|
A scalable VPN Solution to provide a
secure home working solution
 The London Borough of Tower Hamlets has over 10,000
workers including teachers. In 2003/4 the Council had a
budget of over £720m to provide Housing, Education, Social
Services, Highway and Environmental services in the
Borough.
The Challenge
After performing a complete upgrade of the existing LAN
infrastructure the London Borough of Tower Hamlets
recognized the need for a secure and scaleable remoteaccess
/ VPN solution that would meet all the Borough’s
current and future business requirements. This VPN solution
would initially provide a secure home-working solution for the
51 Councillors throughout the Borough. The installed VPN
solution had to be scaleable to allow connectivity for up to
1500 remote users and small sites.
To increase productivity amongst the London Borough of
Tower Hamlets staff members, secure wireless access to the
main network was required from all of the Borough’s Offices.
After upgrading the complete LAN infrastructure the London
Borough of Tower Hamlets needed a flexible AAA
(Authentication, Authorization and Accounting) solution
implemented on their new infrastructure, consisting of
approximately 225 core devices (routers and switches), that
allowed for accurate user tracking as well as different accessrights
based on the user’s role within the IT department.
To allow for future growth and to support the newly
implemented VPN solution the existing Firewall had to be
upgraded and to tie the whole solution together a network
management platform was required to monitor and manage
the newly implemented LAN infrastructure.
The Solution
A Cisco VPN Concentrator was deployed as the main site VPN
termination device. For the small remote sites Cisco 800
series routers were deployed while the Cisco VPN client was
used for the home-workers and councillors.
The Cisco Secure ACS Server was deployed as a central
authentication server used for authenticating VPN users, dial-in users
and IT staff members for managing the core devices.
To provide a secure flexible wireless solution the Cisco VPN
Concentrator was used to separate the secure wired network from
the insecure wireless network. The main advantage of using IPSec
based VPN technology to protect the wireless network is that it is a
vendor independent solution; the security is handled by the IP layer
in the VPN software, so the wireless adapter doesn’t have to support
advanced security mechanisms.
The Benefits
This solution has provided London Borough of Tower Hamlets with a secure VPN infrastructure which
provides room for expansion in the future and meets their current performance needs allowing remote
workers to securely connect into the central network.
Cutting out many hours of unnecessary travel considerably improves the productivity of the Borough’s
staff. This productivity gain results in cost savings, allowing for more efficient use of limited budgetary
resources.
Customer Comment
"The Cisilion engineers worked closely with the LBTH network staff identifying the scope of the project
and the deliverables. Once these were agreed, the installation of the firewalls, VPN concentrator and
ACS server was completed with minimum disruption to the council’s services.
Integration of the ACS
server and our Directory was completed in half a day allowing controlled access to our Cisco
infrastructure for our desktop support staff. The VPN client was supplied as a self install CD that allows
us to customise the installation. This has proved invaluable where users live outside of the Borough and
a site visit is not feasible.
Cisilion provided a comprehensive one day workshop for the network staff and ongoing telephone
support, enabling us to install and support additional users.
Prior to this project we had never partnered with Cisilion. The professional approach to project
management and technical delivery within budget and on time has resulted in us working closely with
Cisilion on a number of other security based projects."
- C. Short C.Eng MBCS
Back to Mobility case studies
Back to case studies
|
