Threat Stoppers
School deploys SSL VPN
Solution maintains control over
endpoints while providing AAA protection.
by Sunil Cherian
Polytechnic Institute of NYU invested
significant capital in deploying Oracle
PeopleSoft ERP applications on a highly
scalable, centralized application
architecture. The deployment addressed
payroll, human resources, student
registration, financial assistance and other
crucial applications for students, faculty
and staff.
Given the nature of the user population,
the architecture had to account for access
from office desktops, wireless campus
networks and off-campus locations, such as
satellite facilities, dorm rooms or homes,
and kiosks on campus.
NYU-Poly needed to maintain control over
the end points in order to deliver only
necessary content and ensure sensitive data
was not left behind. Meeting the diverse
needs of 5,000 plus users required a secure,
scalable, flexible and streamlined approach
to accessing mission-critical applications
that took into account authentication,
authorization, accountability, encryption
and server security.
With a small IT staff and a large user
base, NYU-Poly did not want to deal with a
heavy client footprint and associated
support issues. The solution also needed to
support the entire user base on a single
system.
TThe IT team, led by Hani Basilious,
quickly settled on a clientless
architecture. SSL VPN was considered the
technology that could best address endpoint
security issues and encryption requirements,
as well as meeting Polytechnic’s
authentication, authorization and accounting
needs.
What Polytechnic wanted was a unified
security gateway, through which access could
be provided for all user groups and
applications. This architecture had to
seamlessly and automatically account for the
differences between access from desktops,
the wireless network and the remote network,
as well as access by different classes of
users. Portal integration and single sign-on
were required to provide each group with a
seamless and intuitive experience, but
Basilious and his team also wanted the
ability to partition and virtualize the
access gateway in order to combine and
correlate applications and users for
security purposes.
Polytechnic deployed an SSL VPN solution
that was scalable enough to provide
universal access control for more than 5,000
diverse users. The technology selected
provided a universal access framework and
provided control over access from local
networks, Wi-Fi networks, trusted computers
and untrusted machines.
In addition to traditional remote access,
its built-in endpoint security assessments,
captive portals, end-to-end encryption,
virtualization and automatic segmentation of
users based on their identity allowed the IT
team to quickly and securely deploy the
applications with minimal effort.
Front-ending PeopleSoft servers, SQL and
Oracle databases, Oracle portals and Active
Directory authentication systems with this
SSL VPN solution, Polytechnic now provides
anytime, anywhere access to business
processes through a unified and streamlined
architecture.
The architecture only required two
gateways running in clustered configuration
with multiple virtual portals. In
conjunction with a pair of firewalls and
audit-alert infrastructure, the Polytechnic
team was able to address all of the
security, performance, accountability and
mobility needs at a low incremental cost.
Sunil Cherian
Additionally, NYU-Poly was able to solve
a future project requirement for opening and
maintaining a number of holes in the
firewall to allow students to access their
personal computers in the dormitories with a
simple self-registration and remote desktop
access solution built in to the same
platform that required no other ports to be
opened besides SSL port 443.
Sunil Cherian is vice president of
product marketing at
Array Networks, Milpitas, Calif.
For more information
(click here)