In order to reliably provide digital applications for its global business, the high-tech company Rohde & Schwarz relies on Citrix technology. The Munich-based group has built up an application delivery infrastructure used by employees, customers and partners around the world.
Rohde & Schwarz develops, produces and markets innovative products for communication, information and security technology for professional users. Today, the company is a technology and market leader in a variety of fields, from mobile radio and high-frequency measurement technology, broadcast and media technology, air traffic control and military radio communications, to even cybersecurity and network technology.
Rohde & Schwarz employs 12,000 people worldwide and has a close-knit sales and service network in 70 countries. The export share is currently around 85 percent. The company has been headquartered in Munich since its founding in 1933, with strong regional hubs operating in Asia and America today.
The challenge: Secure and highly available access to digital services
Rohde & Schwarz provides key technologies for an increasingly digitized and networked world. At the same time, digitization is also changing its own business model, internal processes and cooperation with customers. “We are constantly expanding our product portfolio with new digital services,” says Stephan Zimmermann, Security Architect. “That's why today we need to deliver a growing variety of business applications to internal and external users - as secure, reliable and high performing as possible.”
The GLORIS global self-service portal is a central platform for online communication with Rohde & Schwarz global customers and partners. This bundles a variety of information and services. Customers can, among other things, open support tickets, download software updates, and get product instructions. The platform has grown enormously in recent years: 4,500 companies are registered for GLORIS and have access to more than 20 different services and more than 150,000 documents.
“From a technical point of view, one challenge is that there are a great many heterogeneous systems behind GLORIS,” says Zimmermann. “Not only do these have to be reliably accessible, but also shielded from the outside as much as possible.” Rohde & Schwarz therefore sought a solution to centrally manage and secure access to internal resources.
Citrix technologies protect Rohde & Schwarz’s customer portal.
Network and security specialists from IT service provider IF-Tech AG recommended that Rohde & Schwarz implement a Citrix solution as a central checkpoint for its worldwide customer portal. “To date, a large number of different networking components have been used to provide the individual services,” says Marco Klose, Team Leader Consulting at IF-Tech AG. “Citrix ADC provided the ability to consolidate all the features you need on one platform and centralize service management.”
The Citrix solution serves as a reverse proxy for the customer portal and forwards all client requests to the responsible web server and back-end systems. The IP addresses of the internal resources are hidden to the outside and are, therefore, not visible to potential attackers. At the same time, Citrix ADC minimizes the number of server connections and, thus, relieves the back-end systems. Intelligent load balancing ensures that users are always routed to the least busy server.
“Another central component for us is the integrated web app firewall from Citrix,” says Zimmermann. “This protects our customer portal’s web applications from application-level attacks such as DDoS attacks, cross-site scripting, and SQL injection.” A combination of whitelisting and blacklisting techniques helps defend against both known attack patterns and zero-day exploits.
“The learning mode allows Citrix Web App Firewall to quickly differentiate between allowed and improper application behavior,” explains Marco Klose. The solution analyzes all bidirectional data traffic and indicates potentially suspicious activity. The security settings of Citrix Web App Firewall can then be adjusted accordingly. Attacks are reliably blocked - and users are not disturbed by “false positive” messages during their work.
Global server load balancing (GSLB) improves availability and performance
Rohde & Schwarz was able to simplify the operation of the customer portal significantly with Citrix ADC and replace a whole range of existing networking products. The company’s IT specialists also appreciated the ease of use of the platform right from the start. The decision to provide additional internal and external services via the Citrix solution was relatively quick.
In the data center in Munich and in the regional hubs in Asia and the USA, twelve Citrix ADC appliances of the model series SDX 11000 and SDX 8000 are in use today. On the one hand, these provide load balancing for critical business applications and ensure that Rohde & Schwarz's 12,000 employees have access to communication services such as Microsoft Exchange and Skype for Business at all times. On the other hand, the application delivery controllers ensure the highly available operation of all customer applications and websites of the Group.
“To achieve maximum availability and performance, we use Citrix global server load balancing,” says Zimmermann. “Users are always connected to the closest resources geographically. Only in the event of a failure, does one data center in another region take over.”
Citrix networking constantly monitors the availability and performance of each resource and automatically redirects user requests when needed. For example, Rohde & Schwarz ensures that visitors to the website in Asia receive all content from the regional hub. The result is significantly improved response times. “In all core markets, our websites are loaded un-cached unconditionally in a maximum of three seconds. In addition to GSLB, the Citrix ADC web optimization features such as compression and SSL offload contribute to this,” says Zimmermann.
Single sign-on for all digital sites of the group
Rohde & Schwarz have been using the Citrix ADC infrastructure for yet another task. Today, the solution also acts as a central identity provider for logging on to different web services, enabling consistent single sign-on access. Employees and customers only have to register once with their user data and can then use all the services connected with Rohde & Schwarz.
“One face to the customer - that is the principle of our digitization initiatives,” emphasizes Zimmermann. “With the central authentication service, we have created an important prerequisite for this. Nearly all cloud services - from Microsoft Azure to the SAP cloud - are now connected to the Citrix solution.”
When one of these services prompts the user for authentication, they are automatically forwarded to the login page of Citrix Gateway. There, they enter their login data. Depending on the context, multi-factor authentication may also be required. The Citrix solution validates the information and then logs the user on in the background to the connected service via SAML.
“Citrix ADC has become a central identity provider for us,” says Zimmerman. “New digital services and cloud services will only be integrated if they also support SAML authentication.”
Automation and analysis with Citrix Application Delivery Management
With the growing number of use cases, the Citrix networking infrastructure has continued to grow in recent years. Almost 50 virtual instances for the different areas of application are now running on the ADC appliances in the global data centers. Rohde & Schwarz and IF-Tech have, therefore, recently introduced the automation and analysis platform Citrix Application Delivery Management across the board. “This puts us in a position to significantly reduce the manual effort required to manage the infrastructure,” reports Zimmermann. “Thanks to the automated management of the approximately 700 certificates we use, we will save a lot of time in the future.”
Citrix Application Delivery Management is also used to speed up patching and to give application owners role-based access to their applications. They can carry out maintenance work independently and retrieve data on the use and availability of the applications. The Citrix Application Delivery Management Security Insight feature also provides information about the security of deployed applications and automatically forwards suspicious operations to the Rohde & Schwarz Security Operation Center.
“For the future expansion of our digital services, it is important to increase the degree of automation further,” as Zimmermann sums it up. “We're thinking about using Citrix Web App Firewall as a cloud service to secure customer applications. This requires that we provide the solution dynamically and fully automated.”