In order to provide digital applications reliably for its global business, the high-tech company Rohde & Schwarz relies on Citrix technology. With the support of IF-Tech AG, the Munich-based group has built up an application delivery infrastructure that is used by employees, customers and partners around the world.
The technology group Rohde & Schwarz develops, produces and markets innovative products for communication, information and security technology for professional users. Today, the company a technology and market leader in all its fields of activity - in mobile radio and high-frequency measurement technology, broadcast and media technology, air traffic control and military radio communications as well as in the field of cybersecurity and network technology.
Rohde & Schwarz employs around 12,000 people worldwide and has a close-knit sales and service network in around 70 countries, predominantly with its own companies. The export share is currently around 85 percent. The company has been headquartered in Munich since its founding in 1933, with strong regional hubs operating in Asia and America today.
As a high-tech company, Rohde & Schwarz thrives on its innovations. In order to ensure high-quality standards, the Group keeps almost the entire added value in-house. Almost all products are developed in Germany, but the Asian hub in Singapore also uses its extensive resources to develop, manufacture and market world-marketable products. In addition, there are smaller development sites in the US, Asia and some European countries.
Solutions from Rohde & Schwarz are used in a wide variety of applications. Global mobile communications rely on the technology vendors as well as consumer electronics or the automotive industry. Developments such as the Connected Car or the Smart City of the future are unimaginable without the innovations from Munich. Hardware from Rohde & Schwarz ensures reliable operation in hundreds of TV transmitters and flight control centers around the world. And even Netflix is one of the company’s customers today: The streaming service uses the mastering system R&S® CLIPSTER for its productions.
The challenge: Secure and highly available access to digital services
Rohde & Schwarz provides key technologies for an increasingly digitized and networked world. At the same time, digitization is also changing its own business model, internal processes and cooperation with customers. “We are constantly expanding our product portfolio with new digital services,” says Stephan Zimmermann, Security Architect at Rohde & Schwarz. “That's why today we need to deliver a growing variety of business applications to internal and external users - as secure, reliable and high performing as possible.”
The GLORIS global self-service portal is a central platform for online communication with Rohde & Schwarz global customers and partners. This bundles a variety of information and services. Customers can, among other things, open support tickets, download software updates, and get product instructions. The platform has grown enormously in recent years: 4,500 companies are registered for GLORIS and have access to more than 20 different services and more than 150,000 documents.
“From a technical point of view, one challenge is that there are a great many heterogeneous systems behind GLORIS,” says Zimmermann. “Not only do these have to be reliably accessible, but also shielded from the outside as much as possible.” Rohde & Schwarz therefore sought a solution to centrally manage and secure access to internal resources.
Citrix technologies protect Rohde & Schwarz’s customer portal.
Network and security specialists from IT service provider IF-Tech AG recommended that Rohde & Schwarz implement a Citrix solution as a central checkpoint for its worldwide customer portal: “To date, a large number of different networking components have been used to provide the individual services,” says Marco Klose, Team Leader Consulting at IF-Tech AG. “Citrix ADC provided the ability to consolidate all the features you need on one platform and centralize service management.”
The Citrix solution serves as a reverse proxy for the customer portal and forwards all client requests to the responsible web server and back-end systems. The IP addresses of the internal resources are hidden to the outside and are, therefore, not visible to potential attackers. At the same time, Citrix ADC minimizes the number of server connections and, thus, relieves the back-end systems. Intelligent load balancing ensures that users are always routed to the least busy server.
“Another central component for us is the integrated web app firewall from Citrix,” says Stephan Zimmermann. “This protects our customer portal’s web applications from application-level attacks such as DDoS attacks, cross-site scripting, and SQL injection.” A combination of whitelisting and blacklisting techniques helps defend against both known attack patterns and zero-day exploits, “The learning mode allows the Web App Firewall to quickly differentiate between allowed and improper application behavior,” explains Marco Klose. The solution analyzes all bidirectional data traffic and indicates potentially suspicious activity. The security settings of the Web App Firewall can then be adjusted accordingly. Attacks are reliably blocked - and users are not disturbed by “false positive” messages during their work.
Global Server Load Balancing improves availability and performance
Rohde & Schwarz was able to simplify the operation of the customer portal significantly with Citrix ADC and replace a whole range of existing networking products. The company’s IT specialists also appreciated the ease of use of the platform right from the start. The decision to provide additional internal and external services via the Citrix solution was relatively quick. The global rollout of the application delivery infrastructure was also accompanied by the specialists of IF-Tech AG.
In the data center in Munich and in the regional hubs in Asia and the USA, twelve Citrix ADC appliances of the model series SDX 11000 and SDX 8000 are in use today. On the one hand, these provide load balancing for critical business applications and ensure that Rohde & Schwarz's 12,000 employees have access to communication services such as Exchange and Skype for Business at all times. On the other hand, the Application Delivery Controllers ensure the highly available operation of all customer applications and websites of the Group.
“To achieve maximum availability and performance, we use Citrix Global Server Load Balancing,” says Zimmermann. “Users are always connected to the closest resources geographically. Only in the event of a failure, does one data center in another region take over.”
The Citrix solution constantly monitors the availability and performance of each resource and automatically redirects user requests when needed. For example, Rohde & Schwarz ensures that visitors to the website in Asia receive all content from the regional hub. The result is significantly improved response times. “In all core markets, our websites are loaded uncached unconditionally in a maximum of three seconds. In addition to Global Server Load Balancing, Citrix ADC’s web optimization features such as compression and SSL offload contribute to this,” says Zimmermann.
Single sign-on for all digital sites of the group
Rohde & Schwarz have been using the Citrix ADC infrastructure for yet another task. Today, the solution also acts as a central identity provider for logging on to different web services, enabling consistent single sign-on access. Employees and customers only have to register once with their user data and can then use all the services connected with Rohde & Schwarz.
“One face to the customer - that is the principle of our digitization initiatives,” emphasizes Stephan Zimmermann. “With the central authentication service, we have created an important prerequisite for this. Nearly all cloud services - from Microsoft Azure to the SAP cloud - are now connected to the Citrix solution.”
When one of these services prompts the user for authentication, they are automatically forwarded to the login page of Citrix Gateway. There, they enter their login data. Depending on the context, multi-factor authentication may also be required. The Citrix solution validates the information and then logs the user on in the background to the connected service via SAML.
“Citrix ADC has become a central identity provider for us,” says Security Architect. “New digital services and cloud services will only be integrated if they also support SAML authentication.”
Automation and analysis with Citrix ADM
With the growing number of use cases, the Citrix networking infrastructure has continued to grow in recent years. Almost 50 virtual instances for the different areas of application are now running on the ADC appliances in the global data centers. Rohde & Schwarz and IF-Tech have, therefore, recently introduced the automation and analysis platform Citrix Application Delivery Management (ADM) across the board. “This puts us in a position to significantly reduce the manual effort required to manage the infrastructure,” reports Zimmermann. “Thanks to the automated management of the approximately 700 certificates we use, we will save a lot of time in the future.”
Citrix ADM is also used to speed up patching and to give application owners role-based access to their applications. They can carry out maintenance work independently and retrieve data on the use and availability of the applications. ADM’s Security Insight feature also provides information about the security of deployed applications and automatically forwards suspicious operations to the Rohde & Schwarz Security Operation Center.
“For the future expansion of our digital services, it is important to increase the degree of automation further,” as Zimmermann sums it up. “We're thinking about using the Web App Firewall as a cloud service to secure customer applications. This requires that we provide the solution dynamically and fully automated.”