Founded in 1877 as Japan's first modern university, The University of Tokyo has 10 undergraduate schools and 15 graduate schools located on six different campuses. Approximately 28,000 students are enrolled in its undergraduate, graduate and doctorate programs, and it employs roughly 10,000 faculty members, making it the largest of all of Japan’s national university entities.
The University maintains roughly 1000 website subdomains for different schools, departments, and research offices. These groups often set up and run pages on their own, using a mixture of commercial hosting services, public clouds, and on-site servers. The University’s Information Technology Center helps to administer some of these pages, looks after their security and performance, and also conducts research into large-scale interdisciplinary information systems.
This complex, hybrid website infrastructure created security concerns for Tokyo University. There were very few sites where security measures like firewalls and WAF (Web Application Firewall) had been implemented. These sites had not experienced any attacks or data breaches, but the University wanted to ensure this would remain the case.
And since various departments were responsible for managing their own subdomains, it was not feasible for them to handle security on their own. "Approximately 1,000 subdomains being issued means that there are at least around 1,000 subdomain administrators,” said Dr. Kazuya Okada, a research associate with the Information Technology Center’s Campus-wide Computing Research Division. “The knowledge and experience of the administrators varied from person to person....even though administrators have been working on their own individual security measures for each of their sites, with security threats becoming more advanced and sophisticated at present day by day, we cannot stop unknown threats like zero-day attacks merely by protecting ourselves against known threats.”
Tokyo University realized that a content delivery network (CDN) could be an effective defense against DDoS attacks, since the right CDN is able to absorb even the largest attacks. Working in collaboration with the leading IT services company Mitsui Knowledge Industry Co., Ltd. (MKI), the University selected Cloudflare.
"While there are a number of different CDN services, the reason why the university chose Cloudflare over the others was because of its rich security features and its adoption of Anycast for routing technology,” Dr. Okada said. “Anycast, which does its routing to the closest node, is the most effective countermeasure against DDoS attacks.”
Tokyo University also appreciated that the scale of Cloudflare’s network — which spans 200+ cities in 100+ countries, including multiple locations in Japan — offered redundancy against isolated outages. In addition, the University liked that Cloudflare was easy to adopt and manage — an important consideration in light of the former’s hybrid infrastructure.
"The greatest effect will be being able to perform centralized management at the Campuswide Computing Research Division on security measures that have needed to be implemented for each respective site,” Dr. Okada said. “Cloudflare provides an easy-to-understand control dashboard with a user interface in Japanese. The company that makes Cloudflare has suffered a number of large-scale DDoS attacks themselves in the past, and we can appreciate their extremely high technical reliability in terms of dealing with these attacks. We are also satisfied with MKI's support system, which responds quickly."
Cloudflare’s Anycast network protects Tokyo University from DDoS attacks of any size
Cloudflare’s single platform lets Tokyo University apply security controls for ~1000 subdomains from a single pane of glass
Cloudflare’s network scale offers redundancy against outages
“Cloudflare provides an easy-to-understand control dashboard with a user interface in Japanese. The company that makes Cloudflare has suffered a number of large-scale DDoS attacks themselves in the past, and we can appreciate their extremely high technical reliability in terms of dealing with these attacks.”
Research Associate, Information Technology Center, Computing Research Division