Gateway gives access to college resources

"I know that I am exposing part of my network, but I'm doing it in a safe and controlled fashion. It's about risk versus expenditure. With IAG the sums add up."
Michael Kane, Information Systems Manager, EAIFHE

Summary

East Antrim Institute of Further & Higher Education (EAIFHE) is located at three major campuses in Northern Ireland. The College's IT department has the job of serving 300 staff and 10,000 students, meeting the administrative needs of the organisation as well as the academic requirement.
The Institute needed a ways of providing remote access to internal resources, easily and without compromising security.

Situation

The Institute was exploring ways of providing remote access to internal resources, easily and without compromising security. With the existing infrastructure, staff and students were only able to access a limited number of college web sites remotely, from unprotected machines.

There was provision for accessing email and some college information but no access to personal files and folders. There was a real drive from both staff and students to improve the remote working capabilities.

An open source solution was tried and tested, but ultimately rejected. "The interface was clunky, and at the back of your mind you were always wondering how secure it was," said Michael Kane, Information Systems Manager at the Institute.

The experience confirmed Kane's instincts. "We wanted a nice and easy to use solution, a big-buttoned application. There are a lot of big and powerful products about but they tend to be too complicated."

Around this time, 4sol, a Microsoft Gold Partner that had been working with the Institute, was made aware of its ambitions to develop more secure remote access. The timely launch of a new Microsoft solution looked like it could fit the bill.

The simplicity and user-friendliness of Microsoft's Intelligent Application Gateway (IAG) struck a chord, especially for an IT environment that was already running multiple Microsoft products such as Windows Server 2003, Exchange Server 2003 and a SQL Server cluster at the backend.

The big benefit was tight integration with Microsoft's Active Directory, a directory service which manages the different identities and relationships that make up a networked environment.

Solution

IAG consolidates key tools for remote access into a single appliance. Sitting on the edge of an organisation's network perimeter, it combines virtual networking with secure sockets layer protocol (SSL VPN) as an out-of-the box solution. It comes with pre-installed endpoint security management IAG allows remote users to access internal resources through a simple web-browser, but all communications are kept encrypted, and authenticity of users is checked via multiple systems. Prior to any access being granted, the end-point machine is scanned for viruses and malicious software, ensuring that all connections are kept safe.

The components can be tailored to the customer's specific needs. "The implementation strategy is to put in a vanilla product," explained Simon Hamilton of 4sol, "publish a few applications through it and then let the customer test it out and work away."

Installation can take as little as two days, depending on how the customer defines access policies. Because different users have very different needs, remote access policies are established with the gateway, defined by profiling users and determining what applications are available to them.

"Effectively, IAG manages machines and lets the organisation define policies on a per application basis. They have to ask themselves questions. What access do you want to allow? Can certain users upload attachments on to their PC from Outlook, for example?" explained Hamilton.

For the Institute, Kane set up IAG for three types of users: staff, students and the IT department. For the academic staff, access was opened up to a range of applications that can be used after hours, increasing productivity.

Students were given access to personal files and folders, fostering a better learning environment by empowering them to work when they want, from where they want. IT staff were now able to securely administer systems after hours and off-site, improving the performance of the IT environment.

Benefits

Simple to deploy and effective to use, IAG has blurred the boundaries of the Institute's network, liberating both staff and students from the geographical confines of a campus. It has enabled them to access key applications remotely, helping create a more flexible learning environment and increase administration efficiency. The IT department has also been able to deliver a better service.

With remote accesses to web-based document management applications like SharePoint, communication tools like Outlook, as well as more administrative processes like student enrolment, the Institute has seen across- the-board benefits.

"It's about peace of mind," said Kane. "I know that I am exposing part of my network, but I'm doing it in a safe and controlled fashion. It's about risk versus expenditure. With IAG the sums add up."

IAG publishes web applications but hides information about the host server, obfuscating the urls and reducing the risk of intrusion and attack. "You don't see a folder structure of files as you're browsing on the web," says Hamilton. "IAG is much more discrete. It rewrites the content in HTML for presenting it to the remote users via a web-based browser."

An endpoint analysis of the remote client ensures it has the latest version of the antivirus software and patches. The host-based firewalls are also checked to make sure they are turned on and up to date. The validation process is thorough but it only takes a few seconds before the user is prompted to log in and proceed.

Fulfilling the key objective of delivering a simple-to-use and secure method of remote access, IAG has proved very successful for the Institute.

"With IAG you can be anywhere, but you are able to access and save documents just as though you were working on them from inside the college," said Kane. "And you know that nothing is compromised because it is going through a secure channel."

For its next project, the Institute is looking to develop the applications available to remote users. The IT team is currently upgrading to SharePoint Server 2007 with a view to migrating users to the SharePoint environment where multiple sites will be published to meet different needs.

Microsoft Server Product Portfolio

For more information about the Microsoft server product portfolio, go to: www.microsoft.com/servers/default.mspx

Solution Overview

Country or Region:Northern Ireland

Industry:Higher Education

Customer Profile
East Antrim Institute of Further & Higher Education (EAIFHE) is located at three major campuses in Northern Ireland, two in Newtownabbey, close to Belfast, and one in Larne.

Business Situation
The Institute was exploring ways of providing remote access to internal resources, easily and without compromising security

Solution
IAG consolidates key tools for remote access into a single appliance. Sitting on the edge of an organisation?s network perimeter, it combines virtual networking with secure sockets layer protocol.

Benefits

"Previously there were limited applications that were published straight out on to the web. Now, access is secure and managed, removing the opportunities for malicious attacks."
Simon Hamilton Technical Director 4sol Ltd.

"With IAG you can be anywhere, but you are able to access and save documents just as though you were working on them from inside the college, and you know that nothing is compromised because it is going through a secure channel."
Michael Kane Information Systems Manager EAIHE