Virtual Firewall Service Frequently Asked Questions

Who is Cybera?

Cybera is a not-for-profit technology-neutral organization responsible for driving Alberta’s economic growth through the use of digital technology. Its core role is to oversee the development and operations of Alberta’s cyberinfrastructure — the advanced system of networks and computers that keeps government, educational institutions, not-for-profits, business incubators and entrepreneurs at the forefront of technological change.

 

What is the Virtual Firewall Service?

The Virtual Firewall Service is a scalable software (virtual) solution that Cybera has developed for Alberta's public sector (with bandwidth traffic of less than 1.3 Gbps). It allows multiple institutions to run their firewall from a shared, virtual environment, doing away with the need for individual hardware setup or maintenance. The service was piloted among five Alberta school districts throughout 2016-17.

 

What firewall software technology does it employ?

The Virtual Firewall Service supports FortiNet firewall and PaloAlto firewall solutions, both housed on Alberta’s Rapid Access Cloud. The Palo Alto Networks software firewall consists of VM-100, VM-300 and VM-500, with vendor support.

The FortiNet software firewall consists of VM02, VM04 and VM08, with vendor support.

Please note that, while PaloAlto and FortiNet software were chosen for this service, Cybera remains agnostic with respect to software firewall technology.  

Are there plans to employ any other firewall solutions?

Cybera staff are currently investigating an open-source option, which should further reduce costs for member organizations.

Will Cybera manage my firewall?

Cybera's role is to build and maintain the cloud environment for housing the virtual firewall. Member organizations are still responsible for the configuration and management of their firewalls (just not the physical maintenance). Participants can still employ third parties to manage their firewalls.

What happens if another school division needs to reboot their firewall?

Nothing. Each firewall virtual machine is hosted in its own private environment on dedicated nodes within the Rapid Access Cloud. If you need to upgrade the software or make configuration changes to your virtual machine, this work can be done during a maintenance window that is convenient to you, and without the need to coordinate with (or impact) other member organizations.

Who can participate in the Virtual Firewall Service?

Anyone in Alberta’s public sector that is a member of Cybera can participate in the service, provided that 1) Their bandwidth traffic is under 1.3 Gbps, and 2) They are a member of the Internet Buying Group.

 

What is required to connect to the Virtual Firewall Service?

The exact details will need to be determined for each individual organization. Essentially, participants divert their schools’ network traffic through the dedicated firewall that is hosted on a virtual machine in Cybera’s Rapid Access Cloud. For more details on the steps required to get setup, visit the Virtual Firewall Service Wiki.

For more information, please contact firewall@cybera.ca.