Stuttgart-based AEB SE develops and distributes software for international trade and logistics to help companies throughout the world optimize their processes, increase their efficiency and effectiveness and open up new potential. Founded 40 years ago in 1979, AEB now has over 500 employees and more than 5,000 customers. With 16 locations in 10 different countries, it supports its customers directly in their own local markets.
Naturally, the challenges faced by an international software manufacturer are strongly reflected in its own infrastructure. IT staff are probably the most demanding users when it comes to availability, flexibility and performance. For network access control, the internal IT team at AEB has been using the German network access control solution macmon NAC since 2015.
The migration to the completely redeveloped fifth version of the tried and trusted system includes various improvements that make daily work at the company much easier.
The new scalability feature was a particularly interesting factor in the discussions between macmon and AEB at the start of 2019 – up to that point, up to six separate servers were administered individually.
Although its software-savvy administrators had already created their own enhancements for synchronizing certain data between the servers, the new central administration console with one master server and five slave servers distributed around the world takes things to a whole new level.
The client: The Wagerenhof Foundation, situated in Switzerland, offers 237 people with cognitive impairment and some with a number of more severe disabilities a loving home for the rest of their lives. The Foundation promises every resident the best possible quality of life — regardless of impairment, age or level of care. Building on decades of experience, the Wagerenhof Foundation has developed into a modern institution. An attractive site and publicly accessible businesses such as a flower shop make it a regional meeting point for service providers, customers, visitors and some several hundred people who work in this facility.
It makes work noticeably easier on the one hand, while opening up new possibilities on the other.
For instance, AEB international relies on the standard 802.1X for certificate-based authentication of end devices.
Working with the macmon NAC scalability concept, all distributed servers now act as standalone RADIUS Servers that have all the data needed to make any decision and take any action required. In turn, the central overview in the master system provides the helpdesk with access from one central location and gives administrators a consolidated overview of all the network access throughout the entire company.
After logging the entire infrastructure and all endpoints using live inventory management, a complete network overview was available to the Wagerenhof Foundation’s IT team within a few hours of implementation in the intuitive web GUI of macmon NAC. The log included 200 IGEL thin clients, 180 MacBooks, 80 iPhones and 120 iPads belonging to the employees, as well as 8 HPE SimpliVity servers hosted by the in-house data center.
Increasing the level of transparency meant that any threats to the endpoints in the network could be identified, for example attacks, ARP spoofing or MAC spoofing. The overview, which included graphical depiction of the network topology with extensive analysis options, also allowed an initial assessment of the network status. At the same time, it was possible to determine the current status of the network in regards to the introduction of NAC and decide what steps were still needed in the course of the project.
macmon offers infrastructure manufacturer agnostic solutions to cover every network, even where there is a combination of components from different generations. The NAC solution also offers a great deal of flexibility when connecting to third-party providers via the open REST API for asset management, CMDB solutions and comprehensive reporting of the monitoring data recorded in the network.
“It makes work noticeably easier on the one hand, while opening up new possibilities on the other.“
(Markus Wurdak, Head of IT)
As one of the first users of this option from macmon NAC (and as a software manufacturer, one of the most demanding), the team at AEB managed to identify a variety of potential improvements during the joint implementation phase. Over the course of a few months, the desired adjustments were implemented and additional optimizations for greater oversight were implemented.
Jens Berensmann, Head of IT, The Wagerenhof Foundation
"I was very surprised by the rapid implementation of the entire project; it only took three months from start to finish. The actual installation, including training in the NAC solution, only took a day. Since then, macmon NAC has been running without any problems."
- Increased network security by monitoring endpoints
- Increased productivity of the existing infrastructure
- Simple, centralized administration of all network switches
- Simple monitoring of network devices
- High level of transparency in the network
- Forensic analysis of security events
- Enforceability of compliance policies
- Automated handling of security incidents
- Effective reporting for audits
- Short installation time
Another significant aspect of the upgrade to version 5 was the comprehensive REST-API provided with it. AEB aims to optimize and automate processes and workflows not only in its customer projects in logistics and foreign trade, but also in its own daily tasks and procedures. For instance, without additional assistance from macmon secure, it has managed to establish a system where new clients with a valid certificate are automatically moved to the client VLAN endpoint group with the least utilized current capacity.
macmon NAC is the central control mechanism in the Wagerenhof Foundation‘s network. The endpoints are also checked for their security settings or their security level. macmon NAC offers various verification options, including the simple integration of third-party solutions. The Wagerenhof Foundation was already using the Tenfold authorization management solution, which offers a plug-in to enable or disable important functions in macmon for certain employees. This includes granting authorization to use the macmon portal and to register your own network devices (BYOD), but can also be used to withdraw authorizations. The devices registered in macmon are regularly synchronized to Tenfold and are then assigned to the relevant person as resources.
In situations such as the departure of an employee, endpoints can be removed in Tenfold, which in turn leads to the automatic removal of the device registration in macmon. Advanced functions, such as the automatic transfer of employee data from HR management, eliminate many manual processes and make the foundation‘s IT infrastructure less susceptible to both internal and external attacks using stolen login data.
Changes to authorizations and registered devices are automatically documented. For auditing purposes, it is possible to access historical data at any time and see who registered which devices.
Jens Berensmann concludes
Thanks to macmon NAC, it is now possible for us to fully regulate network access. The interface to Tenfold makes authorization management for endpoints more efficient, and administrative processes have been significantly reduced.
The Wagerenhof Foundation
in Uster offers 250 people with mental disabilities and some with severe physical disabilities a loving, permanent home. You will find a diverse living and working space on the “Wagi” site. Jobs are available in the studios, plant nursery and flower shop, farm, catering sector, laundry or engineering sector. Through its businesses and public events, the Wagerenhof facilitates contact and builds relationships with the surrounding area.
By implementing this new scalability and successfully migrating to the latest macmon version, AEB has not only positioned itself well for future developments within its own network, but has also established a central administration console that will take its internal network to the next level.