Company: VistormCustomer: travelstore.comSubmitted by: KaizoDate: October 2000E-commerce is not just about building a web site. Core business software must be supported by complex and highly effective Internet infrastructure if companies are to create a suitable purchasing environment for their customers.
travelstore.com has developed unique travel reservation software to provide a sophisticated service for business over the Internet and has brought in Vistorm to manage its Internet links, firewalls and virtual private networks so that it can concentrate on doing what it does best – running a travel business – not managing IT.travelstore.com was founded in August 1998 by Internet entrepreneur Darryl Mattocks as an easy-to-use, ‘one stop’ business travel facility over the Internet for businesses or individual travellers. The service went live in January 1999 with the launch of its web site, initially offering a flight booking service. travelstore.com’s powerful reservation engine has been expanded during its first year of operation to include hotel reservation, car hire, insurance, weather, travel guides and corporate accounts aimed at the travel manager responsible for organising travel arrangements and managing corporate travel budgets. By January 2000, over 1000 bookings were being made every week.
Having a clear vision
Throughout this period travelstore.com was aware that the business would only succeed if its customers could access the web site whenever they wanted to, process an order with ease and were confident that their personal and company details were secure. This meant that travelstore.com had to have a clear vision of how the company wanted to grow and to invest heavily in the appropriate Internet infrastructure.
In the first few months following the launch, its Internet infrastructure comprised of one front end web server holding the core business software and a 64KB Internet link with a Cisco router providing packet filtering. In March 1999, travelstore.com sought to enhance security with the expertise of Vistorm, one of only two integrators in the UK at that time of the market leading FireWall-1TM from Check Point Software Technologies. Vistorm’s proven knowledge of FireWall-1 and its implementation in complex environments was well known to travelstore.com’s in-house team and their decision to partner with Vistorm was a logical step.
Jon Price, Director – IT Operations at travelstore.com explains: “More and more people are learning to use the Internet and more companies are adopting e-commerce as their primary delivery mechanism but there is still a degree of nervousness about providing credit card information over the web. However it is highly unlikely for credit card fraud to occur as data passes from the user’s PC en route to its destination.”
Protecting core customer databases
“The real issue is the level of security surrounding core customer databases within e-commerce businesses. The internal network must be protected from external attack if credit card details, etc.
on core databases are to be safeguarded,” says Price.An Vistorm consultant examined the business processes in order to build a firewall rule base and an engineer joined the team for 2-3 days to physically install Check Point FireWall-1 in the company’s original offices in Milton Park, Abingdon.Internet traffic subsequently had to pass through the Cisco router and be cleared for entry by FireWall-1 before access was provided to the web site. Access to the internal network would only be provided by FireWall-1 if the sender was confirmed as a travelstore.com employee and if other firewall rules were met.
In June 1999, rapid growth resulted in the relocation of the business to new offices in Oxford; to upgrade the Internet link to a 2MB line provided by UUNET and the addition of two more web servers.
Identifying outsourcing as the way forward
By October 1999, traffic to the web site was doubling every month, revenue was increasing by 39 per cent every month, a new marketing team had been invested in to take travelstore.com to the next level and three issues had become very clear. The web site would need to be redesigned to further encourage traffic and sales conversions. More resilient, secure yet cost effective Internet infrastructure would need to be designed and built to cope with projected business growth and the addition of new offices.
And this new network would need to be managed by outside agencies so that travelstore.com could focus on its core business, not IT.Price explains: “We don’t want to be an ISP or find ourselves employing more Internet maintenance staff than travel operators. But we would be in danger of doing so if we had not turned to Facilities Management as a solution.”In November 1999, Price briefed NetArchitects in Sweden to redesign the web site with a target of going live two months later in January 2000. At the same time, the first step towards outsourcing was taken with the identification of Safetynet, disaster recovery and e-continuity specialists, as the best company to execute its Business Continuity Plan and to ‘host’ its mission critical web servers and Internet link.
Designing fault tolerant Internet infrastructure
Responsibility for designing the ‘new look’ Internet infrastructure was held jointly by Price and Vistorm, who provide Managed Internet Security services to organisations all over the world. The primary objective was to guarantee resiliency by incorporating fault tolerance wherever possible. Cost effective file sharing between remote sites would streamline internal business communication. The ability to manage mission critical software over the Internet would increase the focus and efficiency of the small in-house software development team.”Having a vision of what we wanted to achieve proved to be much easier than identifying a technological solution. Vistorm proved to be a true partner throughout the process however.
Consultants were always available over the phone to discuss any issue and brainstorms were regularly facilitated at its offices to solve particularly difficult design problems. Given that the entire project demanded that all parties had to work ‘outside the comfort zone’, this level of co-operation was invaluable,” said Price.”Having agreed on the design of the new infrastructure, the biggest challenge was how to put it in place without risking any downtime. We spent a lot of time with Safetynet, who were charged with managing the move and executing our business continuity plan if need be, and Vistorm to work out exactly how we were going to achieve this,” adds Price.The solution was to build a replica of the Oxford web site in Safetynet’s London facility, and to install the new infrastructure, before cutting over to provide the necessary backup if needed.
Firewalls and Virtual Private Networks turn vision into reality
The successful cut over was achieved at the end of February 2000, when travelstore.com’s much larger web farm consisting of 15 servers (7 front end web servers, a database server cluster and other back end servers providing connectivity to the airlines) and two Nokia IP440 routers went live.The previous 2MB Internet link which already enabled 10,000 user sessions a day and 7 million hits to the web site a month was added to with a 34MB Internet link. This provides 68 times the amount of bandwidth used before the cut over and will virtually future-proof throughput capacity.
Each Internet link is protected by its own FireWall-1 before connecting to the web farm. RealSecure software also scans each packet before it passes to the firewalls to see if it recognises any attack patterns targeted at the web farm. It advises Vistorm if there are any concerns and Vistorm consultants subsequently decide if any counter attack or investigation is required.”The new design provides fault tolerance at every level of the network by providing two of practically every component. This means that even if one component has a problem, its mirror image will continue to operate and the business will not be disrupted,” explains Price.The internal network and Intranet continues to be protected by its own firewall, after initial filtering of packets from the Internet by the Cisco router.
However a virtual private network (VPN) has also been provided by Vistorm, using Check Point VPN-1, between the company’s internal network and Intranet and the web farm. It enables authorised users to view or alter core information actually held in the web servers or to provide software upgrades, via the Internet.The firewalls communicate with each other to identify who is making a request to access which server over the VPN. However it only provides access after a two-stage authentication process is completed. Internal users that are permitted to view or change data or software in the web farm must use SecureRemote software on their PCs or notebook PCs to communicate with an ACEServer which prompts them for their name and PIN number before gaining access to the VPN.
They must then key in a security number held on an electronic key fob at every stage of their journey into the system and before each ‘job’ is initiated.”What this means is that we are now able to upgrade mission critical software whenever we want, from wherever we are, without having to travel to Safetynet’s offices with the necessary discs. And this facility is only available to employees, thanks to FireWall-1and the simplicity of its proven rule base,” explains Price.”An added safeguard for packets travelling over the VPN is that they are encrypted by VPN-1 whilst they are in transit. The combination of FireWall-1 and VPN-1 provides the highest level of security so that customers should feel 100% confident when doing business with travelstore.com,” he adds.
Building a cost effective corporate WAN
Additional communication and file sharing required between travelstore.com’s head office and satellite offices in London, Manchester and Dorking in the UK and Frankfurt, Paris and Stockholm in Europe will be made possible by a series of VPNs from Check Point. A firewall will protect each satellite and a VPN from each satellite connected to the Internet will enable a giant corporate wide area network (WAN) to be created using the Internet.”From a cost point of view, if you had to set up separate links between all the offices, it would require approximately 56 leased lines which would be very expensive. With firewalls and VPNs, we will use only 8 Internet connections, which will be much more cost effective.
In other words, through one inexpensive Internet connection we can have multiple virtual connections instead of having multiple expensive real connections.”It will enable employees in Frankfurt, for example, to access the Oxford internal network securely, for the cost of a local call,” he says.
The European satellite offices and two new managed offices in London and Oxford will also benefit from a Thin-Client/Server approach to computing designed by Vistorm. Sales staff will be able to ‘hot desk’ from the temporary UK offices by plugging into docking stations and dialling into the Oxford internal network via ISDN routers. European staff in more permanent offices will be able to access the internal network virtually via a VPN link and the Internet.
Each office will be protected by Checkpoint FireWall-1.”By adopting a Thin-Client/Server approach to computing we will largely avoid the headaches associated with managing multiple ‘fat’ PCs spread over multiple locations. We will be able to provide support from the UK using the VPNs where necessary and if a new European office is set up, we will simply rent offices and plug in Windows Based Terminals (WBT). In short, the Thin-Client/Server approach will allow us to build simple, cheap ‘offices in a box’,” says Price.Vistorm have played a crucial role in enabling Price and his team to realise their vision of highly available, secure, cost effective Internet infrastructure. The company worked hand in hand with travelstore.com to deliver the firewall technology, to configure the systems, set up the rule base and arrange the connections with UUNET. Vistorm is responsible for all Internet links and monitors and maintains all firewalls and VPNs in the UK and in Europe as they come online.”This will be a major task but one that we are completely confident that Vistorm can deliver,” he explains. Vistorm will use Check Point Provider-1 software running at their secure Managed Internet Security facility in Oxford to manage the firewalls and VPNs.
Partnering with Internet experts in order to focus on the travel business
“Our decision to outsource our web farm, firewalls and VPNs is an extremely logical one.
The information contained in the web servers is our ‘crown jewels’. We have to be 100 per cent confident of our systems so that we can focus on our core business, not how the service is technically delivered. The skills that Vistorm and Safetynet offer are expensive but it would be more costly and time-consuming to hire and train the specialist staff required to do the same job in house.””What this means is that we can retain a relatively small team of 20 software developers to concentrate on the development and refinement of the software that supports our business,” says Price.”What is remarkable is that with Vistorm’s help, we have created an Internet travel company in only one year – a feat that the travel industry said either could not be done or would take 15 years to deliver. We are now in the best possible position to market our services,” he says.