HOB Solutions at Work
HOB RD VPN Secures Communication For Worldwide Shipping Company
Secure Remote Access for the shipping company Phoenix Reederei
Phoenix Reederei GmbH was founded in 1994 as a ship acquisition and management company in Leer, East Frisia, Germany. Phoenix Reederei currently operates, and is expanding, a fleet of 18 vessels on all the world's oceans. This fleet consists of bulk carriers ranging from 3,000 to 7,000 tons capacity, fast container vessels of up to 800 1) and heavy lift vessels with a lifting capacity of up to 120 tons.
Previously, Phoenix employees used a dial-back solution for communications with the central office in Leer. In 2003, Phoenix began planning new structures for accessing the communications software in this central office. The highest priority was given to making this access secure. The company decided for a server-based computing solution based on a Windows 2003 Server and against a conventional Virtual Private Network structure for employees located outside the central office. In accordance with this decision, Phoenix considered three possible solutions: a pure Microsoft solution, Citrix MetaFrame, and HOB RD VPN. The innovative software and cost-effectiveness of HOB RD VPN convinced Phoenix that this was the right solution for them.
Phoenix employees use laptops and desktop PC's with various Windows operating systems (e.g., XP Pro, XP Home, Windows 2000, Windows 98). They access their applications from home offices or branch offices. In addition, the Phoenix inspectors, responsible for looking after the vessels all over the world, also need secure access to the terminal server from anywhere in the world. The most important applications on the Terminal server are MS Office, the Nordic-IT MCSWin communications software for fax, mail and telex, as well as a document management system. For a dialup service that is truly available the world over, Phoenix uses the iPass-Connect service from ATeO.
The software products are installed on an Apache server. To connect with an application on the Terminal Server, the user clicks either on a desktop icon or a link on a Web page designed just for this. The user is immediately connected to the WebSecureProxy (a component of HOB RD VPN) behind the firewall. This proxy then makes the connection to the desired application. The Windows Terminal Server is thus invisible, and inaccessible, to any attacker coming over the Internet. The connection between the client machine (user) and the WebSecureProxy is encrypted with 256-bit SSL, providing a very high level of security. With this software, Phoenix Reederei created its own Public Key Infrastructure , with which it can increase security by issuing its own cryptographic keys and certificates. These certificates are used for authentication, i.e., positively identifying the person/computer being communicated with, and preventing message falsification and misuse.
Managed Server-Based Computing
All user configurations are stored in a database in the Enterprise Access Server. The users do not have to configure anything themselves, as all configurations are centrally made and managed by the system administrator. Connection data, configurations or user rights, etc., can be centrally set or updated by the system administrator whenever necessary. When any of these settings have been changed, the HOB software will detect and apply these changes the next time a connection is established. The same simple procedure is also used to carry out a software update.
Phoenix Reederei IT Manager Martin Ehmen sees clear advantages to this software installation: "The technical implementation of the remote access saves us from having to implement a worldwide VPN solution; the remote installation, central administration and uniform database structure reduce costs and support. Additionally, the telephone costs for the previous dial-back procedure are eliminated entirely. The many different possibilities of SSL-secured access, for example, from hotel lobbies, Internet cafés, airports or train stations, also contribute added value to this solution. Also, the open structure of this software doesn't impede us in any way from eventually implementing the most modern technologies such as UMTS or client connectivity via satellite."
Phoenix Reederei was able to put the software into production after only one month of testing. HOB's telephone support hotline was only needed to get the first certificates properly generated.
1) A shipping term, TEU is an abbreviation for "twenty-foot equivalent unit." One TEU represents the cargo capacity of a standard container 20 feet long, 8 feet wide, and (usually) a little over 8 feet high, or half the capacity of a similar container 40 feet long. One TEU equals about 12 register tons or 34 cubic meters.