Cisco case study

Maastricht University

Growing university improves security,

tackles new technology initiatives
Maastricht University ⋅ Size: 18,000 students, 4,300 employees ⋅ Industry: Higher Education ⋅ Location: Maastricht, The Netherlands

Maastricht University (UM) is the most international industry and the province of Limburg. UM’s four Thanks to its high-quality research and study
university in the Netherlands and, with 18,000 Brightlands campuses are collaborating with programs as well as a strong focus on social
students and 4,300 employees, is still growing. The startups in fields including: regenerative medicine, engagement, UM has quickly built a solid
university stands out for its innovative education precision medicine, and diagnostics (Maastricht); reputation. Today it is considered one of the best
model, international character, and multidisciplinary smart materials and sustainable manufacturing young universities in the world.
approach to research and education. (Sittard-Geleen); data science and smart services
For more information, visit maastrichtuniversity.nl.
(Heerlen); healthy food, nutrition, future farming and
UM has six faculty groups specializing in Health, biocircular economy (Venlo). UM Campus Brussels
Medicine, and Life Sciences; Arts and Social connects researchers to EU policy-makers and
Sciences; Law; Psychology and Neuroscience; international scholars, offers executive courses for
Science and Engineering; Business and professionals, and functions as a UM embassy.
Economics. Students and staff work closely with

Challenges Solutions For more information

• Increase bandwidth for critical research • Software-defined networking deployed • Cisco® Application Centric
• Simplify network management across in a multi-pod configuration Infrastructure (Cisco ACI™)
campus • Centralized, policy-driven management • Cisco Nexus® 9000 Series Switches
• Improve security posture and visibility
• Next-generation intrusion prevention • Cisco Firepower 4100 Series with
Firepower Threat Defense (FTD)
Results
• Simplified campus-wide network and security management
• Increased protection of student and employee data
• Integrated network management for VMware
• Enabled 50 percent faster issue resolution

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco case study
Maastricht University

Challenge: Improving performance, Increasing throughput and resilience, The network is configured using a multi-pod
enhancing security posture simplifying management design, with a single ACI fabric spanning both
data centers. Each data center hosts an ACI pod.
The challenges that UM’s networking team faces UM is widely spread over more than 50 buildings
This solution allows networking for the two data
will be familiar to anyone with experience in a across the city of Maastricht and beyond, and
centers to be managed as a single entity without
university setting. IT teams are small, given the has two separate data centers for resilience. To
sacrificing resilience.
substantial demands placed on them. IT security address the networking needs of this dispersed
specialists, in particular, are in high demand and environment, the university moved from traditional “Not only is throughput much higher than we had
short supply. Like most education institutions, networking to Cisco ACI, the industry’s leading before, we can now manage the whole network
UM takes the protection of its students’ and software-defined networking (SDN) solution. from a single console,” says Jonkers. “And the
employees’ personal data extremely seriously. spine and leaf design of Cisco ACI is extremely
With the assistance of systems integration partner
stable and resilient. Now we can do networking
“Our previous network environment, with Dimension Data, UM deployed Cisco ACI to
software updates during the day without having
separately managed devices and cumbersome address its bandwidth, management, and security
to worry about disrupting traffic. That’s a big
access control lists for security, was no longer challenges. Servers are configured with 10GbE
operational improvement for us.”
meeting our needs,” says Marc Jonkers, network and 40GbE connections to Cisco Nexus 9000
team leader at UM. “We needed a solution that Series switches, enabling superior bandwidth for
would simplify management, increase event research and other needs.
visibility, deliver high bandwidth and availability
for critical research, and make it easier for us to
adopt new technologies.”

“We’re currently building out a security operations center and dispersing

security engineers in all teams to ensure security and foster collaboration.
The Cisco ACI networking environment is not only simplifying management
and accelerating problem resolution, it is breaking down barriers between
different teams so we can work together effectively.”
Marc Jonkers
Network Team Leader,
Maastricht University

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco case study
Maastricht University

Enhancing security and visibility

For UM, another benefit of the new deployment
was a highly available next-generation firewall
clustering design built using Cisco Firepower
4100 Series appliances running Firepower Threat

DATA Link Defense. The firewall cluster consists of four

active Firepower systems with two appliances in
each Cisco ACI pod. The four appliances work
together as a single firewall, using one network
POD-1 POD-2 and security policy configuration. Incoming
network traffic is preferentially directed to a
Cisco Nexus 9000 Cisco Nexus 9000 Cisco Nexus 9000 Cisco Nexus 9000 device in the local ACI pod. Because firewall
Series Switch VPC Series Switch Series Switch VPC Series Switch services can be provided by any appliance in a
cluster, one or all appliances in an ACI pod can
fail without interrupting secure network access.

Cisco ACI replaces the complexity of managing

access control lists with centralized control
and a whitelist security model in which all
communication is blocked by default and explicit
permission must be given.

“The new Cisco firewall environment is much

Cisco Firepower Cisco Firepower Cisco Firepower Cisco Firepower
simpler. Now, we manage a single logical
4100 Series Firewall 4100 Series Firewall 4100 Series Firewall 4100 Series Firewall
firewall, and we have much better visibility of
events,” says Jonkers. “The team watches the
Figure 1. Maastricht University is utilizing Cisco ACI—delivered via Cisco Nexus 9000 Series Switches and management and firewall consoles and takes
integrated with Cisco Firepower Next-Generation Firewalls—to unify its data centers and improve IT management, action on any events that occur. We are able to
performance, and security. resolve issues 50 percent faster and have been
able to handle 10 percent more events without
adding headcount.”

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco case study
Maastricht University

Integrating Cisco ACI and VMware

UM’s servers are more than 80 percent virtualized
Pursuing new infrastructure and security
technologies
“Before Cisco ACI,
using VMware vSphere software. The move to The Cisco network environment is enabling the VMware was a black
Cisco ACI has changed the relationship between
the network and VMware teams.
university to pursue a number of new technology
initiatives, including Kubernetes. Cisco ACI
box. We couldn’t see
“Before Cisco ACI, VMware was a black box.
supports container environments and offers
tight Kubernetes integration with ready-to-use,
what was happening
We couldn’t see what was happening with
traffic routed to VMware and we couldn’t help
secure networking. Although the university’s with traffic routed to
troubleshoot when problems arose,” explains
Kubernetes deployment is still in the startup
phase, it already spans both data centers. VMware and we couldn’t
Jonkers.
The team will also be implementing Cisco help troubleshoot when
“Now we can communicate with VMware, make
configuration changes, see all the traffic going
Software-Defined Access (SD-Access) which
gives access to any user, device, or application
problems arose. Now
to and from VMs, and manage all networking
for VMware. When the VMware team asks for
without compromising security. By automating we can communicate
user policies and device provisioning, the
something, we can deliver very quickly.”
network becomes more secure without affecting with VMware, make
The university is planning to take advantage of the
automation and orchestration capabilities of Cisco
the user experience.
configuration changes,
ACI to further enhance integration with VMware.
“We’re currently building out a security operations
center and dispersing security engineers in all
see all the traffic going
The VMware team will be able to spin up new
servers and have Cisco ACI and Firepower
teams to ensure security and foster collaboration,”
adds Jonkers. “The Cisco ACI networking
to and from VMs, and
services configured correctly and automatically.
Microsegmentation will also be used to further
environment is not only simplifying management manage all networking
isolate VMs and applications for security.
and accelerating problem resolution, it is breaking
down barriers between different teams so we can for VMware. When the
work together effectively.” VMware team asks for
something, we can
deliver very quickly.”
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to
Marc Jonkers
this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
Network Team Leader,
© 2019 Cisco and/or its affiliates. All rights reserved. Maastricht University