ASL Aviation Achieves Near Perfect Uptime and Boosts Security

Affordable MPLS Alternative
Secure and Optimized SD-WAN
Secure Cloud-Based SD-WAN
Simple Network Automation
“With Cato, outages dropped by 90 percent. We’re at 99.99 percent availability going on 100 percent.”
Fabrice De Biasio,Chief Group Information Officer

The Challenge: Build A Reliable Global Network Despite M&As

When you’re a freight airline, uptime is critical. But achieving high uptime in any network formed through M&As is all too often complicated by the mix of legacy systems and technologies.

Such was the challenge for ASL Systems. The French freight airline, which serves the likes of Federal Express, DHL, and UPS, needed the network to be available and operational if the company was to fulfill the service level agreements (SLA) to its customers. Those SLAs commit to having planes depart within two minutes of scheduled flight times, 98 percent of the time.

To achieve this metric, technicians required fast, 24/7 access to the ASL”s Maintenance, Repair, and Operations (MRO) systems from any of the company’s airport locations. But those and other applications ran in the cloud, and ASL’s network faced periodic problems.

“At least once a month, a broadband connection would drop, disconnecting a site completely and depriving technicians of access to systems they needed to keep aircraft up and running,” says ASL Aviation Holdings Chief Group Information Officer Fabrice De Biasio.

What’s more, the ASL network was a mix of technologies built from the various acquisitions. The network, an Internet-based VPN, connected two corporate datacenters, three primary public cloud services, and aircraft and crew bases in 10 European countries and Hong Kong. The company had used the cloud, specifically AWS, Azure, and the Google Cloud Platform, to eliminate some legacy technologies, but the sites still ran different firewalls. “When you grow through acquisitions, you have to rationalize, scale, and build off of synergies,” says Brian Ampwera, IT Project Lead. “Doing so is impossible without a viable cloud strategy.”

“We had no way of knowing how bandwidth was consumed by business applications and social media, for example,”

Which meant that in general, network visibility was poor. “We had no way of knowing how bandwidth was consumed by business applications and social media, for example,” he says. “We often weren’t aware of an outage until we heard from users. Since we couldn’t connect to the site, it was almost impossible to diagnose the cause without sending an IT team there physically.“ The closest IT team could be 100 or more miles away.

Reconnecting or adding a new site also took too long, as it required building multiple VPN connections to datacenters, cloud services, and other locations. “With each site, the growth of the number of connections became exponential,” says Ampwera.

Security is a significant issue for any airline, with one carrier losing 80 percent of its operations from a cyberattack. ASL’s security relied on a collection of firewall appliances at various locations, each with different configurations and rulesets. Managing all of them was complex and time-consuming, requiring multiple tools, consoles, and upgrades. “It took us three to six months just to plan and deploy major firewall updates,” says Ampwera, and updates frequently required maintenance outages. The result was a lot of effort for security that was often behind the curve.

ASL Rejects MPLS and SD-WAN, Chooses Forward-Looking Cato Solution

Seeking to rationalize its WAN and upgrade performance and its security posture, ASL briefly considered MPLS and SD-WAN. “MPLS was not a good fit, as it couldn’t be deployed to all our locations, and it would take too long to connect new sites,” says De Biasio. ASL was looking for new technology that would have a long life and simplify WAN connectivity and security as much as possible.

The company also considered SD-WAN. “We held off because we wanted more services than we were finding,” he says.

Finally, a partner introduced ASL to Cato. “Immediately, I had a good feeling,” says De Biasio. “Our goal was to have a secure and safe network, and Cato gave us both. It offered a new technology that would allow us to remove all our old complex firewalls and VPN’s, it would reduce cost, and it was very simple to manage and monitor.”

Cato Delivers Visibility, Reliability, Security, And Agility

ASL deployed Cato Sockets, Cato’s zero-touch, SD-WAN devices, at each site. Before Cato, it took two weeks to add a site to the network. With Cato, it took less than a day. “We simply connect the Socket and watch it configure itself automatically with Cato’s SD-WAN,” says Ampwera.

“We’re at 99.99 percent availability going on 100 percent.”

The Cato Sockets connected to a DSL line with 3G/ 4G wireless backup connections. Immediately, uptime improved. “With Cato, outages dropped by 90 percent,” says De Biasio, “We’re at 99.99 percent availability going on 100 percent.”

And when a problem does occur, ASL can eliminate the network as the issue just by looking at the Cato dashboard. Then it can move up the stack to troubleshoot applications. “Before we had to spend an hour or more pinging networks and checking numerous dashboards.”

“Cato gave us Superman-like x-ray vision that enabled us to move from reactive to proactive,”

Overall, Cato has immediately improved visibility dramatically. “Cato gave us Superman-like x-ray vision that enabled us to move from reactive to proactive,” says Ampwera. “With a single-pane view of the entire network showing the quality of each connection, we can detect and fix issues before they have an impact on the business.”

Performance improved as well, thanks to Cato’s route optimization and network analytics. “Analytics help us measure and understand what we needed to do to improve performance over time,” says Ampwera.

ASL has been able to replace all of its security appliances with Cato’s enterprise-class security stack, which includes NGFW, IPS, SWG, anti-malware, and managed threat detection and response (MDR). What’s more, no longer does ASL have to spend months planning and deploying firewall upgrades. Cato handles all that in the background. IT can set a single global security policy and make adjustments as needed for each site. Security is airtight. “With Cato, we can dynamically block malware before it appears in the wild,” says De Biasio.

De Biasio loves that he can turn to one competent vendor for any WAN or security issue. Usually, ASL staff hates calling support because the whole process is long and painful. When ASL had a configuration issue, Cato was able to resolve it in 5 to 10 minutes.

“We have a motto that IT never sleeps. With Cato, now I can sleep.”

“Typically, with SD-WAN, I’ve found that the reality of delivery doesn’t match the reality of the pitch,” says Ampwera. “With Cato, it does. There’s no drama.” Best of all, Cato allows IT to stop worrying so much about the network and take care of more important things. “We have a motto that IT never sleeps,” says De Biasio. “With Cato, now I can sleep.”

ASL Aviation Holdings is a global aviation services group based in Ireland. Over the years, ASL acquired multiple companies, including six airlines, maintenance facilities, and leasing entities. ASL’s WAN was a mix of technologies from these acquisitions, connecting two corporate datacenters, three major public cloud services, and aircraft and crew bases in 10 European countries and Hong Kong. Before Cato, ASL connected all locations with an Internet-based VPN between on-site, firewall appliances. Many locations had only one broadband connection without any backup link.

Cato Networks Advanced Security Services

Converging security and networking affords enormous gains in agility and cost savings, but traditional SD-WAN all but ignores security. Cato Cloud is different. It’s an SD-WAN built from the ground up with security in mind.

Secure and Optimized SD-WAN