Partially operating around the clock, the stability and availability of the network are of the utmost importance to all Endress+Hauser Flowtec AG production sites in order to ensure quick delivery times and flexible orders.

    Disruptions of any kind or even network failures therefore have a disastrous impact. This is especially true in the very sensitive field of production. Consequently, access to the network must be thoroughly controlled.

    BENEFITS

    • The solution operates in the background and is only activated when the existing security guidelines are violated preventing users from accessing the network.

    • Compliant users and computers are managed entirely transparently via the NAC process without a separate registration procedure.

    • Furthermore, the solution logically separates the production computers from the other networks completely.

    «The high level of reliability and the redundant design ensure outstanding availability.» 

    Felix Payern

    Head IT Infrastructure and Services,

    Endress+Hauser Flowtec AG

    Solution

    At the very heart of the solution was a network access control operating in real time. This was provided by Junos Pulse Gateways from Juniper. Computers administrated by the in-house IT department were given a machine certificate (802.1x) while external or non-compliant computers/devices were initially placed in quarantine. This represented a major buffer between the existing networks.

    The pre-defined zoning was implemented with the assistance of InfoGuard’s partner Fortinet using a FortiGate firewall solution. This prevented uncontrolled data transfer between the unprotected «production» zone and the reliable «office» zone.