The Baloise Group is a European provider of insurance and pension solutions. In the Belgian market, the Baloise Group has been operating under the “Baloise Insurance” brand name since January 2013. The company acts as partner for professional brokers and provides a broad range of life and nonlife insurance products for individuals as well as companies.
Due to mergers and acquisitions, Baloise has gone through a turbulent time with many organizational changes. The move to a new building in Antwerp, Belgium, was the start of a new way of working, one where open plan workspaces are used instead of fixed cubicles and a flexible project-based approach is favored. Because Baloise wants to collaborate fully with its partner community of independent insurance brokers, it is offering them a workspace in the new building as well.
Baloise had previously outsourced its entire IT operations, but the new building provided an opportunity to tailor IT specifically to its needs by selecting best-in class partners in the areas of networking, telephony, and IT infrastructure. Working closely with implementation partner SecureLink, the challenge was on to create the most secure business environment for staff, partners, and clients.
Why we chose Pulse Secure
The new network infrastructure had to be secure, especially as it would be used by both Baloise staff and partners. Scalability was also important. Baloise had already undergone rapid growth, and it wanted a network which could support its future expansion plans. The company was looking for a simple but effective and scalable network design.
While flexibility was important, Baloise’s IT solution needed to be absolutely secure. “We sought the right balance between easy working conditions and attractive tools on the one hand, and total IT security on the other, including tight control of physical and user access to our exclusive applications,” says CIO, Günther Ghijsels.
SecureLink proposed Juniper Networks and Pulse Secure as its networking partner. As Serge Bontemps, service manager for Baloise, explains: “Following a successful proof-of-concept, we were convinced that Pulse Secure could deliver the network security, simplicity, and scalability we were looking for, so implementation of the network infrastructure began.
The Juniper Networks EX4200 Ethernet Switch was installed in each of the Baloise Belgium offices, which are located in Antwerp, Brussels, and Ghent, as well as in small-scale data center locations as part of the server stack. In the offices, the switches are used as edge switches to connect all buildings and LAN connections. “The EX Series switches also support our VoIP network, as well as all of our laptops and desktops,” Bontemps says. “We have implemented 100 switch devices and like the fact that they can be interconnected and operated as a single device, using Juniper Networks Virtual Chassis technology. This offers us simplified management as standard.”
Juniper Networks SRX 650 and SRX 240 Services Gateways act as a firewall to protect the network in both of the Baloise buildings and the data center locations. These provide local security and are integrated with Pulse Secure Appliance to gather user authentication, endpoint security state, and network device location to implement dynamic access and network security policies. Perfectly suited to an environment with a mix of users, dynamic user requirements, and authorization levels, this solution ensures that only authenticated devices are allowed on the network.
Juniper Networks MX80 3D Universal Edge Router is deployed to support Baloise in building its own MPLS cloud. The MX Series routers also help to simplify the network by providing centralized management for the various locations.
The Pulse Secure solution also provides 1,400 employees with seamless wireless access and a consistent user experience, regardless of location. This is delivered through Juniper Networks
WLA522 Wireless LAN Access Point, supported by WLC 880 Wireless LAN Controller and Pulse Connect Secure and Pulse Secure Appliance, to ensure secure access. Baloise has a large mobile workforce with hundreds of devices, all of which are supported and authenticated on the wireless network, ensuring productivity for employees on the move without compromising network security.
The resulting network, housing the bank’s Spanning Tree Protocol (STP) engine, Customer Relationship Management (CRM) and credit checking applications, and Internet banking, was built to support virtualization and enable the flexibility to separate service from physical hardware, allowing the bank to move resources where they fit best. The central data center, managing 140 virtual machines and 10 physical Dell Blade servers, is built on the Juniper Networks QFX3500 Switch. This deployment is being phased into a full Juniper Networks QFabric System implementation, where the QFX3500 switches will assume the role of QFabric Node edge devices.
The network is managed through Juniper Networks Junos® Space. This comprehensive solution, especially suited to BancABC’s virtualized infrastructure, enables simple and automated management of all Juniper Networks switching and routing devices. Commenting on the benefits of this approach, Zak Anderson, senior security specialist at BancABC, says: “We use Junos Space to manage the network devices within our VMware infrastructure, to back up all configuration changes and keep a record of logs coming through from the branches. Prior to the introduction of Junos Space, we would have 15-20 unauthorized network and infrastructure changes every day. Today, with the use of Junos Space scripts, all configuration change requests are checked and verified before implementation.”
“We are creating specific application portfolios to help our engineers They won’t need to produce their own rule bases anymore, but can simply apply rules from an existing script,” says Perry. “Junos Space has given us a great deal of central control and management and has helped us mitigate risk. In addition it’s an extremely user-friendly tool which has been well received by our engineers.”