Virtual Firewall Service Frequently Asked Questions

Who is Cybera?

Cybera is a not-for-profit technology-neutral organization responsible for driving Alberta’s economic growth through the use of digital technology. Its core role is to oversee the development and operations of Alberta’s cyberinfrastructure — the advanced system of networks and computers that keeps government, educational institutions, not-for-profits, business incubators and entrepreneurs at the forefront of technological change.

 

What is the Virtual Firewall Service?

The Virtual Firewall Service is a scalable software (virtual) solution that Cybera has developed for Alberta's public sector (with bandwidth traffic of less than 1.3 Gbps). It allows multiple institutions to run their firewall from a shared, virtual environment, doing away with the need for individual hardware setup or maintenance. The service was piloted among five Alberta school districts throughout 2016-17.

 

What firewall software technology does it employ?

The Virtual Firewall Service utilizes a PaloAlto firewall solution, housed on Alberta’s Rapid Access Cloud. The software firewall is the Palo Alto Networks VM-100, VM-300 and VM-500 (perpetual license), with subscriptions for Threat Management (annual license), PAN-DB URL Filtering (annual license) and Wildfire (annual license), and vendor support (annual cost). Please note that, while the Palo Alto Networks firewall software was chosen for the original pilot, Cybera remains agnostic with respect to software firewall technology.  

Are there plans to employ any other firewall solutions?

Cybera staff are currently investigating an open-source option, which should further reduce costs for member organizations.

Will Cybera manage my firewall?

Cybera's role is to build and maintain the cloud environment for housing the virtual firewall. Member organizations are still responsible for the configuration and management of their firewalls (just not the physical maintenance). Participants can still employ third parties to manage their firewalls.

What happens if another school division needs to reboot their firewall?

Nothing. Each firewall virtual machine is hosted in its own private environment on dedicated nodes within the Rapid Access Cloud. If you need to upgrade the software or make configuration changes to your virtual machine, this work can be done during a maintenance window that is convenient to you, and without the need to coordinate with (or impact) other member organizations.

Who can participate in the Virtual Firewall Service?

Any Alberta educational institution that is a member of Cybera can participate in the service, provided that 1) Their bandwidth traffic is under 1.3 Gbps, and 2) They are a member of the Internet Buying Group. We will be rolling the service out to other public sector institutions, including libraries and municipalities, later in 2018.

 

What is required to connect to the Virtual Firewall Service?

The exact details will need to be determined for each individual organization. Essentially, participants divert their schools’ network traffic through the dedicated firewall that is hosted on a virtual machine in Cybera’s Rapid Access Cloud. For more details on the steps required to get setup, visit the Virtual Firewall Service Wiki.

For more information, please contact firewall@cybera.ca.