A car retailer that prides itself on offering the best deals on used cars both online, and in-store, and provides its customers with a wide range of services such as MOTs, selling services, and car hire. During their cyber security journey, they approached FullProxy wanting to maximise ROI for their existing F5 hardware infrastructure, improve application availability and redundancy, whilst protecting critical web services and customer data from increasing levels of cyber-attacks such as, Ransomware and Phishing attempts.
The IT team responsible for delivering new digital services and maintaining a legacy network and infrastructure services for a large branch and back-office network previously, hosted its core network services in data centres that were reaching the end of their life cycle. There are many risks associated with using end of life hardware such as, comprised data security and decreased productivity if failures occur. Not only this, but the IT department hosted its application services on their existing F5 infrastructure which was causing problems, resulting in a lack of availability and redundancy.
With ageing, hardware companies can run the risk of not being able to operate their services in the event of a failure and this can also pose a serious security risk resulting in a significant financial impact to recover from a cyber-attack, security breaches can also damage a company’s reputation. Staying up to date with the latest software updates was vital for this customer to guarantee that its applications were secure against threats such as DNS denial-of-service attacks.
Head of Digital Services, Automotive Retailer
At FullProxy we offer consultancy services for any organisation looking for advice on their current security posture. After, an initial consultation we conducted an F5 health check and service review. Their existing F5 infrastructure consisted of a pair of F5 5250s provisioned as vCMP hosts with external-facing and internal-facing guests hosting Local Traffic Manager (LTM) and Global Traffic Manager (GTM) modules providing load balancing and intelligent DNS functionality for key applications including Exchange, After Sales Care and Customer Contact reporting.
Our health check flagged various issues with their F5 architecture, services, and performance. This included LTM High Availability (HA) pairs that had been deployed on a single vCMP host and inherently introduced a single point of failure. F5 best practise is to deploy HA pairs across dual vCMP hosts.
Working closely with their network team a plan was put in place to firstly re-architect the F5 LTM and GTM modules to address service availability issues, this work delivered a fault tolerant F5 platform provisioned across dual data centres. From an operational perspective this has allowed the IT team to perform scheduled network, infrastructure, or application maintenance tasks with minimal or no service disruption. It also ensured that in the event of unforeseen LAN, WAN, or infrastructure component failures at one data centre that hosted F5 services were still available in their other data centre. Application redundancy was also achieved through proper deployment of F5’s DNS global load balancing services, after addressing the fault tolerance issues, our consultant was then able to review and revise application configuration improving, application performance and security.
Our initial health check also flagged end of life notifications for their F5 5250 hardware platform due to this, a hardware refresh was required to ensure that service availability and vendor life cycle support was maintained. The retailer was also in the process of relocating their on-premises data centres, FullProxy were involved in the hardware refresh process from the outset and provided consultation and design services for their hardware upgrade and data centre relocation. Our consultant advised to upgrade the appliances to the F5 i5800 series platform, with the devices procured through FullProxy.
After procurement was completed and the new hardware was network connected, we performed the initial build. The i5800s were provisioned as vCMP hosts with HA internal and external LTMs deployed across the dual appliances. Standalone GTM modules were also deployed on each of the vCMP hosts to provide DNS global load balance services. After this was complete, current services were migrated over to the new hardware, the migration task was completed within agreed maintenance windows with minimal service disruption.
The client now operates a fault tolerant F5 environment. This environment provides the customer with a much better user experience when accessing digital services. This means that they have been able to operate without experiencing costly periods of downtime due to the fault tolerance of its F5 infrastructure.
FullProxy are now providing proactive maintenance and support for the client’s F5 environment including fault management for current systems and services, consultant, design build and deployment services for new projects. We continue to ensure that the car retailer’s F5 environment is current and fully vendor supported by providing regular system and service health checks, deploying cyclical software releases for feature enhancements, bug fixes and security notifications as required.