|
|||||||||||||
|
|||||||||||||
 |
Secure by Deployment |
|
Kent County Council |
|
Robust and Reliable |
|
Strong Security |
|
Great Service and Value for Money |
|
A Final Word |
Secure by Deployment
Kent County Council (KCC) wished to offer three hundred of its staff more opportunity to work remotely and from home but realised the use of Personal Computers presented a potential security and a liability problem where access to confidential and sensitive council information was involved.
"We were keen to find a method for staff to use home PCs to access line of business applications at the office", says IT Resourcing & Standards Manager, Peter Bole, "But we were also concerned about cost, confidentiality and maintaining the integrity of KCC data. This is why we chose a design solution from Insite, who advised us that a combined thin client and virtual private network (VPN) solution would give us what we needed ".
Cost was one of Kent's principal drivers and Peter Bole comments, "When we originally announced the project and published its design and implementation parameters, most companies came back to us with a combined Citrix and Windows Terminal Services solution. Insite was attractive because they argued that our requirements could be solved with Windows Terminal Services alone, which had an impact on cost".
Kent County Council
Kent is the largest Shire County in England with a population of 1.3m.The electronic enablement of services will play a major part in the Council's longer term vision for the County and it is investing heavily in technology. The ICT function is responsible for delivering ICT services to 12,000 staff across 360 locations. The recent CPA assessment classified Kent County Council as an 'excellent' authority.
Robust and Reliable
Insite's tasks involved a number of project deliverables. These included building a Windows 2000™ Terminal Server that was robust and reliable enough to deploy Kent's different applications to remote users, adapt the existing Windows NT™ policies and profiles to be compatible with Windows 2000, build a Windows 2000 print and licensing server and build and test the validation facilities for the security process. "When Kent asked for a cost-effective solution that would combine strong security and fast remote networking we recommended a Windows Terminal Services solution in combination with a Symantec Secure Enterprise Firewall™, a Symantec VPN client and a 'PassGo' token-based authentication solution", says James Barden, the Managing Director of Insite Europe. In December of 2001, Insite demonstrated the proof of concept was suitable for the delivery of business applications to remote users with a high level of success and it was agreed that the full implementation would take place in June 2002.
KCC possess an integrated environment with and use Microsoft Office™ for the line of business applications and a mix of other products, which include Oracle™ HR & Financials. The council's remote workers would require access to at least eighteen different applications via a Windows 2000 Terminal Server. It was essential that the thin client environment could be accessed using Internet Explorer™ to ensure that no client software needed to be installed or maintained on existing laptops.
The KCC terminal server build presented a significant challenge due to the diverse range of applications required. Our strong experience with Microsoft Terminal Services allows us to tailor the operating system to provide the optimum support for any given set of applications. This in turn provides the highest possible levels of reliability & performance in the production environment. - James Barden
Access to the office-based applications environment would be over dial up or broadband connection, routed through a local Internet Service Provider as a token-based encrypted session on the home PC authenticating itself to the KCC Terminal Server in Maidstone. "In effect", says Peter Bole, "All and any information processing takes place back at the office, Outlook email being a good example. The user, having started a dialogue with the authentication server, is working remotely through a secure Terminal Server window and all he or she receives are screen images in response to keystrokes. At no time, can any KCC data be captured to the remote PC.
One further unexpected advantage from the project was speed. With no data actually passing back and forth, just screens and keystrokes, Bole remarks, "Our thin-client solution is quick, and we find most sessions show a significant improvement in speed compared to more traditional dial-up connection to our network".
Strong Security
Barden views security and cost as the two most tangible benefits delivered by Windows Terminal Services and thin-client technology and "Security", says Peter Bole, "Is something that needs to be examined as a whole. We are happy with the security of our Windows environment but we regularly look at solutions that satisfy policy and physical security on top of this".
To guarantee the best possible security solution for the environment, Insite recommend a Symantec's Secure Enterprise Firewall™ (SEF) and Defender Strong Authentication Serve for the VPN solution. The Symantec SEF has recently been accredited by the Communications & Electronic Security Group (CSG), the information security arm of GCHQ, as EAL-4 compliant and is suitable for connection to NHS Connect and other central government extranets. Our knowledge of the native functionality provided by Microsoft Terminal Services also allows us to take a highly consultative approach with each project, saving customers money as third party products are often not required. However, as Kent County Council were already users of Firewall-1 the existing Firewall was upgraded to support VPN functionality in the interests of cost.
"We are keen to achieve certification to connect to NHS Net", say Peter Bole, "And with natural concerns over data security and confidentiality, we are hoping that this approach to remote access will support our application for NHS Net access".
Great Service and Value for Money
By choosing an Insite thin-client computing solution, Kent County Council now have a secure remote access capability available for home workers which can be expanded-upon to suit the councils needs. "Our staff," says Peter Boles, "Are no longer frustrated by WAN / Dial-up connections to the office on 'personally-owned' equipment and KCC doesn't have to worry about the potential for loss of confidential data.
"We've added value to our organisation through remote access and more flexible working says Bole, something we couldn't afford to do with laptops and personal computers with the support and security issues that accompany them". We appreciate that every organisation wants to see tangible benefits and cost savings from their investment in technology. We believe that Microsoft Terminal Services has always provided that and now with the advent of Microsoft Server 2003 the case for thin client has become substantially stronger. - James Barden.
As a company, Insite prides itself on delivering the very best cost of ownership solutions to their clients and Peter Bole comments: "We were keen to ensure value for money and Insite went out of their way to find the best balance between cost and functionality. They opened our eyes to the potential benefits and maturity of thin client deployment, which we will continue to investigate.
A Final Word
"Kent County Council, are using Windows Terminal Services to support access from remote workers using 'personally-owned' equipment. Great idea I thought, no loss of functionality and lots of strong firewall and token-based security with no potential for sensitive information leakage to personal hard drives that might one-day turn-up at a boot sale" - Computer Weekly.Com -August 2003 "Everything", says Bole, "Was delivered on time and the only problems we had were technical issues with the configurations adopted by two ISPs. We found Insite very responsive in terms of speed and response. We solved our security problem in a cost-effective way, we've added value to the organisation and I would recommend what we have done to other organisations".
 |
close |