FIDIM: a winning firewall cannot be changed!

FIDIM srl, based in Monza, is the holding company of the Rovati family, active in the biotech, real estate, hospitality sectors and engaged in cultural projects.

The history of the Rovati family and its companies dates back to 1961, when the doctor and pharmacologist Professor Luigi Rovati founded the independent research laboratory Rotta Research Laboratorium Spa, later renamed Rottapharm Spa, which will grow to become a multinational pharmaceutical group. known for its cutting-edge research, with branches in major world markets. In 2007 the group was further consolidated by acquiring the German company Madaus Pharma, giving life to Rottapharm | Madaus, a group with more than 2500 employees.

And it is precisely in these years that the company begins to use WatchGuard firewalls, a choice that has also been replicated in the current holding company FIDIM.


The challenge
After the acquisition, Rottapharm Madaus had 84 locations to connect and talk to each other. In 2009, with the entry into the company of Fabio Vigato in the role of IT System Engineer, the planning phase of the new infrastructure begins together with the historical partner Vertigo Consulting, with the aim of connecting all the employees of the multinational located in the 84 offices.

“It was necessary to create an infrastructure model that could be easily replicated in all branches” explains Vigato. “We started with a 3-year pilot project for Europe. We had to be able to guarantee the sharing of information and the use of the same application platforms in all locations, in safety and in compliance with the stringent regulations governing the pharmaceutical sector. Managers had to be able to work from the corporate offices but also from home with the same efficiency and safety. Added to this is the need to standardize the entire European application and management platform for scientific agents and informants and to provide much lighter and more performing mobile devices. The decision to be the first to move to the Apple iPad platform was immediate. The ultimate aim was to ensure the flow of orders in real time wherever they were. We also needed to be able to create VPNs quickly, simply and at any time for secure connections, by freeing ourselves from the provider on duty. Real-time monitoring of various factors is fundamental, from connectivity, to data traffic, to intrusion attempts, all of which are necessary for compliance with European regulations. Last but not least, the control of management and maintenance costs and the replacement of existing hardware with new, more efficient solutions. "

At this point it was a question of identifying a reliable firewall product, which guaranteed very high security standards and which was as scalable as possible over time, but above all which did not present exorbitant management and maintenance costs. None of the products in use had a complete graphical interface that made it possible to monitor the status of the firewall in a simple and intuitive way. The solution was therefore to develop an ad hoc model.

The solution

The new infrastructure model, then replicated in all locations, was developed by the technological partner Vertigo Consulting (Salvatore Calcerano) in close collaboration with Rottapharm Madaus (Fabio Vigato). The headquarters of Rottapharm | Madaus in Monza has become the heart of the entire infrastructure with a double redundant ring, centralized data center, backup and disaster recovery of all branches converging on Monza. The hardware park was completely renovated and implemented WatchGuard firewall on all locations. The choice fell on WatchGuard appliances because they allowed you to open and close a VPN quickly, independently and without having to go to the connectivity provider.

In addition to the perimeter security guaranteed by WatchGuard firewalls, the control of user content is guaranteed by Total Security Suite which in addition to mitigating any malicious content, protects against viruses and malware while browsing the Internet. To complement the internal security, the servers have been equipped with the WatchGuard TDR system which actively protects the machines from possible local execution of ransomware or malware.

The "Winning" Project Replicated in Fidim Holding
“From the very first WatchGuard appliance that Vertigo Consulting showed me, I appreciated the interface for configuration and programming which is really intuitive,” Vigato pointed out. “Real-time monitoring, inbound traffic, outbound traffic, blocked IPs, everything was very clear. I remember perfectly that I was struck by the speed of the switch with which the backup device came into action in case of failure or anomaly of the primary: in a few milliseconds and in a completely automatic way all the connections and VPNs with the branches were restored, and in less than a second everything was working again, including external ones that worked in VPN with mobile devices. We have thus applied WatchGuard to the entire Rottapharm | group Madaus. "

In 2014 the commercial business of Rottapharm | Madaus was sold to the Swedish group Meda, spinning off and maintaining the research activity of Rottapharm Biotech in the holding Fidim. The family holding then developed into other sectors which merged into 8 medium-sized companies, with various offices in Italy.

Fabio Vigato was appointed CIO of FIDIM srl where, in collaboration with Vertigo Consulting, he continued to implement the connectivity infrastructure model developed.

Today the technological infrastructure of Fidim Holding it has a total of about 300 users divided into 8 companies and is centralized in the Monza headquarters. Each new company acquired by the holding is inserted into the existing and centralized infrastructure in Monza.

In the Hospitality segment, devices for secure Wi-Fi have also been implemented within the 5-star hotel in Florence AP420 of WatchGuard, thanks to which you get performance comparable to that of a wired connection.

"The model developed and developed together with Vertigo - concludes Vigato - can be defined as a" polymorphic "infrastructural model, capable of quickly adapting to new situations, both in the event of the acquisition of new companies or on the contrary, in the event of any sales of company branches. The basic strategy always provides for centralization and supervision from the headquarters, but taking into account the activities and needs of the branch offices. In some branches, by installing only WatchGuard firewall, we have been able to remotely and provide a service in a total Private Cloud, guaranteeing complete management and control of all business critical activities. Core business services remain on site, thus ensuring business continuity, backup and disaster recovery. In this way, the costs of IT resources for on-site support and maintenance are optimized: today we manage all users with only 3 technicians at the helpdesk. In over ten years of purchasing WatchGuard equipment, I have only needed technical assistance twice, and I believe this can be the best demonstration of product reliability and ease of use. "

The results
Reliability, scalability and real-time monitoring of what happens on the firewall and on the network through a user friendly graphical interface have been among the most appreciated features of WatchGuard firewalls, together with the ability to create VPNs independently, all simply.

“Since we installed the first Cluster (11 years ago) we have never had a disservice attributable to a firewall problem” concludes Vigato. "You buy them, install them, and remember you only got them after three years, when WatchGuard calls you to remind you of the three-year renewal deadlines!"