Data Integration replaced Hampshire County Council's legacy dial-up remote access system with a clientless VPN that enables policy based access for different user groups including Council employees, elected members and third parties.
Hampshire County Council is a large, dynamic and successful authority with a long track record of excellence in overall performance and innovative use of ICT to underpin services. The UK government rates all authorities in England and Wales on their capabilities and services, through the Audit Commissions Comprehensive Performance Assessment (CPA), and rates Hampshire as a Four Star Council, the highest rating. Hampshire is widely regarded as an exemplary county council amongst its peers and partners.
The council also influences local government strategy at a national level through the Cabinet Offices CIO Council where Jos Creese, Hampshire's CIO, is a member and is involved, amongst other things, in remote and flexible working strategy.
Within the county, there are a number of local authorities which are independent of the council, but citizen issues rarely respect authority boundaries. A key challenge for the county is to encourage and support trusted cross-boundary initiatives between authorities, and to provide secure links to other government agencies such as the NHS, police, fire and schools.
Hampshire County Council needed to work as efficiently and effectively as possible, in an environment where substantial change in local government policy from central sources (including data protection legislation from the European Commission), service delivery restructuring to meet increased citizen demands, and ongoing budgetary constraints, all provided significant challenges to the ICT organisation.
Furthermore, internal systems at Hampshire were being modernised to implement Electronic Government programs, e.g. SAP; council employees and elected members were taking advantage of the rollout of broadband in the county to get connected to the Internet, and a council desire to address work-life balances all came together to provide an opportunity for the ICT team to take a fresh look at providing secure remote access to systems and information from home and other locations.
An additional challenge to the IT team was the risk of progressively losing operational control over many end points e.g. PCs, laptops and PDAs, that needed to connect to the network remotely. This relates to users who did not necessarily work directly for the council, and council employees who wanted to use their own home PCs, laptops and broadband connections to access the councils systems such as e-mail and SAP remotely.
Although the council's original tactical requirement was to allow the IT operational team to access systems from home to provide 24/7 support, it was clear to Jane Stedman, IT Networks Manager, that a solution which met this requirement could potentially be extended to other employees to deliver council-wide benefits in flexible and remote working. The ability to meet both tactical and strategic requirements with a single procurement made good business sense to the council and enabled it to demonstrate best value.
The council, through Luke Wirth, Senior IT consultant, considered more traditional IPSec Virtual Private Network (VPN) solutions which, although well proven in site-to-site security deployments, required software clients to be installed on all users devices (both corporate and home PCs). After an initial three month pilot, it was decided that IPSec did not meet the council's need for manageability, flexibility and low operational cost.
"As the PCs were generally home user PCs, we had no authority over the devices and had no idea what software was installed on them so we had all kinds of interaction issues with personal firewalls, antivirus solutions, operating systems and the way the actual machine had been locked down in the first place. At the end of the pilot, the outcome was clear, IPSec VPN wasn't the right technology for us in this instance; we would have to look elsewhere."
SSL VPN technology was then considered and through a selection process, it was decided that Juniper Networks offered the best and most comprehensive technology solution. A further technical evaluation and trial deployment confirmed this.
The outcome of the trials was very positive, as Luke observed: "We found that Juniper's Secure Access SSL product did what they said it would do. It was easy to manage, easy to set up and support and the users were more than happy with it. It was good to find a product that met all our requirements and was a solution for our end users needs. Having looked at several SSL devices, the Juniper Networks Secure Access platform was the only one that really lived up to its potential and our requirements."
The solution has evolved as the use of the system has grown to accommodate the business requirements of the council. It now supports a broad employee base, plus extensions to Hampshire Fire Service, and more recently to schools.
The current main system provides the corporate service called Hantsnet Passport and is based on a high availability pair of Juniper Networks Secure Access appliances supporting 700 active users, although the system scales to serve a much larger user community.
The system works in conjunction with two factor user authentication to provide a highly secure, available and scalable front end into Citrix to deliver thin client access to email and back end systems. The Juniper Secure Access system makes remote access to Citrix more secure, scalable and manageable.
A second independent Secure Access system is used to provide the Hampshire Shared Secure Environment for cross boundary council activities where the information being shared may be sensitive and private (and therefore subject to data protection legislation). The use of this system is also growing as stakeholders recognise its benefits in aiding the collective virtual teams ability to address issues for the most vulnerable of the county's citizens in a more timely and efficient manner.
The Juniper Central Manager system allows complete management of all of the platforms deployed throughout the councils distributed network to track usage, access, authorisation as well as administrative functions.
The two systems now provide a strategic platform for enabling new ways of working remotely and secure collaborative working between government bodies within Hampshire.
Jane Stedman said: I think we are only at the beginning of requests from various departments for secure gateways to their particular management functions. For example, the Education Department recently had a requirement to allow its administration staff access to school servers for the management of databases and school information. Again we are using the Juniper solution to enable that project to go ahead. It will also allow teachers who want to be able to work from home to access all the information on the school network as needed.
Jane Stedman and Luke Wirth feel that the overall benefits of the Juniper solution fall into the following areas:
For the council as a whole, the Hantsnet Passport service provides a greater level of flexibility in how people can work, and this has made a significant contribution to the work-life balance ethos and the council's efficiency and effectiveness.
IT support staff rarely have to make site visits at evenings and weekends, as they can now provide support remotely from their homes. Similarly, third party IT suppliers no longer have to come on site to carry out certain aspects of support work which can be done remotely (making it quicker and more cost-effective).
The solution has resulted in improvements to the relationships the council has with partners and stakeholders via the Shared Secure Environment
The environment is centrally managed allowing adherence to the councils security policy to be maintained consistently for all users, irrespective of the end device.
The implementation of Juniper Networks Secure Access solution has opened up a broad range of options for Hampshire County Council.
Jane is optimistic about the future of the service, concluding that We operate as an internal business unit so our income is achieved by promoting services that meet the council's business needs, which means that the Hantsnet Passport service must add value and be cost-effective in the eyes of our customers and partners. The obvious success of the service to date, and the increasing interest from other areas is solid proof.
In conclusion, what started as a tactical solution for IT has developed, with the foresight of the IT team, into a strategically important platform for the whole council, having an impact on council efficiency and mobility, providing more flexible and secure access to shared services, and helping the council to improve services to its citizens.
Juniper Networks Secure Access platform is having a significant impact on the council's business, and demonstrates how innovative use of technology can make a difference to government.