Türk Telekom provides telecommunication services to residential and commercial customers throughout Turkey, and has a mobile workforce of 5,000 employees. The remote workers found the company’s virtual private network solutions (VPNs) difficult
to use, and IT staff couldn’t update or monitor computers that were outside the corporate network. Türk Telekom wanted a simple and secure remote access solution so it could accommodate employees who wanted to work from home. It deployed the Windows Server
2012 operating system and used the DirectAccess feature to provide more opportunities for its workforce to work remotely while saving US$864,000 in VPN licensing costs. IT staff can better manage remote computers, boosting network security and employee productivity.
Support calls are expected to decline by almost 15 percent, which frees time for support staff to work on more strategic projects.
Situation
Türk Telekom Group is a full-service communications and convergence technologies provider in Turkey, serving millions of customers in the fixed line and mobile markets. Its fixed broadband network covers 1.26 million homes. With its Internet provider
subsidiary, TTNET, Türk Telekom offers a bundled TV, Internet, and telephone package. For corporate customers, Türk Telekom introduced the “BIZ” concept as a joint offering by Türk Telekom, TTNET, and Avea, the company’s mobile services provider, which serves
more than 13 million subscribers. As of June 2012, Türk Telekom has 14.7 million fixed access lines and 7 million ADSL connections. Türk Telekom aims to become the preferred telecommunications provider in Turkey.
 |
Windows Server 2012 and DirectAccess is the best way to enable more mobility in the workforce. We believe that it will have a positive impact on customer service and that’s good for business. |
 |
|
Asil Dedeoğlu
Team Leader, Infrastructure Systems Management Department,
Türk Telekom |
|
|
It is up to the 650-person IT department to deliver the IT services and infrastructure to help the company achieve its vision. This includes providing employees with the tools and services that they need to work productively anywhere. Of the company’s more
than 25,000 employees, approximately 5,000 people are mobile—some work in the field, servicing the telecommunications infrastructure, while others work at customer sites or on the road, selling products and services. The remainder work onsite at any of the
120 Türk Telekom branch offices around the country.
“All our mobile employees use corporate resources: field workers need to reach technical support staff and access telecommunications systems; sales staff need to access our customer relationship management solution, and everyone needs reliable access to
file shares, email services, and collaboration and departmental sites,” says Asil Dedeoğlu, Team Leader, Infrastructure Systems Management Department at Türk Telekom.
Remote employees used either a Cisco virtual private network (VPN) solution, which required an executable piece of software on the client computer, or a Juniper clientless VPN solution, but the company had issues with both options. The two solutions incurred
high management overhead. Neither VPN was integrated into the company’s Active Directory Domain Services, the directory service that is an integral feature of the Windows Server operating system. IT staff had to create an extra set of credentials for remote
workers. And both solutions were expensive, costing approximately US$1 million annually in licenses.
It was also difficult for IT staff to handle password resets for remote workers. If a field worker forgot his or her password, that employee had to return to the office in order for help-desk staff to reset the password in Active Directory. This cost the
company in lost productivity for the field worker and extra work for support staff.
“Security was also a major issue for us,” says Dedeoğlu. “If an employee left the company and we retired his or her Active Directory credentials but forgot about the VPN account, we would open a potential security breach. And we couldn’t deploy Microsoft
updates or malicious software definitions to computers outside the network. Ensuring everyone had current security updates and virus signatures was beyond our control, unless employees brought their computers into an office.”
Employees need well-managed, up-to-date computers to work productively. Approximately 15 percent of all support tickets received at the help desk were from remote workers with connectivity issues. “Not only were our mobile workers hampered by issues on their
unmanaged PCs, but we had three, full-time support staffers solving their problems,” says Dedeoğlu. “We looked at several third-party, remote PC management tools, but none met our expectations and they were expensive, up to $1 million for 1,000 computers.”
Türk Telekom expected an increase in demand for remote access from all types of employees. More and more employees are asking for increased mobility to achieve a better balance between work and home life. “People want to work at home because they often can’t
get everything done at the office,” says Dedeoğlu. “At the moment, if they work from home, it’s not very convenient because they can’t access their files, and we can’t be sure what they are running on their home computers, which is a security concern. We wanted
to enable a flexible work environment to promote a modern work style and boost productivity.”
Solution
Türk Telekom decided to join the Rapid Deployment Program (RDP) for the Windows Server 2012 operating system and take advantage of its DirectAccess feature. “We had several long-standing issues with providing services to our mobile employees and managing
their computers. Windows Server 2012 had a promising remote access solution,” says Dedeoğlu. Türk Telekom entered the RDP program with the goal of improving mobile employees’ access to corporate resources, boosting data security, simplifying management of
remote computers, and reducing costs.
|
Not only were our mobile workers hampered by issues on their unmanaged PCs, but we had three, full-time support staffers solving their problems. |
|
|
Asil Dedeoğlu
Team Leader, Infrastructure Systems Management Department,
Türk Telekom |
|
|
The company collaborated with a Microsoft Services consultant who helped it set up proof-of-concept and production environments. “The Microsoft Services consultant was extremely knowledgeable,” says Dedeoğlu. “It was great to learn from someone with first-hand
experience using the solution.”
With the Windows Server 2012 DirectAccess feature, Türk Telekom can provide a solution for remote employees to connect directly to the corporate network resources without establishing a VPN connection. And because DirectAccess transparently connects remote
employees’ computers to the Internet even before they log on, IT staff can remotely manage the computers to ensure that they are compliant with corporate security policies. “We get full control over the remote computers so we can enforce corporate policies
and updates on a computer even if it’s not connected to the corporate network,” says Dedeoğlu.
Also, with Windows Server 2012, IT staffers can more easily provision computers outside of the corporate network. Windows Server 2012 supports Offline Domain Join so Türk Telekom administrators can join computers to the domain without having corporate network
connectivity. This expedites the remote deployment of new computers into the network.
The Telekom IT team configured a single IBM BladeCenter HS21 XM (Type 7995) server running the Windows Server 2012 DirectAccess feature and deployed 138 HP EliteBook 8460p portable computers running the Windows 8 operating system. They configured the server
with two Network Interface Cards (NICs); one facing the Internet and one facing the intranet. Next, they configured the external firewall between the Internet-facing NIC and the Internet to allow incoming IP-HTTPS and Kerberos Proxy traffic to the server running
DirectAccess.
“We used the deployment wizard to quickly configure the server and deploy DirectAccess,” says Dedeoğlu. “It was extremely simple. We didn’t have to make any changes to our internal networking infrastructure. It took 15 minutes to configure the IBM BladeCenter
HS21 XM (Type 7995) server and another 15 minutes to ensure the client computers were enabled for DirectAccess. We could immediately see the server and remote computers’ status through the remote access management console.”
Because Türk Telekom has a large and complex network that incorporates 120 branch offices, the IT team is deploying 14 IBM BladeCenter HS21 XM (Type 7995) servers running Windows Server 2012 and DirectAccess in a multisite deployment scenario. That way,
employees in different geographical areas can connect to the closest server running DirectAccess. Also, IT staff can distribute and balance network traffic according to demand by using an external global load balancer. “We plan on taking advantage of one-time
password authentication with our remote access solution,” says Dedeoğlu. “This means we don’t have to deploy smart cards.”
Türk Telekom plans to deploy Windows 8 and enable DirectAccess for all employees by the end of 2012. Then the company will be evaluating the File and Storage Services server role in Windows Server 2012 as well as the operating system’s IP Address Management
(IPAM) feature and Hyper-V virtualization technology.
Benefits
Türk Telekom is using Windows Server 2012 DirectAccess to enable a modern work style for employees who want more flexibility in balancing their work and home lives. With its new remote access solution, IT staff can provide mobile employees with easy
access to corporate resources and better manage their computers. “We’re using DirectAccess in Windows Server 2012 to help our employees stay productive and to enforce corporate security policies and updates on the computers that they use on the road or at
home,” says Dedeoğlu. “We solved all our remote access issues with this one feature, and we didn’t have to pay extra for it.”
Reduced IT Costs
Türk Telekom will retire both VPN solutions and expects to save $864,000 in annual licensing costs. Because employees have instant access to the corporate network as soon as they go online, it’s much easier for them to access their corporate email, shared
folders, and internal web sites. Türk Telekom expects that the ease of use of the DirectAccess feature will reduce calls to the help desk by almost 15 percent, freeing up the full-time labor of three IT staffers who previously worked on remote support issues.
|
We get full control over the remote computers so we can enforce corporate policies and updates on a computer even if it’s not connected to the corporate network. |
|
|
Asil Dedeoğlu
Team Leader, Infrastructure Systems Management Department,
Türk Telekom |
|
|
“By using DirectAccess, we can redirect the equivalent of $46,500 in IT salaries from support to more strategic IT projects that deliver business value,” says Dedeoğlu. “Instead of administering two VPN solutions, we now only have one remote access solution.
And we are no longer managing double sets of credentials for employees because DirectAccess is integrated with Active Directory. Overall, we are saving approximately 240 hours a month in remote access administration, which equates to an extra $90,000 in labor
costs—funds that we can devote to more useful projects.”
Improved Management of Remote PCs
IT staff are happy with the visibility and control that they gain over the company’s remote computers by using DirectAccess. They are taking advantage of the built-in management console to monitor both the servers running DirectAccess and the managed
computers. And the solution saves time for support staff, because it simplifies password resets. With DirectAccess, field workers can reset their own passwords without leaving the field.
“The reporting function was excellent from the first day,” says Dedeoğlu. “We get information on all connected employees’ computers and the resources that they are accessing. Now we can see right away if a remote computer requires security updates and remedy
the situation. And if an employee leaves the company, all we have to do is close his or her Active Directory account and we know there is no chance of that person getting into our corporate network. DirectAccess boosts the security of our network and gives
us peace of mind.”
Supported Modern, Mobile Work Style
Because DirectAccess is a feature of Windows Server 2012, Türk Telekom can provide remote access to the growing number of employees asking for a more balanced work style, without paying for an extra solution. Over the next few years, the company expects
that thousands more employees will start working from home.
“People want to continue their work after office hours, and we are getting requests every day to work from home,” says Dedeoğlu. “Windows Server 2012 and DirectAccess is the best way to enable more mobility in the workforce. We believe that it will have
a positive impact on customer service and that’s good for business.”
Windows Server 2012
Windows Server drives many of the world’s largest data centers, empowers small businesses around the world, and delivers value to organizations of all sizes in between. Building on this legacy, Windows Server 2012 redefines the category, delivering hundreds
of new features and enhancements that span virtualization, networking, storage, user experience, cloud computing, automation, and more. Simply put, Windows Server 2012 helps you transform your IT operations to reduce costs and deliver a whole new level of
business value.
For more information, visit
www.microsoft.com/en-us/server-cloud/windows-server/2012-default.aspx
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing
can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to
www.microsoft.com
For more information about Türk Telekom products and services, call (90) 444 1-444 or visit the website at:
www.turktelekom.com.tr
