Company reaps the benefits of SSL VPN: employees, suppliers and business partners all gain from secure communications.It's 2 a.m. in rural Canada. Snow is falling as a grain elevator grain elevator Storage building for grain, usually a tall frame, metal, or concrete structure with a compartmented interior; also, the device for loading grain into a building. loads a train bound for the processing plant. The facility supervisor needs secure remote access to the corporate network to make inventory updates, but if the remote connection to the network fails, the supervisor must scramble to locate and wake up a support technician miles away in Winnipeg, while hundreds of freight container cars sit on the track, unprocessed. Paul Beaudry, director-technical services at agribusiness agribusiness Agriculture operated by business; specifically, that part of a modern national economy devoted to the production, processing, and distribution of food and fibre products and byproducts. James Richardson There have been a number of notable people named James Richardson:
JRI John Ray Initiative JRI James Redford Institute for Transplant Awareness (Los Angeles, CA) ), decided to ensure this scenario never happens. Today, JRI technicians can sleep soundly, as suppliers, salespeople, partners and employees securely access critical business information around the country and around the clock over a secure socket-layer virtual private network (SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. ). JRI had used an Internet protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. security (IPSec) solution for site-to-site connection for more than 85 company locations. When implementing secure remote access, however, the MIS team experienced challenges trying to control access and the VPN tunnel. With point-to-point tunneling protocol See PPTP. (communications, protocol) Point-to-Point Tunneling Protocol - (PPTP) A tunneling protocol for connecting Windows NT clients and servers over Remote Access Services (RAS). PPTP can be used to create a Virtual Private Network between computers running NT. (PPTP (Point-to-Point Tunneling Protocol) A protocol from Microsoft that is used to create a virtual private network (VPN) over the Internet. Remote users can access their corporate networks via any ISP that supports PPTP on its servers. ), security was too thin, and access was all or nothing; once the tunnel was opened, the whole world had access to JRI's network. Plus, the MIS team was spending too much time on each connectivity request, worrying about what type of access device was being used, whether it was managed or unmanaged, and if the system included firewalls or antivirus solutions. The company needed a solution that allowed its salespeople based in Canada and the United States The United States and Canada share a unique legal relationship. U.S. law looks northward with a mixture of optimism and cooperation, viewing Canada as an integral part of U.S. economic and environmental policy. , its traveling employees, and its MIS staff to access the network anytime, with reliability anywhere on both managed and unmanaged devices. Plus, the solution needed to address increased requests by suppliers and business partners for access to JRI's network. Compatibility and full support for the existing Citrix and lightweight directory access protocol-based directory were also important to the team. JRI's MIS team began reviewing SSL VPN technology as a potential solution to the problems. One of the senior technical analysts built a Linux-based SSL portal as a stop-gap measure, but this required a great deal of manual labor and many modifications, so the team decided to evaluate commercial appliance solutions. After considerable research, JRI chose the Aventail SSL VPN as the best solution for its needs. The Aventail appliance met all of JRI's compatibility issues. In addition, the product's policy-management model allows JRI to offer finely controlled access to each of the many diverse user groups requiring remote access to its network resources. Since uptime and reliability were critical requirements, JRI initiated its SSL VPN implementation with a pair of Aventail EX-1500 appliances with integrated load balancing The fine tuning of a computer system, network or disk subsystem in order to more evenly distribute the data and/or processing across available resources. For example, in clustering, load balancing might distribute the incoming transactions evenly to all servers, or it might redirect them and high availability Also called "RAS" (reliability, availability, serviceability) or "fault resilient," it refers to a multiprocessing system that can quickly recover from a failure. There may be a minute or two of downtime while one system switches over to another, but processing will continue. . As an additional benefit, this high-availability support dovetailed into the JRI disaster-recovery initiative by allowing critical information to be accessed easily in an emergency through the Aventail SSL VPN at a secondary data center. "If we had any sort of disaster, it would be a very simple process to point all users to the VPN portal and continue to work as usual, even if everyone was working from home or other remote locations," says Beaudry. The MIS team began pulling back the PPTP accounts and rolling out the security solution by pointing about 1,000 corporate users with computer IDs to the Aventail WorkPlace Web site portal. Any user with a corporate laptop, including the MIS staff, also received the Aventail Connect client, which provides a complete in-office experience from anywhere. Initially, JRI experienced some difficulty with Citrix integration, which required Aventail support technicians to develop a workaround (jargon, programming) workaround - A temporary kluge used to bypass, mask or otherwise avoid a bug or misfeature in some system. Customers often find themselves living with workarounds for long periods of time rather than getting a bug fix. . JRI was also unable to use multiple certificates to create unique URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. addresses for each WorkPlace portal site Noun 1. portal site - a site that the owner positions as an entrance to other sites on the internet; "a portal typically has search engines and free email and chat rooms etc. . Both of these issues have since been resolved in Aventail's latest ST2 SSL VPN platform release, which now includes enhanced Citrix support, as well as full support for multiple server-side certificates. JRI had the appliances up and running in one day, and the MIS team tested the solution that night from home. Once the solution was rolled out company-wide, support requests dropped immediately and productivity rose measurably. Remote access to e-mail is up sharply among general employees, and the MIS team can focus on other issues, without having to drag laptops everywhere they go. Instead, team members can start a Citrix session from any computer via the Aventail SSL VPN. The company is also saving time and money. For example, JRI can now add suppliers to the SSL VPN with no investment or manpower, compared to its previous client-based IPSec technology, which required the overhead expense of a computer system, setup, shipping and ongoing support for each external user group. With Aventail's clientless WorkPlace solution, authorized users authorized user Radiation physics A person who, having satisfied the applicable training and experience requirements, is granted authority to order radioactive material and accepts responsibility for its safe receipt, storage, use, transfer and disposal can instantly gain transparent access over the Web to key resources, including client/server applications and file shares, from anywhere, without taxing IT resources. JRI expects its SSL VPN utilization to grow sharply in the future, Beaudry says, both from employees and particularly from external users, and has recently added two Aventail EX-1600 appliances. In addition to suppliers, JRI plans to give customers and other third-party vendors access to key applications, such as e-mail, via the SSL VPN. The MIS team will be releasing new programs that will make all key applications accessible through the Web and the SSL VPN. Beaudry plans to take advantage of several of Aventail's latest features to enhance remote-access security. Since many of JRI's users use mobile devices from remote locations or on the road, one key feature JRI will deploy is device watermarking, which provides certificate-based identification of mobile devices. This will let JRI quickly and easily revoke access from any device if it is lost or stolen. JRI will also take advantage of Aventail's Connect Tunnel Service Edition for policy-driven application-to-application access, used for third-party (e.g., shipping partners) applications that need dedicated or scheduled connections to share data with JRI applications without human intervention. "In the past, I always worried about security holes, but now I know that all remote access is absolutely secure," says Beaudry. "Our SSL VPN is not only a critical part of our daily operations, but also a vital part of our business continuity initiative." For more information from Aventail: rsleads.com/701cn-254 |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion