EANTC Logo
News|Newsletter|Contact|
English Deutsch
Case Study: HVB IS UniCredit Group

Proof-of-Concept and comparative test of firewall solutions for the new security infrastructure of HVB IS GmbH

Our customer
The HVB Information Services GmbH, abbreviated HVB IS, is a wholly owned subsidiary of the Bayerische Hypo- und Vereinsbank AG (HypoVereinsbank) since 1991 and is one of the biggest IT service providers in Europe.
www.hvbis.com

Project aims
The HVB IS is investing into a new security infrastructure in order to continue meeting the high requirements of Unicredit Group concerning security and scalability. This was their reason to design a new, modern, and complex security infrastructure.

For external quality assurance reasons, HVB IS commissioned EANTC to conduct two test series. In order to emulate very high bandwidth (10 Gbit Ethernet), high quality test devices needed to be deployed.

The aim of our first test series was to prove the concept of the new design of HVB IS' security infrastructure regarding performance, scalability, robustness, and high availability. Furthermore we wanted to test and define the optimal configuration for the future deployment.

The goal of our second test series was the comparison of two firewall solutions from different vendors. The test results and analyses substantially supported the purchase decision of HVB IS.

Vendors typically test their equipment with a highly optimized configuration to prove the limitations of their devices. From our experience this optimized configuration rarely matches the realistic configurations of our customers, resulting in highly differing results concerning the limitations of vendor systems. Therefore we needed to verify the details of the vendors' data sheets in both test series.

The security infrastructure we wanted to test consisted of a redundantly configured Intrusion Prevention System (IPS) together with a likewise redundantly configured firewall system.

In detail, we conducted tests with data traffic on the application layer (HTTP, FTP and SMTP) in order to answer the following questions:

  • Will the devices fulfill the requirements concerning throughput?
  • Is the configuration able to quickly establish new connections and to hold a sufficiently large number of connections in parallel?
  • How stable and fast are the switchover processes between the redundantly configured devices?
  • Is it possible to sustain the active and existing connections during the switchover processes?

Benefits for the customer

  • Test Procedure:
    We conducted a proof-of-concept test followed by a comparative test. EANTC verified the design of HVB IS' new security infrastructure, its feasibility, and the reachability of the planned bandwidth. Furthermore we did a performance comparison of two firewall solutions to be deployed in the new system. We tested the throughput, speed, and the number of simultaneously active connections.
  • First Test Series - Verification and Optimization:
    EANTC emulated a large amount of data (10 Gbit/s) with some extra scaling for possible future requirements in order to exactly simulate the current traffic of HVB IS and to verify the stability of the system at peak load. Thus our conclusion was very precise in predicting how the systems will work in real operation. We also verified the concept in order to facilitate  a possible optimization. We determined the specific configuration of the systems and the exact guidelines for their operation by testing and optimizing the concept.
  • Second Test Series - Comparative Test:
    Our tests supported the selection of the firewall system definitely meeting HBV IS' requirements. The explicit differences of the two systems emerged from our test results.
  • Real Performance Limitations:
    EANTC also verified the results from vendors' laboratory tests shown on their data sheets. Our concrete installation with today's data traffic accurately emulated, showed that the performance parameters on the data sheets cannot be reached. Thus, our tests were absolutely necessary to identify the real performance limitations of the devices. This helps HVB IS to be thoroughly aware of the performance limitations in their configuration and to take appropriate measures for avoiding any performance bottlenecks during operation.
  • Time Benefit:
    EANTC was substantially valuable to HVB IS' project through our specialized know-how and expert resources conducting the tests and verifying all scenarios much faster.
  • Technical Benefit:
    We enabled a solid optimization of the concept because our tests revealed the limitations of the design. HVB IS was also in a position to claim immediate troubleshooting and the removal of the limitations from the manufacturer before the initial operation. The ideal configuration now allows trouble free operation.
  • Financial Benefit:
    The current and optimized design meets HVB IS' capacity requirements in the long term,  thus saving many expensive hours of capacity planning during the operation. Our proof of the real performance limitations immediately effected appropriate revision of the devices by the vendor. Our comparative test did not only support the purchase decision but also prevented a potential misinvestment.
 
Imprint | Legal Disclaimer
Go Up