COVID-19 aid for pfSense software users LEARN MORE

Cintra Case Study

OVERVIEW

Digital transformation - the use of digital technologies to create new, or modify existing, business processes to improve customer experience, drive out cost, or facilitate scale - is everywhere. Cloud computing and remote access figure prominently - for obvious reasons. But transformation doesn’t happen overnight, and it’s easy to fall prey to expensive hype.

Companies looking for help with digital transformation are likely to come across Cintra. Cintra has been helping big names in financial services, retail, aviation, healthcare, and gaming for over 20 years. Cintra designs, builds and supports business-critical information management solutions.

The cloud engineering team at Cintra, led by Mattia Rossi, is chartered with designing, deploying, and maintaining cloud architectures - including connectivity to customer premises and Cintra-hosted environments.

Mattia’s primary focus is creating best practices for deploying and maintaining these environments, including finding cost-effective solutions that provide users with secure, controlled, and monitored remote access. Cintra needed a cloud-based OpenVPN concentrator. Incumbent solutions from Checkpoint® and Fortinet® were becoming too expensive to maintain - and were really only needed for specialized security integrations. Cintra needed a better approach for high-volume remote access.

Like many of our enterprise users, Mattia had been using pfSense software professionally for business premises deployments (as well as personally in his home) since 2009. It was an easy decision to consider inserting pfSense software for cloud needs. He also figured his team could be onboarded quickly, as pfSense software is not only comprehensive in its feature set, but also straightforward for IT teams to install, configure and manage.

But, he knew his team would view a low-cost alternative as short-sighted if it could not address key operating requirements:

  1. Must be able to stand up and support complex network scenarios involving multiple LAN/WAN interfaces with failover and high availability
  2. Must be able to rapidly deploy IPSec tunnels
  3. Must be able to quickly stand up VPN concentrators integrated with existing Radius/AD environment, including 2FA scenarios

pfSense covers these bases with ease. With core requirements addressed, Mattia selected pfSense software over alternatives due to product ease of use, familiarity, cost, feature add flexibility, and the ability to purchase support from Netgate where needed.

The next question was which AWS and Oracle® cloud compute instance(s) would be the right choice? Three factors would inform that answer:

  • Scale Flexibility: Cintra prefers to deploy cloud solutions with maximum ‘scale out’ (larger number of less powerful VMs). When that isn’t architecturally feasible, they leverage ‘scale up’ (smaller number of more powerful VMs).
  • Number of interfaces required: The typical cloud-hosted networking VM scales interface connectivity and throughput proportionally to the number of allocated vCPUs
  • Level of Encryption (IPSec/OpenVPN): The greater the encrypted processing load, the more important CPU attributes, e.g., clock speed, number of cores become.

For an OpenVPN concentrator, the best instance choice would optimize for encryption performance and bandwidth. With that in mind, Cintra settled on 4-8 vCPU compute instances with a minimum network bandwidth guarantee of 2 Gbps bidirectional. The scale policy would be once a compute instance hit 70% of its bandwidth capability, a second instance would be commissioned.

In the end, it’s about business results. Cintra has reduced both its cloud infrastructure costs and total cost of ownership through simple deployment and management.

CHALLENGE

  • Mattia Rossi and his team were tasked with designing, deploying, and maintaining cloud architectures that connect customer premises to their Cintra-hosted cloud environments
  • Cintra needed to find an affordable VPN concentrator replacement for their increasingly expensive Checkpoint and Fortinet solutions
  • Their new networking solution needed to meet the following key operating requirements:

    • Must be able to stand up and support complex network scenarios involving multiple LAN/WAN interfaces with failover and high availability
    • Must be able to rapidly deploy IPSec tunnels
    • Must be able to quickly stand up VPN concentrators integrated with existing Radius/AD environment, including 2FA scenarios

SOLUTION

  • Mattia elected to use pfSense software knowing onboarding for his team would be quick with pfSense software’s straightforward installation, configuration, and management
  • Cintra utilized AWS and Oracle Clouds to meet three key network requirements:

    • Their cloud-hosted networking VM scales interface connectivity and throughput proportionally to the number of allocated vCPUs
    • Deploying on these clouds allows Cintra complete-scale flexibility. Whether they want to ‘scale-out’ or ‘scale-up’ they can do this with their pfSense instances in the cloud
    • Using IPsec/OpenVPN Cintra can easily control encryption levels as needed

RESULTS

  • Cintra has reduced both its cloud infrastructure costs and total cost of ownership through simple deployment and management of pfSense software in the cloud

Similar Studies

By Product:
By Solution:
By Deployment: