4-page Case Study - Posted 8/8/2007

Views: 958

Rate This Evidence:

Warwickshire County Council

County Council Improves Internet Security with Integrated, Easy-to-Manage Solution

Warwickshire County Council provides a range of services for the citizens of Warwickshire, a county in central England. The ICT Development Service of the Warwickshire Local Authority provides IT solutions to the 250 schools in the county. In 2006, the national government asked all local authorities to improve Internet monitoring and filtering to help protect networks from security threats and school children from online predators. In early 2007, the ICT Development Service decided to deploy a solution based on the Microsoft® Internet Security and Acceleration Server 2006. As a result, the Local Authority has simplified IT deployment and centralized IT security management. Additionally, the Local Authority now has a solution that offers advanced protection from Internet security threats and integration with its IT infrastructure. 

Situation

Computer users in the schools can get access to the educational software they need from within the safe environment created with ISA Server 2006.  Chris Page Technical Development Manager Warwickshire Local Authority

Specific to education, the ICT Development Service (ICTDS) of the Warwickshire Local Authority manages operations for more than 250 primary and secondary schools located throughout the county. As part of that responsibility, ICTDS delivers and manages information and communications technology (ICT) services for these schools, which includes 80,000 computer users. “We provide strategic support and advice, ICT professional development, and technical support for the teachers and students throughout the county,” says Chris Page, Technical Development Manager, ICT Development Service (ICTDS), Warwickshire Local Authority.

ICTDS, which has more than 70 employees, provides services through an infrastructure based on the Windows Server® 2003 operating system. The Warwickshire e-learning community project has been using Microsoft® Office SharePoint® Portal Server 2003 to raise educational standards through the innovative application of ICT since 2004. Through a national project known as We-Learn.com, ICTDS provides services to 175 Warwickshire schools, including 139 primary and 36 secondary schools, with a total of 1,800 teachers and 40,500 pupils in 1,490 classrooms.

The ICTDS team deploys computers and mobile devices in the schools with Microsoft Systems Management Server 2003 and SoftGrid Application Virtualization. The team also uses the Active Directory® service in Windows Server 2003 to provide authentication and authorization for all school computers.

Internet security management has long been a challenge for the County. More recently, students have been using the Internet to access social Web sites such as MySpace.com, in addition to other sites prohibited by teachers and school administrators. Even though the Local Authority has used software to block access to such sites, some students have discovered Web sites that allow them to perform “proxy avoidance” through special technology that helps them gain access to blocked sites.

At the same time, Internet security has become a focus for the Local Authority, because in 2006 the national government launched a major e-safety initiative designed to protect children online. As part of that initiative, the Local Authority was required to meet new accreditation standards for Internet filtering and monitoring. “We needed a technology solution that would help us implement an effective Internet child-safety system in the schools,” says Page. “For example, if a child was in an online chat room and was being targeted by a child predator, an Internet filter would not stop that. We needed an easy-to-monitor system to work alongside filtering to detect and report these types of events. We didn’t have anything in place to do that.”

Solution

In April 2006, ICTDS began searching for a new Internet filtering and monitoring system. After extensive research, ICTDS concluded that building an effective solution would require three components: Active Directory Authentication to enable logging; category-based URL filtering to block inappropriate and unknown sites; and client-based monitoring to capture the creation and display of inappropriate content in any application.

Figure 1: The Warwickshire e-Safety Solution

ISA Server 2006 uses a combined proxy and firewall architecture that gives administrators comprehensive alerting and monitoring capabilities to help manage and protect their network.

Additionally, ICTDS implemented a Web URL filtering software solution from Websense, which helps administrators block access to Web sites based on categories. Websense is a Microsoft Gold Certified Partner based in San Diego, California.

Another part of the solution is Policy Central Enterprise from Forensic Software, which monitors input and output at the computer-user level and collects screen captures as evidence of inappropriate behavior.

The implementation team developed a virtualized solution rather than follow the traditional route of deploying three servers at each of the sites. The Warwick data center virtualizes three servers for the smaller primary schools:

• ISA Server 2006 Enterprise Edition with Websense policy and filtering
• Websense logging and reporting
• Policy Central Enterprise.

For the 36 larger secondary schools, a virtual server was deployed at each site to take advantage of the caching functionality provided by ISA Server 2006. The schools’ Virtual Environment, or SVEN server, was built using two quad-core processors with 8 Gb of memory and is based on Microsoft Windows Server 2003 R2 Enterprise x64 Edition and Microsoft Virtual Server 2005 R2 Enterprise x64 Edition.

The SVEN server hosts three virtual servers, which provide the same filtering, logging, and monitoring functions as the data center system. The above servers use the same software as the central systems, with ISA Server 2006 Standard Edition used in place of ISA Server 2006 Enterprise Edition.

The solution serves more than 11,000 computers, which students and teachers use to access the Internet.

Benefits

With a new security solution based on ISA Server 2006, the Warwickshire Local Authority now has simplified deployment and centralized IT security management capabilities. The solution also reduces costs for the Local Authority and provides virtual private networking capabilities, as well as solid integration with its existing IT infrastructure. 

We can now take information from the existing user database stored in our Active Directory to authenticate inbound and outbound access through the firewall.... As a result, we can manage security more effectively.  Chris Page Technical Development Manager Warwickshire Local Authority

Simplified Deployment

ISA Server 2006 provides technology that simplifies IT deployment. The application gives IT administrators the ability to copy their entire firewall configuration to an XML file, for instance. That copy can then be sent to additional administrators at other sites through a secure e-mail message. “This feature really simplified deployment,” says Page. “Once we’ve configured the firewall for one school, we can be absolutely sure that same configuration is used in other school deployments. It saves us a lot of time and effort.” These XML export capabilities also make it possible for administrators to compare current configurations to those originally deployed at their sites. “With that feature, we can easily see what has been changed, which helps us identify any configuration issues,” adds Page.

Reduced Costs

Server virtualization gave the Local Authority the ability to lower the cost of deploying and maintaining 72 servers. Virtualization also helped significantly reduce the costs associated with operating electricity and air conditioning at the remote sites. “Windows virtualization brings savings all around,” remarks Page. “Implementing Microsoft Windows Server 2003 R2 Enterprise x64 means that we can run up to four virtual server computers on one physical server computer, at no additional cost.”

Easy IT Administration

Warwickshire Local Authority IT administrators can also take advantage of centralized IT management features built into ISA Server 2006. The solution offers centralized logging and reporting, for example, which eliminates the need to collect file data from each firewall. “That will be a very powerful feature for us,” says Page. “It basically streamlines the entire reporting process.”

Another feature that helps ease IT administration is the solution’s advanced Web-caching capabilities, which give administrators the ability to store information that had previously been requested by other users. When new users request that information, ISA Server 2006 returns the information from its cache, which helps reduce network traffic loads. “The caching capabilities are very useful,” Page says. “We can preload the cache with entire Web sites, on a defined schedule. These scheduled downloads ensure that cache content is always up to date for each user.”

Virtual Private Networking Security

The ISA Server 2006 solution gives the Warwickshire Local Authority something else it did not have previously: virtual private networking (VPN) security management capabilities. The solution performs filtering and inspection of all communications that move through a VPN connection. Using this capability, Local Authority administrators can more easily monitor and manage the resources that specific hosts can access on the other side of a link. “Again, it’s another level of protection that we lacked,” says Page. “Computer users in the schools can still access the educational software they need, but that access is much more secure with ISA Server 2006.”

The Local Authority also used Websense Web security software as part of the new solution, to capture and manage the massive database of blocked or blacklisted Web sites. “This has given us a whole new level of protection,” says Page.

Integration with Existing Infrastructure

ISA Server 2006 is also designed to mesh seamlessly with existing Windows®-based IT infrastructures, such as the one used by the Local Authority. “We can now take information from the existing user database stored in our Active Directory to authenticate inbound and outbound access through the firewall,” says Page. “This lets us link to all the directories in all the schools we manage, so we can more easily monitor and block Web-site access according to the user names and groupings that the schools themselves have set up. As a result, we can manage security more effectively.”

For More Information

For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com

For more information about Warwickshire County Council products and services, call 0845 090 7000 or visit the Web site at:
www.warwickshire.gov.uk

Microsoft Forefront Product Portfolio

The Microsoft® Forefront™ comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.

For more information about the Forefront product portfolio, go to:
www.microsoft.com/forefront  

This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. 

Document published August 2007