Universidade Vila Velha (UVV), a private university in Brazil, wanted to make it easier for faculty and staff to connect remotely to its network, while continuing to improve security. UVV deployed DirectAccess in Windows Server® 2008 R2 and Windows® 7 to simplify remote connectivity. Users now save an hour a week because they no longer need a virtual private network connection. UVV has also eliminated support calls related to connectivity and improved the security of its remote computers.
Universidade Vila Velha, with 18,000 students, is the largest private university in the state of Esperito Santo, Brazil. Located in 14 buildings across four campuses in the coastal city of Vila Velha, it has 1,500 faculty and staff members and a well-developed technology infrastructure.
||Five percent of our support calls were related to problems connecting to our internal network. When we moved to DirectAccess in Windows Server 2008 R2 and Windows 7, those calls simply stopped.
Universidade Vila Velha
In the last four years, as the university’s IT environment came to incorporate a growing number of student and faculty computers, security became an increasing concern. To keep costs low, UVV wanted to maintain its administrative and academic networks on the same physical network. But many student computers were unsecured, and sensitive data—such as grades—needed to be restricted from student access.
To consolidate the networks into a single physical infrastructure and address security issues, UVV implemented server and domain isolation, a solution based on Internet Protocol security (IPsec) that segments the UVV environment into more secure and isolated logical networks based on policy.
“Our goal was to improve security with minimal budget and minimal downtime,” says Rodrigo Immaginario, IT Manager at Universidade Vila Velha. “We achieved that with server and domain isolation, but we wanted to keep improving.” So UVV, which was running the Windows Server® 2008 operating system, next implemented a public key infrastructure (PKI) solution and improved the security of the wireless network that it offers to students. UVV then implemented Network Access Protection (NAP), a feature of Windows Server 2008 that verifies whether a client computer meets system health requirements—such as having security updates and anti-malware definitions installed—before allowing access. “With NAP, we were confident that machines were healthy before they connected to our network,” Immaginario says.
However, network access could still be cumbersome. Because classrooms lack a connection to the internal network—and because employees sometimes work from home or other locations—faculty and staff often had to make a virtual private network (VPN) connection to the university network. Those connections were not always reliable: sometimes users found that the right ports were not available or settings had been changed, and they would call the IT department for help.
UVV wanted a solution that could ease access for users while continuing to improve the security of its network.
In August 2009, UVV learned about Windows Server 2008 R2, the latest version of the operating system. “The decision to purchase was easy because the software fell under our campus-wide agreement with Microsoft,” says Immaginario. “We quickly got our license and started converting our servers.” By October, 30 percent of the HP ProLiant DL380 G5 server computers were running Windows Server 2008 R2 Enterprise.
Immaginario was particularly intrigued by DirectAccess, a feature of Windows Server 2008 R2 and the Windows® 7 client operating system. DirectAccess simplifies remote access by connecting client computers to the network whenever they have Internet access. Users don’t need a VPN to connect.
DirectAcess automatically creates an IPsec-protected connection between the remote computer and the DirectAccess server via Internet Protocol version 6 (IPv6). “In my opinion, DirectAccess shows the power of IPv6,” Immaginario says. “We’re very excited to move more systems to IPv6 as soon as we can.”
In September, UVV started migrating faculty and administrative users, on IBM, Lenovo, and Sony Vaio computers, to Windows 7 (which was also covered in the university’s agreement with Microsoft). It conducted a DirectAccess pilot involving 10 computers. Then, during the last weekend in September, UVV converted all of its VPN users to DirectAccess. “We shut off our VPN solution on Saturday morning and had everyone on DirectAccess later the same day,” Immaginario says. By November, 400 of the 1,500 UVV personal computers were running Windows 7, with a plan to complete migration by July 2010.
Immaginario credits the university’s previous work on IPsec with making the deployment smooth. “We found DirectAccess easy to deploy because we already had server and domain isolation, which is also an IPsec solution,” he says.
Universidade Vila Velha is using DirectAccess in Windows Server 2008 R2 and Windows 7 to ease connections for users, reduce IT support calls, and increase the security of client computers.
- Easy user connections. As soon as a remote computer accesses the Internet, DirectAccess connects it to the network. “DirectAccess makes connecting to the network seamless for users,” says Immaginario. “They don’t need to do anything, or create anything—they just turn on the computer and enter their password.” As a result, faculty and staff members are more productive, saving about one hour a week because they no longer need to spend time struggling with VPN connections.
- Reduced support calls. By replacing its VPN with DirectAccess, UVV eliminated many of the requests for IT help. “Five percent of our support calls were related to problems connecting to our internal network,” Immaginario says, adding that IT staff previously spent two hours a week on those VPN-related calls. “When we moved to DirectAccess in Windows Server 2008 R2 and Windows 7, those calls simply stopped.”
- Improved security. With DirectAccess, UVV has enhanced the security of its client computers. “Now our IT department can access these remote computers whenever they’re connected to the Internet,” Immaginario says. With this connection, IT staff can implement security updates more easily and more frequently than in the past. “Windows Server 2008 R2 completes the final phase of our four-year security project, because with DirectAccess we can maintain all our configurations,” Immaginario says. “We can guarantee that these remote computers are protected the same way as computers that are physically connected to the network.”
Windows Server 2008 R2
Windows Server 2008 R2 is the latest version of the Windows Server operating system from Microsoft. With Windows Server 2008 R2, you can create solutions that are easier to plan, deploy, and manage than with previous versions of Windows Server. Building on the features, security, reliability, and performance provided by Windows Server 2008, Windows Server 2008 R2 extends connectivity and control to local and remote resources. This means that your organization can benefit from reduced costs and increased efficiencies gained through enhanced management and control over resources across the enterprise.
For more information, go to:
Built on the Windows Vista® foundation, Windows 7 will help make users productive anywhere, enhance security and control, and streamline PC management. The investments in Windows 7 are shaped by the evolving needs of end users and IT professionals in the enterprise. Users are becoming more computer-savvy and expect more from the technology they use at work. They expect to be able to work from home, from branch offices, and on the road with the same level of productivity. As user needs have changed, the demands on IT professionals have increased. Today, IT professionals must provide more capability and greater flexibility for users while continuing to minimize cost and security risks.
For more information, go to:
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published October 2009