Flowmaster International Secures And Expands Its Business With The Help Of Watchguard Firewalls And VPNs

Flowmaster International, specialists in fluid flow analysis software for engineers, has protected its business and expanded its operations with the help of WatchGuard firewall and VPN systems. What’s more the installation of these systems has helped the company grow its business, cut costs, improve communications between overseas offices and head office, increase productivity and streamline administration.

Flowmaster International is the developer of the world’s first and leading 1-D thermo fluid flow analysis software package, designed for the engineer’s desktop PC. The software, first designed in 1986, helps engineers to design complex fluid systems in pipes and understand how mechanical events, such as valves shutting quickly and pump trip, affect the fluid dynamics of a whole system.

The company, which was set up in 1992, now has its headquarters near Towcester in Northamptonshire, a development office in Pune, India, sales offices in France, Germany and the US, plus distributors worldwide. The company’s staff numbers around 80 in all.

Flowmaster decided to improve its computer security, prompted by the ever increasing threat from viruses, hackers, etc. Besides the need to protect its general computer systems, Flowmaster also needed to safeguard its valuable customer database and, of course, protect the software which it had developed and was continually developing. The software is the company’s livelihood and a breach in its security would have been a major set back.

The first step was to protect the UK head office. A Firebox (firewall and VPN) from WatchGuard, the world’s leading provider of firewalling for SMEs/SMBs, was chosen to do this. The system came with LiveSecurity, a WatchGuard service which keeps customers updated with all the latest security threats.

According to Graham Pembery, group systems administrator for Flowmaster, the WatchGuard solution was selected in preference to its nearest rival the Sonic Wall firewall, because of WatchGuard’s lower ongoing maintenance costs.

Encouraged by the success of the firewall and the security it had provided, Flowmaster decided on a major move to develop its business. The company opened a software development office in Pune, India. This was prompted by the lower costs of staff and the high level of computer expertise in the country. The idea was to cut costs by splitting software development between the UK and India.

Pembery installed a WatchGuard SOHO firewall and VPN, suitable for branch offices, at the Indian site. A secure WatchGuard VPN link was set up between India and the UK. Windows Remote Desktop was used to allow the UK to perform system administration tasks remotely. Additionally, Windows Live Communications Server was deployed together with the Messenger client to enable secure internal communications. This also had the benefit of allowing desktops to be shared for demonstration purposes between the offices.

Flowmaster’s sales offices in Chicago, Detroit, Paris, Frankfurt and a support office in Gothenburg have now all been protected with WatchGuard SOHO firewalls and connected to the UK via the WatchGuard secure VPN. Some of the sales offices have had WatchGuard VPNs installed between them, to carry out secure branch to branch communications.

Over this VPN connectivity, Flowmaster runs a single Windows 2003 domain infrastructure with multiple sites. Some sites are connected with leased lines, ADSL, SDSL or wireless links depending on the local availability and cost.

The WatchGuard Firebox acts as the primary firewall. All the company’s email passes through it and is distributed worldwide via local Microsoft Exchange servers over the WatchGuard VPNs. A failover for the primary firewall, using an alternative site, is built into the system.

Control for the worldwide system is done from the UK site and no matter where the offices are in the world, they all appear to be part of the same network. All system administration for the whole group is done in the UK, including all SPAM filtering, anti-virus updates and other security updates.

Benefits

A major benefit to Flowmaster has been the opening of the Indian office which, according to Graham Pembery, would not have been done unless the company had been convinced that any online communications between the UK and India would be secure. This was because of the sensitivity of any software development work.

Opening the site, which is connected to the UK by a WatchGuard VPN, allowed Flowmaster’s software to be developed simultaneously in both the UK and India, whilst maintaining a single copy of source code. Various other administration functions are also performed over the UK/India link. The establishment of the Indian office has allowed Flowmaster to be increasingly competitive in the marketplace and increased the company’s ability to develop its software, improving its scope and capability.

The intention of setting up all the other overseas sales office VPNs was to bring what was a distributed organisation together, allowing branches to share information and talk to each other more easily, while maintaining security. Previously, development work might be communicated by putting a CD in the post. Getting all the sales office online and connected by VPNs has resulted in much better communications between the various parts of the company and, very importantly, higher productivity.

One of the main benefits overall has been in the handling of email, which is now harmonised and much quicker. Previously, each office had different email accounts, with different email addresses, whereas now they all have the same email address. Email is all run internally now, going between offices over the VPNs, making it more secure.

Huge improvements have been made in the way SPAM is dealt with. SPAM filtering is all done in the UK, so each country no longer has to deal with its SPAM problems separately. A significant benefit was obtained by simply configuring the SMTP proxy server on the WatchGuard Firebox to accept valid email addresses only.

Previously Flowmaster had been getting 3000 emails a day to unknown people at the company (e.g. fredbloggs@flowmaster.com) or to people who had left the company. Pembery says that this has eliminated the ‘bad email’ queue. All of these ‘bad emails’ have now been banned at the firewall, causing significant productivity gains and better system performance.

For example, if Pembery sent a test message to the company’s IP provider, it was taking eight minutes to do a round trip for a couple of lines. By eliminating all the extra emails, it now takes eight seconds. Pembery said: “The quality of the email response we’re getting now is absolutely fabulous and back to where it should be.”

The new infrastructure has been running with remarkable resiliency over the last four years. It has been Flowmaster’s main protection against hacking and intrusion into the network and has undergone several software upgrades. The capacity of the system hasn’t even been tested and no problems have been experienced with the WatchGuard kit. Any network outages that have occurred have been caused by ISP connections going down because of incorrectly configured routers or switches.

Generally, Pembery finds the WatchGuard firewalls and VPNs easy to install and easy to use. Are there any particular features he appreciates? Quite a few. He cites the VPN Manager as being particularly good. “We have eleven VPNs connecting the different sites. With the WatchGuard system, establishing a new VPN connection is simple. It’s very easy to use and easy to monitor. The ability to manage multiple VPNs is excellent.”

Pembery can also configure the firewalls remotely. “I can sit in the UK,” he said, “bring up the web server on each of the WatchGuard SOHO firewalls and configure them as required.”

Various monitoring features are also praised by Pembery. The real time Traffic Monitor tells him exactly what is happening at any given time. He can see, for example, that the SMTP proxy server has denied an invalid address from a particular place. The ‘Host Watch’ feature tells him exactly who is connecting to which external sites and which external sites are trying to deliver email to him. “It’s very visual,” he said, “updating in real time.” He also makes use of the Bandwidth Monitor, which helps him keep things flowing more easily. “I can see exactly how much bandwidth I’m running at any one time,” he commented.

An aid to productivity employed by Pembery is the WatchGuard WebBlocker on the Firebox, which prevents employees browsing certain web sites. It uses SurfControl technology and allows the selection of certain site content, such as ‘porn’ and ‘drugs’, which can be ruled out of limits.

The LiveSecurity support feature gives him immediate updates for all the latest security threats. He reckons it saves him a lot of time and provides a certain peace of mind that he’s actually aware of what the latest security problems are.

Support

Whenever you install new computer systems, which are making a big impact on the way your company operates, the knowledge that you have access to good support is essential. Flowmaster bought their WatchGuard systems from Wick Hill reseller Westwood Associates and so was able to get support from Wick Hill, WatchGuard’s largest world wide distributor. Wick Hill are experts in WatchGuard systems and run the largest WatchGuard training centre in the world.

Pembery reckons he phoned the VAD (value added distributor) quite a lot in the first six months and maybe a couple of times a year after that. He found that Wick Hill knew the products inside out and says that if he had a problem, the company was always able to resolve it.

Conclusion

Overall, Pembery is very happy with his choice of WatchGuard’s firewall and VPN systems. He feels Flowmaster has received a good return on its investment and the systems have successfully kept the company secure since they were first installed in October, 2000.

Moreover, they have helped the company improve communications and productivity, as well as being instrumental in relieving the burden of SPAM and improving email administration.

The WatchGuard VPNs played a key role in the decision to establish an Indian software development office, which has allowed Flowmaster to start developing software in India, improve competitiveness and increase the scope and capability of its software. Pembery has always found the capacity of the WatchGuard firewalls up to the job and is sure they will be able to keep pace with any further expansion of the company.

Don't miss