ICBC sought to improve the security and performance of its IT infrastructure. It chose an F5 solution to manage traffic intelligently and to add a key component to the company’s layered security. It also chose the F5 Best pricing model to pave the way for future solutions. Now, application deployment takes less time and ICBC saves on labor resources.
As a Crown corporation established by the provincial government, the Insurance Corporation of British Columbia (ICBC) serves more than three million motorists with automobile insurance and licensing services. Because it supports so many drivers, the company depends on reliable and scalable IT systems with strong security to protect customer information. ICBC deploys, runs, and protects more than 125 applications in two data centers on 1,200 servers.
As part of its continuing mission to provide superior service to its customers, ICBC embarked on what it calls the Network Upgrade and Security Enhancement project. As its name suggests, the project’s purpose is to increase network and application performance, all with strengthened security. “We wanted to enhance security for all applications and add layered security in front of them,” says Stan Hembrough, the Senior Technical Specialist at ICBC responsible for network design and planning, network implementation, and tier-three troubleshooting. “We needed a solution that would be very good at SSL decryption.” And more generally, the company wanted to improve its application delivery and traffic management technology.
Consequently, ICBC sought to adopt and standardize on tools that offer cost-effective high performance and security, and that also minimize IT labor and support costs.
To begin addressing these challenges, ICBC chose to adopt the F5 BIG-IP platform, including BIG-IP Local Traffic Manager (LTM) with its SSL acceleration feature and BIG-IP DNS. These complement the company’s third-party solutions, such as Cisco Sourcefire, and replace Cisco ACE to improve performance and reliability. The company moved to an F5 solution for several reasons, but was particularly interested in SSL acceleration capabilities. Hembrough notes that F5 is able to provide market-leading offloaded cryptographic functionality and cipher support in its hardware. “SSL decryption was taxing Sourcefire, so we’re now using F5, which is perfectly suited to SSL decryption, to take that load off of Sourcefire,” he says.
He adds that the same solutions that manage traffic intelligently also deliver resource and service virtualization and cloaking, secure administrative connections, TCP wrappers, plus SSL termination and protection against distributed denial-of-service (DDoS) attacks—all across multiple architectures. Hembrough says the current F5 deployment is a foundation for further security measures.
By updating its IT infrastructure to include F5 traffic and foundational security technologies, ICBC gains more visibility into its applications, easier deployment, more efficient and cost-effective IT management, and higher productivity.
By using iApps, ICBC gains visibility into application processes. Hembrough says, “Another beauty of iApps is that after deployment, application owners can see status in one view.” This is important because owners are not expected to understand IT concepts such as modes and server pools; they just want to go to one screen. He adds that this visibility also helps with troubleshooting.
Another example: because SSL decryption now occurs earlier in the traffic management stream, ICBC can inspect application activity and data earlier and more thoroughly. Says Hembrough, “We can see what is happening inside an application in areas where we lacked visibility before, and then, if we want, we can re-encrypt data on the back end.” The process is also fast, he says, “even though F5 technology doesn’t have to work as hard as it is capable of.”
ICBC also uses iRules to simplify complex cookie management and to create log entries that verify identities of application clients, among many other tasks. Hembrough says, “iRules is a key flexible, time-saving differentiator of F5.”
F5 is a key part of a solution stack that deploys and protects ICBC applications. It complements some third-party components and replaces others as needed. Consequently, ICBC can preserve existing IT investments, and it doesn’t have to significantly reconfigure its security infrastructure or revise its security strategy. For example, “We didn’t have to change our normal firewall policies when we added F5 to the stack,” Hembrough says. “The ability for new components to slide into our security stack and work seamlessly is critical for simplifying security management. F5 is very good at this.”
For application deployment, ICBC uses everything from Microsoft Exchange to internally developed customer-facing forms—about 125 in all. “To move these applications, we need to do it in a way that’s cookie-cutter predictable—F5 gives us that,” says Hembrough. Specifically, he notes that iApps is an especially useful tool. “With iApps, we just answer a series of questions and then deploy the whole application. It’s that simple—we’re definitely saving time and labor.”
ICBC recognizes the advantages of the F5 modular architecture, which means the insurer can easily extend its deployment to support increased traffic or additional functionality. “There is clear value in being able to add different F5 modules as needed,” says Hembrough. He adds that having the option to expand the F5 presence while consolidating multi-vendor products is also a big plus. This is especially true because after evaluating the F5 Good, Better, Best pricing model, ICBC chose Best pricing, which saves up to 65 percent compared to the cost of purchasing components individually. As another benefit, Hembrough says, “When we add or upgrade modules or move to new hardware, the configuration process is the same, which makes the task easy.”
Hembrough expands on the benefit of consolidation: “Now, we can often use one box to replace three or four. Anytime we introduce an additional, separate box into the environment, expenses rise for support, management, monitoring tools, operating systems, and software upgrades.” Because consolidation is feasible in the ICBC environment, the company saves on purchases and labor.
ICBC also saves time when it replaces old technology with new. Hembrough cites an example: “We configured the BIG-IP LTM traffic management instance within a half an hour, versus days spent trying to figure it out with Cisco ACE.” Hembrough has noted significant changes to the way his team works since adopting the F5 solution. “My team is more productive, which is great because I now have time to work on more strategic projects.”
ICBC is making great strides in its Network Upgrade and Security Enhancement project. Hembrough concludes, “When we adopted F5, everything worked as it should, and our business customers didn’t notice. That’s important because if they don’t notice a difference, that’s a success.”