Secure access to mission critical applications
A three-year project has seen the trust implement a number of technologies including Thin-Clients and high capacity data links between remote sites. At the heart of this system is F5’s FirePass 1000 SSL VPN controller, an affordable and effective method for ensuring constant and secure access to mission critical applications from a diverse range of remote devices.
The Challenge
In March 2001, East Staffordshire Borough Council transferred all its housing stock to Trent & Dove Housing (TDH) under a Government approved Large Scale Voluntary Transfer scheme. Alongside the routine management of the housing stock, TDH also offer a range of care and support services and provides agency services on behalf of ESBC in relation to its statutory homeless obligations and the Housing Needs register. Services are monitored on a regular basis to ensure a continuing and ongoing improved housing service is delivered to the public.
The IT infrastructure inherited by TDH was somewhat chaotic with a diverse mixture of hardware, operating systems and applications all connected across different WAN links and remote access technologies.
“Our first project after we moved from local government control was to simplify and consolidate our IT systems” explains John Imber, IT Manager.
With 5 sites and a number of Sheltered Housing Schemes spread across a 30-mile geographic area, TDH started to rationalise its data links by switching over to a low cost leased copper EPS solution. With each connection providing up to 2Mbs, this provided ample capacity for a move to a Citrix Thin Client solution to simplify both application delivery and support.
“We have a small IT department to service our 120 users and 4 remote sites and our main concern was to be able to both deliver applications securely while keeping support costs at a minimum,” Imber added.
Need for secure remote access
As a non-profit organization, TDH is monitored by the Housing Corporation and bound to strict rules on information security and spending controls. With a minimal budget for IT, TDH turned to Hytec, a solution provider that it had worked with on IT projects for over 10 years.
The aim was to provide a secure remote access solution appropriate for the organisation’s diverse infrastructure as Kevin Daly, Senior Consultant at Hytec explains, “One of the reasons we have worked with TDH for so long is that we are vendor agnostic and have strong skills in the area of remote access. After looking at their requirements, we felt that FirePass offered the best fit and a number of unique benefits.”
Hytec had evaluated F5 Networks FirePass solution within its own test environment and decided that TDH would be a good choice for its first UK implementation.
“For an organization like TDH with a growing number of remote users and a need to reduce support costs, a clientless SSL VPN solution, we have found, is much more cost effective and easier to support than a traditional IPSEC client solution” Daly adds.
FirePass pilot project
Over a 14-day period in June of 2004, Hytec setup a pilot project using a FirePass 1000 to connect 3 remote users to the central application servers. To maintain the company's security policy, Hytec also implemented a SecureID token system to work in conjunction with FirePass.
The pilot project utilised FirePass to deliver a range of bespoke housing management Unix applications and common Windows applications such as email, diaries, word processing and spreadsheets across secure SSL VPN links.
After user authentication via SecureID token, the FirePass delivers a virtual Citrix desktop to users across either low bandwidth dial-up or shared DSL connections.
The pilot was deemed a success as Imber comments, “It proved successful in allowing remote IT support, Directors home-working, and remote access to legacy systems. Files could also be downloaded for offline use while remote users noticed almost no difference in functionality, when compared to local users. Performance was adequate on low bandwidth dialup lines and good on DSL connections. From a support perspective, the clientless nature of FirePass means we don’t have to worry about hardware, software or operating compatibility and we can quickly add new users in just a few minutes.”
Roll-out to support 100 concurrent users
TDH has deployed a FirePass 1000 controller as a 1U rack-mount server at its central data center in Burton-upon-Trent. It can support up to 100 concurrent users via either secure Web-based or WAN remote access. FirePass automatically checks the integrity of the user device and authenticates the user before allowing access to end-to-end SSL encrypted data. After the user disconnects, FirePass cleans up any confidential information left on the client device.
According to Imber: “The system requires no support overhead, with the exception of the few minutes required to add a new user, and we had no connectivity issues in the 8 months the FirePass system has been live.”
TDH has now connected 2 of its Sheltered Schemes via FirePass, with more to follow, and is planning on further innovation, as Imber explains; “We are now in the process of allowing limited system access to key suppliers and partners which before FirePass would have been almost unthinkable. The ease and flexibility of connections open up so many avenues”
“Another project we are currently planning is to offer wireless access to the laptops of case workers so they can access housing systems whilst visiting tenants,” Imber concludes.
“From an implementation and delivery standpoint, FirePass has behaved flawlessly. The benefits especially for our local government and housing clients make it a solution that we believe will rapidly become the standard for remote connectivity,” Daly concluded.