VR Group Delivers a Reliable Network Aboard High-Speed Trains

VR Group is implementing a Next-Generation Firewall (NGFW) to provide 200 megabytes per second of secure network connectivity on its high-speed trains traveling more than 200 kilometers per hour.

Secteur

Transport

Siege social

Finlande

Télécharger le pdf

VR Group required a network architecture that could provide secure, high-speed connectivity in trains moving at over 200 km/h. As part of the solution, the company adopted Forcepoint Next-Generation Firewall (NGFW) and leveraged the cloud for a zerotouch deployment, enabling the IT team to remotely configure the firewall for each train. VR Group benefits from reduced overhead costs and greater reliability due to load balancing of its three mobile operators.

Challenges

  • Improve internet connectivity on commuter train services.
  • Provide centralized, off-site management of network hardware.
  • Maintain high bandwidth at speeds over 200 kilometers per hour.

Approach

  • Implement hundreds of Forcepoint firewall routers, in combination with nearly 1,000 third-party Wi-Fi network devices and switches, and hundreds of third-party 5G modems and antennas.
  • Leverage zero-touch configuration to automatically set up routers once plugged in.
  • Enable URL filtering and Intrusion Prevention System (IPS) on NGFW.

Results

  • Attain 200 megabytes per second internet speed and a maximum capacity of around 3 gigabytes per second in a single router cabin with optimal 5G conditions.
  • Reduce overhead costs by eliminating the need for physical configuration and maintenance of firewall hardware.
  • Trim VPN costs with multilink connectivity to three different mobile operators.
  • Improve real-time data collection on trains for more accurate scheduling updates for customers

Dropped Connections and Old Equipment

If you’ve ever rode aboard a high-speed train in Finland, chances are that you were with VR Group. The railway transportation and maintenance company has long been a fixture in the country, with over 400 carriages in operation through all major cities.

The organization has a centuries-long track-record of operational excellence but aging infrastructure and the emergence of 5G technology prompted a review of its network.

“Our line of work creates unique challenges to maintaining Wi-Fi for customers and VPN for staff,” Pasi Louko, Senior Network Architect at VR Group, said. “Due to a couple of different aspects, we were seeing internet drop for customers and operators.”

VR Group’s network architecture up until that point was hub and spoke and ran on devices that had reached End of Life. It was expensive to maintain because there was no centralized management and all maintenance had to be done in-person during a short window in which trains were in for repairs.

These difficulties were compounded by factors that were out of VR Group’s control. The three mobile operators that the company relied on provided different coverage throughout the country and weren’t always reliable. Furthermore, the network devices – designed to sit in an office – needed to withstand temperatures as low as -40 degrees Celsius in freight trains.

Building a Reliable Network for High-Speed Trains

As Louko began to design a new network architecture, he tested multiple vendors for modems, routers, and firewalls.

Louko has a long history with Forcepoint and ultimately chose its Next-Generation Firewall (NGFW) as the firewall for VR Group’s 100+ router cabins. The zero-touch cloud deployment and maintenance, as well as the ability to simultaneously connect to all three mobile operators to avoid downtime, were critical functionalities given the company’s challenges.

“There are a lot of vendors that say they provide load balancing, but I haven’t seen a solution beside Forcepoint that comes close to effectively achieving it,” Louko said.

As Louko and his team began to run category 7 cabling throughout the trains and install the hardware in router cabins, Forcepoint’s centralized management came into focus.

“We have 400+ cabins that come in for maintenance at random, so the maintenance cycle and circulation of our trains dictates when we can install our new network,” Louko said.

Forcepoint NGFW is configured remotely and offers a zero-touch deployment via the cloud. It makes setting up the firewalls on each train as swift and painless as plugging in the hardware. Given Louko and his team would have just a few hours with each train, the solution was a perfect match.

Driving First-Class Network Connectivity

Implementing Forcepoint NGFW delivered a maximum capacity of 22.8 gigabytes per second across the 114 routers it runs on. When running a single router cabin with three 5G modems, the maximum capacity is around 3 gigabytes per second with optimal 5G conditions. This leads to a theoretical capacity of 342 gigabytes per second across all carriages.

The network design provides a firewall for passengers to reach the internet, and a firewall tunnel with strong encryption for internal traffic from the operators. The NGFW also provides security functionality that wasn’t available with the previous network architecture, such as URL filtering and Intrusion Prevention System (IPS).

“Our costs—both for the project and maintenance—are going down because we don’t need resources locally, we have centralized everything,” Louko said. “If we want new service on a train, we define the policy then give the hardware to the operator, who installs it. It’s that simple.”

VR Group has new freight engines entering service that will have to tolerate harsh elements, with the inside of cabins reaching -40 degrees Celsius when the train is not running. Forcepoint NGFW runs on third-party hardware that has been tested to run in these conditions.

“We had the firewall in a train that was offline for two weeks sitting in -15 degrees Celsius temperature, and Forcepoint’s NGFW started right up along with the train,” Louko said.

Moving forward, Louko aims to bring all the Internet of Things (IoT) devices on the trains collecting data under the same network architecture.

VR Group

The railway transportation and maintenance company, VR Group, operates over 400 commuter rail carriages and long-distance freights across Finland. Serving customers since 1862, the firm has over 7,000 employees across its VR, VR Transpoint, and VR FleetCare subsidiaries.