Valtori is the public managed service provider to Finland’s government, providing IT, security, and communication technology services. In addition to all government offices and ministries, Valtori’s customers include government-owned corporations, other public authorities, bodies governed by public law, the Parliament, and organizations with public administration or service responsibilities.
Seeking Nonstop Availability
Reliable networking, security, and communication services are vital to the government of Finland and to the safety and security of Finnish society. Valtori ensures the availability, integrity, and confidentiality of government data and services for more than 100 separate organizations. Some agencies operate with cloud infrastructure, some use on-premises infrastructure, and others have hybrid infrastructure, depending on their specific requirements. The result is a complex—and highly dynamic—networking and security environment serving tens of thousands of employees.
Uniquely, the service delivery platform relies on the Layer 3 routing capabilities of its network firewalls. When high traffic volumes, maintenance, or software upgrades occurred, the resulting outages affected all Valtori customers. Although maintenance was performed after hours in strict windows, users often encountered operational issues the next morning.
“Everything grinds to a halt when systems don’t work or when people can’t use their workstations,” said Marko Mäki, Group and Service Manager for Network Core, Design and Security Services at Valtori. “Employees cannot perform their duties, and citizens lose access to important e-services.”
The Valtori team decided to replace its aging firewalls with a solution that would provide service resiliency and at least 99.9999% network availability. They turned to Check Point.
High Scalability with Simplicity
Check Point Maestro Hyperscale Orchestrator and Check Point Quantum security gateways were an ideal fit for Valtori’s environment. Maestro is a hyperscale security solution that orchestrates Quantum security gateways into a unified system with seamless, almost-unlimited scalability. It provides cloud-level resilience and reliability to all of Valtori’s customers, regardless of their specific environments.
With Maestro, Valtori can seamlessly scale a single Quantum security gateway to the capacity of 52 gateways capable of 1.5 Tera/bps of threat prevention performance with support for millions of concurrent connections. When a new gateway is added, it automatically receives the existing configurations, policy, and software of the existing deployment—within a few minutes. The Maestro Security Orchestrator minimizes management requirements by controlling all gateways as a unified security system.
With separate government entities as customers, Valtori must manage each individually to meet their individual policy requirements. Within Maestro, multiple security groups can be created to achieve this goal. Security groups are logical groups of appliances providing active/active cluster functionality segregated from other security groups. Each group has dedicated internal and external interfaces with its own specific configurations and policy. This flexibility enables Valtori to group services by security feature set, policy, or the assets protected —making it easy to deliver the right services to each customer.
Check Point Quantum security gateways combine the highest-caliber threat prevention with zero-day protection. They deliver 60 security services that prevent cyber attacks, simplify network security, and reduce costs. With support for OSPFv2, BGP, and RIP Layer 3 routing protocols, Quantum security gateways and Maestro provide high-performance routing capabilities to handle all of Valtori’s customers. Full active-active redundancy uses all hardware resources to ensure nonstop availability and resiliency.
Check Point Security Management unifies access control and threat prevention management for all enforcement points into one console, simplifying management. Valtori’s team can manage physical and virtual networks, as well as on-premises and cloud enforcement points to ensure security consistency and full visibility into traffic across the network. Multiple administrators can update policy changes at the same time across different customers, increasing agility and responsiveness.
Up All the Time
Check Point Maestro and Quantum security gateways currently support 92,000 workstations and 17,000 servers. Maintenance tasks, such as firewall updates or capacity increases, can be performed on the fly without impact to Valtori customers.
“Since the implementation, we have not had a single outage due to service delivery platform issues,” said Mäki. “Thanks to Maestro, we’ve saved thousands of working hours every month.”
Defended Against Cybersecurity-Related Outages
Maestro and Quantum security gateways also prevent service interruptions due to security threats. Industry-leading firewall, VPN, application control, content awareness, IPS, URL filtering, anti-bot, anti-virus, and anti-spam capabilities protect all Valtori customers from known and zero-day attacks. Threat management features are fully integrated—providing logging, monitoring, event correlation, and reporting in one place. A visual dashboard provides full visibility into security across the network, enabling the team to monitor enforcement points and remain aware of potential threats.
Flexible Management for a Dynamic Environment
Valtori’s team monitors and manages everything centrally through a web browser connection to the Maestro management interface. Gateway status and security group performance is available at a glance. The team performs advanced configuration tasks in seconds, while new gateways can be turned on in just minutes.
“Check Point makes it easy to manage a complex environment in which each customer has different requirements,” said Mäki.
“Simple management, high scalability, and reliability enable us to guarantee uninterrupted work and ensure business continuity for our customers and the citizens of Finland.”