Speed limiter

Faced with users who wasted expensive bandwidth, Saudi Arabia’s Al Mabani General Contractors decided to install UTMs to control usage.

Tags: Al Mabani General ContractorsCyberoamSaudi ArabiaUTMUnified Threat Management
  • E-Mail
Speed limiter LINCOLN: As of now, we are going to use Cyberoam everywhere we need to have the control over our bandwidth.
By  Imthishan Giado Published  October 25, 2009 Arabian Computer News Logo

Ask a CIO what the hardest asset is to administer in an IT organisation and one might expect an answer that’s rooted in infrastructure – servers, telephony systems, datacentres and so on.

It’s a good answer, but it also ignores the fact that arguably, the hardest element to administer in IT is the actual users of said systems.

That’s certainly the case with Saudi Arabia’s Al Mabani General Contractors. One of the largest construction companies in the Kingdom, the firm found itself in the uncomfortable position of having to look for a means of limiting bandwidth for internet access, after several employees were found to spend more time browsing the internet than working.

The issue was exacerbated by the fact that most of the company’s users were not in one geographic location – making the wasting of bandwidth even more expensive. John Lincoln, IT manager for Al Mabani says that a number of projects were out in the desert where infrastructure is difficult to come by and as a result need to be connected by satellite to the main Jeddah office – which meant wasting bandwidth on browsing would be even more expensive.

“All projects and all offices are linked to the Jeddah office. Access to the Internet can only be done through the Jeddah link. It’s because of security reasons – when it goes to the outside world, we only have one point that we have to worry about. We can control the bandwidth and costs on it – instead of having two megabits of bandwidth which we have to pay everywhere, we just have five or ten megabits in Jeddah and we distribute it according to the needs [of the site],” he explains.

One might assume that allocating bandwidth through Jeddah would adversely affect performance, but Lincoln begs to differ. In actual fact, most remote sites do not need high-speed access, as their computing needs are generally quite basic and revolve chiefly around e-mail and basic web services – which of course make it more crucial to ensure that this limited (and it needs to be said, very expensive) bandwidth is rationed out properly to the users.

Presently, Lincoln’s IT team consists of 22 individuals, of which four are programmers and the rest perform a number of roles, including network support. They support 600 users – which again, at first glance, seems like a lot for such a small IT team.. The key, he says, lies in remotely administering resources and using the proper tools to do so.

“We do a lot of remote management. We are a Linux/Novell network – we are not a Microsoft network. We have always been a Novell client and NetWare is very secure and stable. It’s very low-cost and easy to manage and maintain remotely, so it saves me tremendously on the number of people I need for support roles ,”
he believes.

When it comes to monitoring bandwidth, Lincoln already had a Novell system in place. But as the company grew in size, the system could not scale equally to meet his requirements. As a result, he chose a unified threat management device (UTM) from Cyberoam which had the requisite features.

“We were using Novell Border Manager for many years. However, we could not control on a user basis the amount of bandwidth and the sites on an individual basis. Say for instance, I wanted to give everyone access to Facebook in the night but not during the day. But in the night, I am not going to give them five megabits of bandwidth, I am only going to give them 256 kilobits. I could not do that with BorderManager – it did not have the flexibility of the Cyberoam where I can control each site separately on a site-to-site basis,” he recalls.

Lincoln installed seven UTMs to handle the business of bandwidth allocation at a complete cost of US$25,000. Integration costs were non-existent, since he and his team did all the work of integration themselves. When it came to the choice of vendor for the UTM, he recalls considering his options carefully, especially considering his long history with Novell.

“I did a costing on the Cyberoam and it definitely comes out 40% cheaper [than Novell]. We have a local supplier here who’s been doing our satellites for years. He came with the suggestion to have a look at this product. I had looked at other products, but they were not what we were looking for. We didn’t buy the [Cyberoam] product, we took it on a 90-day ‘no-cure, no-pay’ basis. Well, they proved their point. As of now, we are going to use Cyberoam everywhere we need to have the control over our bandwidth on a network level,” he confirms.

Al Mabani placed the order for the Cyberoam UTMs in December, integration began shortly afterwards and the system went live in the first week of January. The most anticipated improvments of the new systems would be in bandwidth and site control. Security was not a major focus at the time, as Lincoln claims that Al Mabani have never been hacked even with the previous Novell and McAfee systems.

Lincoln admits that he never expected to get the new systems working so quickly: “We were very surprised to get anything going this quickly. We did the implementation ourselves – my manager of networks did the main work on it together with the main Cyberoam support in India.”

He goes on to list the ways in which the new system gives him added flexibility: “For example, some users can only access the internet between certain times – say between seven and 11 in the morning. We restrict the usage to time. On the other sites, we need to access the bank, but we don’t want them to access Facebook or anything else.

“In order to be able to control that, we needed something that could create groups which only had access to certain areas, such as government or bank sites, but nothing else. We found out that most of our users were browsing most of the time instead of working. This is where the product really pays for itself. It’s not just the money that you save on your bandwidth but also the money that you save on productivity from your staff,” he adds.

Major integration challenges were far and far between and largely limited to integrating the device to work on Al Mabani’s network.

“That had to do with the user identification and the e-directory integration with the Cyberoam. We had to use the LDAP facility from Novell. The support in India made the necessary additions to the Cyberoam software so that they could read it,” he recalls.

Post-implementation, he claims the best thing about the new Cyberoam system is its transparency.

“It was really very straightforward. The users don’t even know that they have it. It’s almost invisible, we just have to put the client in at the workstation and that starts up automatically. The rest, the user doesn’t know. We control everything from our IT command centre. That’s the nice thing about this system – we can control every device we have in every office at every location. We have much better performance from our network than we ever had before,” he states.

“The product is very cost-effective, let’s put it that way. If I did not have Cyberoam and would have to give out bandwidth like I am giving today, I would need at least another five megabits of bandwidth. If you’re talking money-wise five megabits of bandwidth, you’re talking about US$80,000 a year. That’s a considerable amount,” concludes Al Mabani’s Lincoln.

2770 days ago
Ramanujam Loganathan


Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code