Case Study 1 - SSL VPN using the AEP Series A

To protect the security of our customers, we do not associate customer information with our case studies. Please contact us to discuss these and other solutions in further detail.

Bookmark & share this page

Requirement: This customer had a requirement to replace its aging remote access solution. The current software release had reached end of life and the existing hardware couldn't support an upgrade. The users ranged from those with occasional access requirements to users permanently based away from one of the main offices. Due to the wide range of users, not all had company equipment for use when working away from the office. Therefore the system had to be accessible without the need to install client software on users' personal machines. Users had the ability to tunnel in from corporate machines or establish a thin session to one of several terminal servers. The remote access devices were responsible for load balancing between terminal servers.

Security of the solution was fundamental to a successful deployment. This included a robust login process and ensuring users not on corporate machines couldn't transfer data to and from the corporate network. There were also a small number of third parties which required access to the customer's network to provide application and system support.

Solution: On evaluating the requirements it was decided to stay with an AEP SSL VPN product from AEP networks, providing two appliances for resilient user access and a third virtual version as a test device. This ensured that the migration from the existing system to the new version would be virtually seamless for the users and require no additional training.

Shield IT solutions installed the two new AEP Series A devices in tandem with the existing devices to allow for a period of UAT, before the users were migrated to the new system.

To ensure only corporate devices could connect using the tunnel client, the Series A's inbuilt client integrity checking was used to look for unique settings and executables on the users'machines.

The system was further enhanced to publish web applications, such as OWA, directly from the Series A to save users from having to establish a session to a terminal server to perform simple tasks.

The existing remote access solution already used strong two-factor authentication from Signify to provide secure authentication. The Signify solution allowed the use of an RSA Secure ID device without the need for specialist in-house skills. As the service is easily deployed, and existing IT staff were already managing users from an easy to use web based portal, this service was retained.

Case Sudy 2 - Cisco VPN Solution

Requirement: This customer had a requirement to provide 'LAN like' access for up to 100 mobile and home based staff. All access was to be via corporate machines, accessing a range of thick client and web based applications on the corporate network. As they already hosted a number of web applications over an existing Internet link, the new solution couldn't impact the performance of these applications. The solution also had to provide a robust login process.

Solution: On evaluating the requirements an IPSec based solution was chosen based on Cisco hardware. Initially just a single device was used, but by utilising the load balancing technology within the Cisco product there was the ability to increase capacity by adding further appliances if required, without significant changes to the infrastructure design. This provided the LAN like access using a VPN client on each device, but also offered the option of using an SSL based solution in the future if required.

To avoid impacting existing bandwidth, a new Internet link was specified. To ensure the service was useable for all remote workers a 10Mb leased line was selected, this also made the solution scalable.

A two-factor authentication from Signify was used to provide secure authentication. The Signify solution allowed the use of an RSA Secure ID solution but without the need for specialist in-house skills. The service was easily deployed and existing IT staff were able to manage users from a simple web based portal.

The service was a success and the user numbers more than doubled in a short space of time. The device was added to an existing SNMP management solution to monitor concurrent users so that future upgrades could be planned well in advance.