Contact: Brian West, 310.348.8855

Business: International and Domestic Freight Forwarders

Locations: Los Angeles, San Francisco, Honolulu, Maui, Kauai, Anchorage, Miami, Seattle

Issues: When we first arrived at CFI, they had absolutely no network security. Every desktop had a public IP address, they had no firewall, the network itself was out-of-date, they were having major disruptions with their T1 service and viruses were rampant. They were rolling out a new custom CRM system and needed secure communications and servers at all locations.

System: They were running Windows NT Servers and Windows 2000 Servers for file/print/fax services and a Linux Server for email and DNS services. Most desktops were a mix of Winodows 98 and Windows 2000.

Solution: The first priority with CFI was to secure their infrastructure. Having a public IP address on every desktop was problem #1 and the beginning of their disaster. To solve this, we brought in a Cisco PIX 515 firewall along with a Cisco 2600 Series router and secured the perimeter. We used the PIX for DHCP services and assigned all the internal desktops non-routable IP addresses.

Once the perimeter was secure, we rolled out Symantec's AntiVirus Corporate Edition on all the desktops and servers in Los Angeles. After cleaning out all of the viruses and spyware, we had a relatively clean, secure environment.

From here, we rolled out the VPN in all of the offices. We used a combination of Cisco PIX 506 and 501 firewalls and preconfigured them at our offices and shipped them out to all the outside offices. One-by-one we worked with an employee at each office on getting each firewall connected and running. This was a challenge due to the different schemes each ISP used at each outside office. Some were simple and just had a modem that we put the firewall behind. Others had a router/modem which we had to first convert into a bridge and one office had two layers of NAT to work through.

Once the firewalls were up and running at each office, we connected them all to the central office via an IPSEC VPN tunnel in a spoke-and-hub configuration. This allowed Los Angeles to communicate directly and securely with all of their outside offices. We also gave them the ability to use the Cisco Secure VPN Client into Los Angeles when outside of the office.

When this was done, we used Symantec Antivirus Corporate Edition to push antivirus installs to every desktop in the organization. This made management of their enterprise antivirus much easier due to the centralized management interface they now had in Los Angeles.

From here, we needed to deploy Windows 2000 Servers at every office, so we started with a Windows 2000 Server in Los Angeles and created the AD domain along with a backup DC. After pre-configuring the servers, we shipped them out to each outside office and joined them to the central domain in Los Angeles. We created custom Group Policies for each office that allowed them to map appropriate drives and printers locally and back to Los Angeles.

Once these servers stabilized, we assisted with the migration from Sendmail to MS Exchange Server in the Los Angeles office. We migrated all mail from the old server to the new and reconfigured each users Outlook to point to the new Exchange Server.