Customer Overview
Funan Securities is a local securities company with a long history. Funan Securities is dedicated to providing the most convenient service for customers and partners through diversified and qualified securities and financial services while maximizing profits for the company's shareholders. Funan Securities made a strong contribution to the development of Vietnam's stock market.
Challenges
Funan Securities was recently acquired by the Yin’ a Group, which required expansion of its business and IT construction.
1. As FNS grows, a large amount of data needs to be transferred within the internal network, while the physical hardware of servers and storage continues to the near end of life.
·Unable to Expand Its Storage
Traditional expansion of the server required a temporary business server shutdown, significantly affecting business. Moreover, the server slot of the FNS was full and cannot be expanded.
·Slow Access
It was difficult for employees to access data stored in physical servers and storage, making their old physical servers and storage the biggest obstacles to improving productivity.
·Heavy Workload to Maintain
All of their data centers have been in use for more than 10 years, with old and problematic servers. IT managers were required to spend a great deal of time dealing with hardware problems, leaving no time to deal with and plan more valuable business opportunities.
2. Their security protection was poor, with older, traditional firewalls providing no professional protection against security threats to the server and application layer. More recent ransomware strains were a large threat to their data security.
·Poor Comprehensive Protection
FNS suffered from corporate espionage, malicious code, access authorization cancellation, and distributed service rejection attacks, and found their defenses unable to cope.
·Complex Security Analysis
FNS business's continuous development was putting pressure on their logs, which were unable to respond quickly enough to respond to risks effectively. This required the use of costly security experts on occasion.
·Lack of Dynamic Security Awareness
As the company expanded, the IT infrastructure also needed to be upgraded, causing new security vulnerabilities they were unable to address.
·Data Security Transactions between Stations
FNS is a securities company with many branches, meaning the key sales and financial data connection between branches needed to be very secure.
3. FNS has many branches, with the data center in Jakarta, Indonesia. A great deal of time was needed for branches to connect to the data center in the HQ, to receive e-mails, and to enter the ERP system, which seriously affected the efficiency of employees.
·Low Download Speed
Although FNS rented an international dedicated line, it still couldn't satisfy user experience demands as the business developed. However, improving only the bandwidth of this dedicated line promised a significant cost.
·Slow Core Business
Some of FNS's internal business systems and file-sharing servers were managed in the Jakarta data center, while the Vietnam office needed to connect to ERP frequently, with each connection step taking more than 30 seconds. It often took more than 10 minutes to download a 10M file, meaning employees spent a significant amount of time waiting, which seriously affects employee work efficiency.
Sangfor Solution
The Sangfor designed solution for FNS included 3 physical host servers, 3 next-generation firewalls, a WAF module, and a WANO as network optimization and acceleration device between branches. All major data is integrated into and managed in the data center in the Ho Chi Minh headquarters. Branches now access the data center through a VPN and a dedicated line. The branch gateway deployed an NGAF device to protect business data, and a WANO device to optimize the link between the branch and the data center, reducing bandwidth usage.
1. Sangfor HCI
Sangfor provided a virtualization platform for FNS, which is easy to manage and expand. This solution consists of 3 physical one logical resource pool and sharing these resources to all virtual machines, virtual storage, and virtual network devices in Sangfor HCI, which can support about 25 virtual servers.
Sangfor HCI provides a “What you draw is what you get” topology console screen.
The Sangfor virtual network platform in HCI allows users to design seamlessly or create their own virtual topologies in the console. The virtual network platform can add or remove virtual routers/switches and connect or disconnect these servers according to need.
Sangfor HCI provides a virtualization platform for servers and storage, reducing IT server maintenance workload. In addition, CPU, memory, and storage no longer need to access multiple internal network layers.
2. Sangfor NGAF
Sangfor NGAF protects internal and online data transactions and web applications in servers.
·Next Generation Converged Security
Sangfor NGAF provides the converged security of next-generation firewall and WAF, IPS security, web application protection, and security visibility. Sangfor provides improved FNS security using AI-enabled Engine Zero, with enhanced abilities to detect bad domains, anti-DDoS, ransomware, and spam through dynamic detection and intelligent analysis. Sangfor NGAF uses a closed-loop system to enhance security protection, reducing risk and making correlation analyses between NGAF, cloud sandbox, and cloud intelligence.
·Comprehensive Report and Automatic Log Analyzer
Allowing IT managers to understand the content of security events easily, and respond to risk quickly.
·Overall Security Assessment of the Entire Network
Sangfor NGAF provides security protection for FNS, based on the signature, with PVS, web scanning programs, and dynamic identification. Sangfor NGAF actively identifies new business assets or updated business assets through the Sangfor Business Recognition Engine. If a changed asset is discovered, it will automatically perform an incremental evaluation of the changed asset.
·Security Connection with Sangfor VPN
Through Sangfor VPN, NGAF establishes a high-speed security passage for data transactions between sites, to achieve a stable connection.
3. Sangfor WANO
Sangfor allows each branch to deploy WANO in bridge mode, and the Ho Chi Minh data center to deploy WANO in gateway mode. These two WANOs form an "accelerated passage" where Sangfor applies a large number of patented technologies, including byte cache, compression, and application agent. During this process, bandwidth occupation is reduced and stability and transmission speed are improved.
FNS uses a public network to carry WANO, allowing each branch to connect back to the Ho Chi Minh data center at high-speed.
Sangfor WANO also provides the following value:
Reduced bandwidth occupation and eliminated the need to upgrade bandwidth, leading to improved application response-ability and work efficiency.