Agrovista moves from MPLS to co-managed private network with ZTNA

05 November 2024

Agrovista is a leading supplier of agronomy advice, seed, crop protection products and precision farming services to farmers across the UK, working with arable, fruit, vegetable, horticultural and amenity sectors.

Agrovista’s existing MPLS network and existing service provider was struggling to deliver - and a more solid foundation for future network evolution was needed to support the business.

The company’s network of 24 storage and distribution centres, Agrovista head office and data centre needed a private network with reliable and secure connectivity. Of particular importance was the need to better support a largely mobile and remote workforce with a secure VPN and improved endpoint security, as was the need to work with a managed service provider able to respond quickly to changing needs.

A co-managed solution

Blaze Networks took up the challenge to design a co-managed private network. A fully integrated technology stack was provided, covering firewalls, switches, and wireless infrastructure across Agrovista’s office and depot locations.

Professional project management by Blaze ensured a smooth deployment. All Agrovista locations are directly connected back to Blaze Networks’ secure Private Core Network, with limited traffic going over the public internet. In some cases, alternative providers like Starlink were used to deliver better internet access at rural locations. SDWAN technology and security allowed Blaze to deploy and secure these connections with ease.

Each site has a FortiGate firewall, sized appropriately to the location and available connectivity, while direct connection and the use of SD-WAN enables the centralisation of Unified Threat Management (UTM). Running UTM on the Blaze Private Core Network saves expense and provides enhanced security by reducing Agrovista’s cyberattack surface.

Meanwhile, all locations are connected via a primary and secondary connection through a combination of leased line circuits, FTTC, broadband and 4/5G (dependent on the number of staff, site location and service availability). The data centre firewalls are connected back to Blaze’s core network on uncontended and dedicated 1,000Mbps connections.

Secure connection of remote workers is supported into the Blaze Private Core Network infrastructure through use of Fortinet’s ZTNA (Zero Trust Network Access) solution that is incorporated in the Fortinet endpoint management services technology (FortiClient EMS). The Fortinet EMS security management solution enables scalable and centralised management of multiple endpoints. As well as providing remote user connectivity, EMS was also configured to provide remote web filtering, so devices are protected when outside of the secure network. Two factor authentication is provided, as well as additional capabilities as detailed above. Enhanced security technologies protect the Agrovista infrastructure and branch locations, including Unified Threat Protection (UTP), antivirus, BOT Net detection, Intrusion Prevention Services (IPS), and application control.

Securing the network

Use of the Blaze Private Core Network enables the hosting of integral elements including FortiAnalyzer and Fortinet EMS on a high availability basis through Blaze Cloud. With FortiAnalyzer - enhanced with Blaze Security Analyzer’s add-on services including Indicators of Compromise (IOC) and Security Operations Centre (SOC) - Agrovista gains a greater level of value and protection.

All Fortinet equipment in Agrovista’s SD-WAN sends logs back to the Security Analyzer which then provides comprehensive reporting and security operation functions. Blaze has tailored this to Agrovista’s reporting requirements and provided training to the IT team on reporting and security operational functions available within Security Analyzer.

AI is used from FortiGuard to help combat virus outbreaks or ransomware using Indications of Compromise (IOC) licenses. As with content filtering, a co-management approach has been adopted and Blaze works directly with the Agrovista IT team. This transparent approach allows teams to work together to isolate and secure the network from threats - as and when they occur - aligning with Agrovista’s security framework and incident management requirements.

Enhanced disaster recovery

The SD-WAN-based network design and combination of features provide Agrovista with a robust, secure and future-proof network – with enhanced disaster recovery strategy - in a highly cost-effective manner.

By using application-aware SD-WAN technology and application health monitoring, Blaze can automatically failover the traffic in the event of service degradation on the primary fixed line service. Use of SDWAN-enabled active / active paths and application steering over both the primary and secondary connections enabled more productive network utilisation as well as enhancing resilience. Provision of services to remote locations and mobile workers has been made much easier and a secure, capable, and resilient remote access infrastructure has been provided for mobile workers.

Cybersecurity has been enhanced by the network design and by the UTM system providing antivirus, content filtering and web filtering. Overall, through an efficient and secure network design, combined with the enhanced level of service delivered by Blaze, Agrovista has been able to improve the reliability and effectiveness of its wide area network whilst boosting cybersecurity and simplifying operations.

“Blaze has created a high-availability SD-WAN network which greatly assists the secure provision of IT services to our many remote locations and workers. The co-management of the network works well, and Blaze is highly responsive to our needs,” said Alastair Battrick, Senior IT Manager, Agrovista. “Blaze has provided a flexible and easy to adapt network, and their responsiveness and customer-focus makes the company very easy to work with. I’d personally like to thank the team at Blaze Networks for the smooth transition from our previous MPLS provider, and the reliable service they are providing us.”