HOB Solutions at Work

Windows Terminal Server Computing and Desktop-on-Demand: Remote – Yet Right There

The municipal data processing association Reutlingen-Ulm (KIRU) provides more than 800 members and customers from the public and private sectors comprehensive IT services. Especially for home users, administrators and service personnel from their own computer center and customers, KIRU has been providing flexible and secure Internet connectivity for 24/7 access to their applications since 2006. This access is possible thanks to their deployment of HOB's Windows Terminal Server Computing solutions including HOB Desktop-on-Demand.

Erich Burgstaller

Dr. Erich Burgstaller

KIRU is a modern German IT service provider organized as a special purpose association under German law. It provides the operation of centralized mainframe computing processes and that of local networks as well as their applications in the municipal and private sectors. At its two offices, in Ulm and Reutlingen, Germany, KIRU employs about 300 people to provide these services to their public sector customers at the municipal and county levels, as well as hospitals, utilities and cooperatives, mainly from Southern German regions. KIRU has an annual turnover of approx. 38 million euros.

 

The Goal: Optimal Service Anytime

As an IT service provider, KIRU is there for its customers around the clock with its entire IT infrastructure. Of course, remote access to internal applications is not new: Already in 2002 KIRU's customers, or IT specialists, for example, during their on-call shifts, could login to the KIRU network form home or another remote location. However, this original solution was rather limited in its range of functions. In view of the diversity of the many customers and the increasing dependence on IT-based business processes, this limited functionality was not enough: After all, almost all information storage and exchange systems today are computer-based, and access to this information is increasingly being demanded around-the-clock. This is especially so for international financial institutions to hospitals or other industries needing 24/7 information access.

The Challenge: Security, Scalability, Flexibility

To enable access at anytime, KIRU needed a secure, flexible, scalable and easy-to-administrate remote connection for home-users, administrators and computer center service staff.

As KIRU has worked together with the software concern HOB for many years and uses HOB's 3270 terminal emulation HOBLink J-Term, it made sense to select HOB's SSL-based products for secure remote access. "We were mainly interested in two products from the HOB RD VPN solution suite, both of which fit very well in our existing infrastructure. Decisive factors were, on the one hand, their high-degree of security and, on the other hand, that these products can be easily used from a multitude of different computer platforms," explained Erich Burgstaller, head of KIRU's Networking Department.

Especially the security – after all, KIRU's customers are working with highly sensitive personal data – was very important in the selection of the solutions "Windows Terminal Server (WTS) Computing“ and "Desktop-on-Demand" (DoD): Although all Internet access to applications behind the firewall is made over the Microsoft RDP protocol, which is highly performant, HOB supplements security through an extended SSL functionality. The HOB WebSecureProxy shields the Windows Terminal Server Farm from any unauthorized direct access over the Internet.

The Project

KIRU wanted first to set up secure remote connectivity for 260 clients, most of which were running the Windows XP Professional OS, over HOB WTS Computing to about 20 Windows Terminal Servers. 60 of these clients were also equipped via HOB Desktop-on-Demand to their own desktop PCs, allowing them not only secure remote access, but also the ability to boot their desktop PCs remotely.

In the project's first step, two of KIRU's network technicians, working together with an HOB system engineer, installed the central WTS and DoD components with Wake-on-LAN in the computer center and set up the SSL VPN tunnel. The second step was to configure their access rights policy, which controls authorized users access to their applications via user name/password and/ or strong authentication via tokens and the RADIUS protocol. This access policy is stored in HOB Enterprise Access, a central user and configuration data administration tool.

In the third step, the two remote access variants were tested by KIRU's own remote users, then by a selection of customers. After about six months the project was put into production. "The introductory stage is now over, and we are constantly adding new customers to the system so they also benefit from from this practical service," declared Erich Burgstaller. The Desktop-on-Demand solution is not yet completely in productive use at the customer's locations, as this solution is still being implemented.

 

The Solution: Remote – Yet Right There

Within KIRU the remote access is used by computer center employees or administrators. For updates or system modifications, which mainly take place on weekends, now only a small team is required in the computer center, others can access their machines from home.
The customers mainly use the solution in remote offices, for which a dedicated line to the KIRU network would not be cost effective, e.g., registry offices that are only staffed part-time and therefore are only equipped with ISDN or DSL connections.

It only takes a few seconds to log in: If, for example a registry office employee needs to access specific personal data in his community, he enters his user name, password and the current PIN from his authentication token and a secure SSL-VPN tunnel is established from his client system directly to the KIRU computer center, which is connected to the municipal network over a dedicated line. "The advantage for our customers is that they need no complicated access policies and security mechanisms such as firewalls and a DMZ. We configure their access rights and guarantee the secure access. This is also true for the remote maintenance of individual systems and applications, which can be done easily by the manufacturer via the remote solution," explained Erich Burgstaller.

With this remote solution, the KIRU can provide not only their own employees more flexibility and their users faster support in an emergency, the network is also better integrated for various customer deployment scenarios, for example the use and support of third-party software which is not supported by KIRU.

 

 

Doris Jessen, specialized journalist in Hamburg

 

 

14.09.15 JR