Customer Case Stories - Penn State University

Body

 

 

Customer Needs

Isolate BACnet from unauthorized systems

Fast and non-disruptive deployment

Segment remote access for contractors

Simple and fast network provisioning

Span communication across any network

Constraints

Flat L2 Network owned by IT

Unable to modify underlying network

Small staff supporting 640 buildings

Avoid building downtime

Onboard dozens of new buildings

Finish before fall semester

Results

Team isolated and segmented 50 buildings in first week

Eliminated all BACnet broadcast storms

Simple to add, move, and revoke network communication instantly

Contractor remote access isolated to specific systems only

Completed on time and under budget

 

 

Excellence and Innovation

Listed among the top 100 universities in the world and cited as one of the “Top 50 Best Universities” in America, Penn State University (PSU) is a large and highly competitive research institution. Their commitment to excellence and innovation is not only held by students and faculty, but all personnel at Penn State.

With over 640 buildings spread across dozens of state-wide campuses, the Facilities Automation team was tasked with reducing the security risk and downtime for their Building Automation Control networks (BACnet). The small team of four network administrators and four installation technicians had to define and deploy a solution before the start of fall semester.

 

Overcome Network Chaos

PSU was dealing with a significant attack surface across their shared Layer 2 and Layer 3 network. Every building had several hundreds or thousands of open data ports that gave direct access to the campus network, with many rogue access switches and wireless access points that vendors would install without permission. To make things more difficult, the network transport upon which BACnet traffic rode was a spider web of managed and unmanaged Ethernet, Wi-Fi and cellular networks they didn't control.

 

Eliminate Broadcast Storms

Downtime caused by broadcast storms was too frequent and the impacts were wide-ranging; from elevator downtime to temperature control failure that caused the loss of valuable lab research for example. As systems were brought online by staff or contractors, nearly 3,000 gateway routers would broadcast these messages, which would flood the network.

 

 

“Everyone who has deployed BACnet has experienced its disruptive broadcast storms that impacts performance and can create outages in other parts of the network."

Tom Walker, Facilities Automation Network
Penn State University


Alternatives Considered

PSU considered firewalls, VPNs, and NAC for each building, however, the time, cost, and personnel estimates to deploy and manage were prohibitive. They estimated that it would take 2500 FTE days just to deploy these technologies across 640 sites, while requiring 8 additional staff to manage them after deployment. PSU quickly came to the conclusion that no combination of these technologies could meet their requirements for network simplicity, isolation, and rapid provisioning.


Simple, Non-Disruptive Deployment

PSU chose Tempered Networks after an initial pilot where they installed a physical HIPswitch in two separate buildings, a virtual HIPswitch in the data center in front of the BACnet control servers, and a HIPrelay for identity defined routing. With no training, it took the team 20 minutes to deploy their pilot without having to modify the underlying network or involve IT.


Make BACnet Invisible and WAN Communication Simple

Specific building controls, like Lighting Systems, were grouped into their own encrypted overlay network to allow only authenticated network communication between the building controls and their specific servers in the data center. No unauthenticated system anywhere on the campus network could find, discover, or access their building controls. All BACnet communications were encrypted and ran completely isolated and unimpeded. Their environment was effectively made invisible to all other machines and users.

PSU now had the recipe for rapid deployment and the creation of peer-to-peer WAN overlay segments for simple, fast, and secure end-to-end connectivity without barriers.

 

 

“Only authorized BACnet systems can establish communication with each other via ID network segments in our overlay network. Even though we share the same campus network with 80,000 students, faculty and staff and tens of thousands of other machines, BACnet is segmented, unreachable and invisible to all other systems and users."

Tom Walker, Facilities Automation Networking
Penn State University


Rapid Deployment While Eliminating Broadcast Storms

Within the first week of their production deployment, the small team had installed HIPswitches at 50 buildings, eliminating the network attack surface and enabling network communication between only authorized endpoints. Because of ID network access and segmentation, those systems’ broadcast messages are isolated and forwarded only to their trusted and specific control servers, which eliminated broadcast storms.


A Simpler and More Secure Network at a Fraction of the Cost

The small team was able to complete their project on time and under budget, while exceeding their requirements to easily connect and segment their BACnet systems. They estimated that Tempered Networks was a quarter of the cost of firewalls, VPNs, or NAC, and deployed ten times faster while required no additional headcount. They now secured BACnet in a way that was impossible to do with alternatives.

 

 

 

 

 

Experience the same simplicity, security, and cost-savings

 

 

 

Dennis Weibling

Body

 

Dennis Weibling, Managing Director, Rally Capital LLC

Dennis Weibling

Managing Director, Rally Capital LLC

Dennis M. Weibling has been a Managing Director of Rally Capital, LLC since 2004. Previously, he was a Partner at Clark Nuber & Co in Bellevue, Wash. from 1986 to 1993, and served as President and Chief Operating Officer of Eagle River Investments LLC from October 1993 to December 2001, as well as served as Vice Chairman of Eagle River Investments LLC from January 2002 to December 2003.

Over the course of his career, he has held multiple board and director positions. He served as Chairman of the Board of Telesphere Networks Ltd. from 2006 to 2014, Director of Cool Planet Energy Systems, Inc. since May 2015, Director of Sotheby’s since May 2006, and Director of PIRQ INC. since December 5, 2005.

Dennis also served as a Trustee for Seattle Pacific University from 2002 to 2013, and as Chairman of Seattle Pacific University for four years. Today, he serves on various non-profit boards including Bellevue Christian School, and the Institute for Business Technology and Ethics. He received his Bachelor’s degree from Wittenberg University in Springfield, Ohio and his Juris Doctor and Master’s Degrees from the University of Nebraska.

 

 

Erik Swan

Body

 

Erik Swan, Co-founder Splunk

Erik Swan

Co-founder, Splunk

Erik M. Swan co-founded Splunk, where he served as Chief Technology Officer and a member of the Board of Directors from 2003-2013, and continues to serve as senior advisor to the executive team since 2013. Prior to joining Splunk, Mr. Swan served as Chief Technology Officer at CommerceFlow, Inc., an information technology and services company, from 2001 to 2003. Previously, Mr. Swan served as Vice President of Engineering at Disney Internet Group, a division of The Walt Disney Company, from 2000 to 2001. Mr. Swan studied computer science at the California Polytechnic State University, San Luis Obispo.

 

 

John Connors

Body

 

John Connors, Managing Partner, Ignition

John Connors

Managing Partner, Ignition

John Connors is a Managing Partner at Ignition, joining in 2005 after a lengthy career as a Software-Industry Executive, principally at Microsoft.

John spent sixteen years at Microsoft in several high-level, strategic roles. From January 2000 to April 2005, he was Senior Vice President of Finance and Administration, as well as the company’s Chief Financial Officer. He also served as Vice President of the Worldwide Enterprise Group and Vice President and Chief Information Officer. Before becoming CIO, John held a number of positions within and outside finance, including Corporate Controller; General Manager of Worldwide Financial Operations; Director of Business Operations at Microsoft’s European headquarters in Paris; and Director of Business Operations for the Worldwide Sales and Support Strategy Group.

John is also a member of the Board of Directors at Nike (NKE), Splunk (SPLK), FiREapps, Xamarin, DataSphere, Motif Investing, Chef, and Azuqua. He was also a Board Member of Xensource, acquired by Citrix in 2007; Heroku, acquired by Salesforce.com in 2010; Parse, acquired by Facebook in 2013; Tier 3, acquired by CenturyLink in 2013: and Scout Analytics, acquired by ServiceSource in 2014. He also led Ignition’s investment in Splunk (IPO 2012). John was recognized in the 2013 Forbes Midas List, a ranking of the world’s top venture capital investors, and to Business Insider’s 2013 list of top enterprise technology VCs.

John received his BA in Accounting from the University of Montana, where he was also granted the Distinguished Alumni Award.

 

 

Stuart Bailey

Body

 

Stuart Bailey, Founder/CTO, Infoblox

Stuart Bailey

Founder/CTO, Infoblox

Stuart Bailey is a technologist and entrepreneur who's has been innovating at the intersection of distributed software systems and networking for 19 years. As the founder and Chief Technology Officer of Infoblox, Stuart focuses on enabling the hardware-centric networking industry to gracefully transition and expand into a software-centric market, helping organizations cope with rapid increases in network complexity.

In 1999, Stuart founded Infoblox (NYSE:BLOX), a Sequoia Capital-backed company. Today, thousands of organizations worldwide, including many of the Fortune 500, rely on Infoblox’s automated distributed systems solutions for essential, software-based network control.

Prior to founding Infoblox, Stuart worked with Dr. Robert Grossman in the University of Illinois at Chicago (UIC) Laboratory for Advanced Computing. During his time there, Stuart led teams that developed advanced distributed data architectures and participated in building the National Scalable Cluster Project and the National Center for Data Mining. He guided these teams to several awards in the High Performance Computing Challenge at s-Supercomputing conferences.

Stuart has been honored as an entrepreneur, distributed systems architect, and protocol designer.

 

 

Mark Wright

Body

 

Mark Wright, Finance

Mark Wright

Finance

Prior to joining Tempered Networks, Mark spent 10 years at Microsoft working in a variety of controllership roles both as an individual contributor and manager. Most recently he managed a team of six, leading the FP&A function in Microsoft’s Worldwide Customer Service and Support Division. Mark is skilled in implementing controls and bringing actionable insights to financial results. He also has a track record of creating strong partnerships.Mark earned his BS in Finance from the University of Phoenix. Outside of work, Mark enjoys spending time with his wife and four children and also spends time volunteering in his community.

 

 

Matt Hadreas

Body

 

Matt-Hadreas

Matt Hadreas

Inside Sales and Sales
Operations

Matt is the Sr. Director of Sales and Sales Operations at Tempered Networks where he is responsible for leading the Inside Sales team as well as operationalizing Tempered’s go-to-market strategy. Previously, Matt worked with Dev9 where he built enterprise partnerships with AWS and Google Cloud into multi-million dollar businesses. Prior to that he spent several years at Skytap as a seller and sales leader where he was instrumental in helping them double their headcount and triple their revenue during his tenure there.

 

 

Richard Ting

Body

 

Richard Ting, Sales APAC

Richard Ting

Sales APAC

As the Vice President of Asia Pacific and Japan, Richard is responsible for the sales, business development, and channel strategy of Tempered Networks’ business in the region. Richard brings over 15 years of sales leadership and international channel experience in the network security market. Prior to Tempered, Richard held similar roles at Switch, Inc., Dell, SonicWALL, and Aventail. At Aventail, he also served in various leadership roles in product management, field systems engineering and support, and professional services.

 

 

Nancy Jorgensen

Body

 

Nacy Jorgensen, Product Operations

Nancy Jorgensen

Product Operations

Nancy has worked in the tech industry for over 20 years, spending time in a handful of successful start ups, including F5 Networks where she was able to experience its IPO and growth to over 500 employees. At Tempered, Nancy's team helps bring products to market and her organization is generally viewed as the "glue" that keeps things on track.