4-page Case Study - Posted 10/1/2007
Views: 260
Rate This Evidence:
State-Owned Company Improves Data Security, Eases Administration
The State Palaces, Castles, and Gardens of the Free State of Saxony, a state-owned company in Germany, wanted better protection for electronic data sent over a public network. Critical information was transmitted between the palaces and a central IT center through a client-side virtual private network (VPN) over Integrated Services Digital Network lines. To improve security, the company implemented a solution based on Microsoft® Internet Security and Acceleration (ISA) Server 2006, part of the Microsoft Forefront™ line of business security products. Now, the palaces can use a VPN to transmit data more securely. Remote management tools also make administration easier, and automated deployment helps the company reduce costs. Moreover, because the flexible solution is independent from bandwidth technology, the company can easily adapt to data service connection changes.
Situation
 |
We really needed secure data transfer and better protection of our IT systems from external threats. We can’t imagine anything better than the ISA Server 2006 solution.  |
|
|
Uwe Krowas
IT Assistant
State Palaces, Castles, and Gardens of Saxony |
|
|
The State Palaces, Castles, and Gardens of the Free State of Saxony is a state-owned company in Germany that manages palaces and castles throughout the Free State of Saxony. The company is affiliated with the Saxon State Ministry of Finance and has been responsible for managing the historic sites since 2003. In addition, the company administers an IT center in Dresden that serves 16 palace locations. Like most enterprises, the association of castles and palaces depends heavily on IT resources and electronic communication to manage its business operations. Not surprisingly, the state-owned management company shares private-sector concerns with cutting costs and tightening data security.
Many of the palaces’ business functions are performed remotely through a Web-based connection managed by the Dresden IT center. The palaces connect to the center’s Citrix terminal server farm to manage their finances. The center is also an Internet service provider for the palaces, with the Microsoft® Internet Explorer® Internet browser launched from a central node. The node is part of a state-owned network that connects all government agencies in Saxony.
The IT infrastructure connecting the palaces to the state network was not keeping up with increased business demands. Remote palace employees were connected to the Dresden IT center through an Integrated Services Digital Network (ISDN) line and a Cisco ISDN router. Connection speed was slow and hampered critical business functions. “Palace accountants could connect at 64 kilobits per second at the most,” says Uwe Krowas, IT Assistant, the State Palaces, Castles, and Gardens of the Free State of Saxony. “It was really no way for the employees to work.”
The palaces were also setting up their own LANs and needed a faster connection.
Data security was also an important concern. “We have a very high security standard because we use the State Finance Office’s network, which among other things calculates all payments for the Free State,” Krowas says.
Data between the Dresden IT center and the palaces passes through a public network, making unencrypted data vulnerable to interception. Hackers could potentially intercept authentication data and gain access to the entire state financial network.
The palace management company needed a faster connection to its IT center and better data protection. The company looked for a security solution that could accommodate faster data connection services.
Solution
Finding a security solution wasn’t easy. The management company was unable to find a product that could accommodate the state-managed ISDN service. However, the company was already using Microsoft® Internet Security and Acceleration (ISA) Server 2004 at the Dresden IT center, and was testing Internet Security and Acceleration Server 2006, part of the Microsoft Forefront™ line of business security products. The company was interested in using ISA Server 2006 for encrypting data traffic, but did not know how it would handle the ISDN connections. The IT center was also planning to bundle ISDN channels to increase speed, and the company was concerned that this could make implementing ISA Server 2006 even more difficult.
The company contacted a Microsoft Certified Partner, Otto Security and Software Technologie (OSST) for help. Based in Linz, Germany, Otto Security & Software Technology GmbH (OSST) is one of the leading Austrian manufacturers of high-quality integrated security solutions. As a Microsoft Certified Partier, OSST is making a significant contribution to the development of Microsoft Internet & Acceleration Server (ISA Server) and Intelligent Application Gateway (IAG) 2007.
The IT services provider specializes in customized solutions. “We are extremely flexible with new projects,” says Helmut Otto, Managing Director, OSST. “We can design solutions with specialized hardware, even for small deployments. Customers do not have to forego either support or quality.”
The IT services company installed ISA Server 2006 on a Fujitsu Siemens server computer running the Windows Server® 2003 operating system, and configured the new installation with an existing Cisco ISDN router to terminate the ISDN connections at the headquarters. An integrated ISDN adapter that could transfer data using the maximum eight possible channels runs in every branch location connected to the ISA Server. Herr Otto takes pride in the fact that deploying ISA Server 2006 with ISDN technology was unprecedented. “Something like this hadn’t existed before,” he says.
Four of the new server computers with ISA Server 2006 were installed at Rammenau Castle, Nossen Castle, Moritzburg Castle, and Dresden. A fifth server computer was installed as failover backup. The company also plans to implement ISA Server 2006 at the other 12 palaces.
The four servers connect the palaces using a Cisco dial-up router installed at the Dresden IT center. The company uses an Internet Protocol security (IPsec) tunnel-mode VPN connection for better data protection. IPsec, which is an integrated part of the Windows Server 2003 security framework, is a collection of standards designed to encrypt and protect data transferred over public networks. The company also uses ISA Server 2006 with the Active Directory® service to authenticate users before they connect to the internal network.
Firewall settings and other security configurations are remotely managed from the IT center with the Branch Office VPN Connectivity Wizard in ISA Server 2006. The IT center designs a VPN configuration with the wizard and then automatically distributes it to the remote ISA Server installations.
Benefits
By implementing Forefront network edge protection, the State Palaces, Castles, and Gardens of the Free State of Saxony has strengthened security while centralizing IT management. The company reduced travel and labor costs through automated network configuration and software deployment. In addition, with the ability to easily adapt to changes in Internet access technology, the state-owned company can maintain a stable, scalable IT environment.
|
It is a major advantage for us to be able to define a setting once and then deploy it to all the machines. |
|
|
Uwe Krowas
IT Assistant
State Palaces, Castles, and Gardens of Saxony |
|
|
Strengthened Security
With ISA Server 2006, the management company can transfer data more securely across a public network. Before, the company was unable to find a security solution that could accommodate the state-managed ISDN service. Now, however, by implementing ISA Server 2006 firewall protection with IPsec encryption techniques, the company has made critical financial data and other information more secure. “We really needed secure data transfer and better protection of our IT systems from external threats,” says Krowas. “We can’t imagine anything better than the ISA Server 2006 solution.”
Centralized Administration
The enterprise takes advantage of centralized management and remote deployment tools to easily configure VPN and firewall settings. “It is a major advantage for us to be able to define a setting once and then deploy it to all the machines,” says Krowas.
The company also remotely manages updates for the Windows® XP operating system and antivirus software. The software updates are deployed to each ISA Server 2006 installation, which in turn forwards the files to the client devices over the palaces’ LANs.
Reduced Costs
Remote management and automated deployment reduce travel time and expense, and ease the burden on local palace IT staff. “Since we have a limited head count, central administration is an important point for us,” says Krowas.
Centralized administration and automated management tools support a more affordable and scalable IT environment. For example, the management company can now deploy ISA Server 2006 to the 12 remaining locations at minimal additional cost.
Prepared for the Future
Because ISA Server 2006 can connect to external networks through a variety of technologies, including network adapters, modems, and ISDN adapters, the management company can quickly adapt to changes in the state-managed data service connections. “By using this integrated edge security gateway, we are equipped for the future,” says Krowas. For example, if the Free State of Saxony converts from ISDN to digital subscriber line (DSL) technology, the company can adapt with little additional effort or cost. “We would only need to remove the ISDN adapter and reconnect to the external network,” Krowas explains.
Microsoft Forefront flexibility helps the company maintain a more stable, easily managed IT environment. “Regardless of the data transmission medium existing between individual locations, we will always have central administration and automated software distribution to client devices,” says Krowas.
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com
For more information about OSST GmbH products and services, visit the Web site at:
www.secureguard.at
For more information about the State Palaces, Castles, and Gardens of Saxony, visit the Web site at:
www.schloesserland-sachsen.de
Microsoft Forefront Product Portfolio
The Microsoft® Forefront™ comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.
For more information about the Forefront product portfolio, go to:
www.microsoft.com/forefront
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published August 2007
