features have remained unchanged, the IT staff can quickly use the solution without training.

“As the user interface is not new to us, we benefit from a high level of continuity in IT management,” Janßen explains. “Some interesting features were added in the new version. They can be used intuitively and provide us with significant additional value. We now have a much better overview over the current operations based on IP addresses. The F5 BIG-IQ Centralized Management console provides another huge advantage as we can use it as a one-stop shop for managing both load balancing and the web application firewall. This way we eliminate redundant work and considerably reduce management overhead. In the future, we might even employ it to also manage our cloud services, which we only use for less sensitive and non-critical services. With F5 we are all set for the future, across the board.”

Challenges
  • Previous solution was reliable but close to capacity limits
  • Growing security threats
  • Need for seamless IT training and management

Benefits
  • Handles peak loads and data growth of 15–20% per year
  • Provides additional security with a web application firewall
  • Enables more efficient IT management
Products