/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsAs the Essar group was going global and mapping various geographies; some of the employees needed to travel across the globe. While on the move, they exchange files through mails, access corporate applications from laptops, mobile devices, tablets, public kiosk, etc.
The company felt the need to provide its employees a solution that provides seamless connectivity to corporate network without the need for any special software installation while maintaining adequate security.
While the company was facing issues related to remote access solution, it was gripped by another major problem and that was the potential threat to sensitive data flowing across its diversified business environments, making data security essential for the company.
With diversified business ranging across verticals like steel, power, telecom, shipping, and engineering, the company was in utmost need for data encryption adoption for their WAN traffic to avoid potential threat to sensitive data.
Checklist-Issues to Tackle
Essar was clear to implement a secure and flexible remote access solution which can provide seamless user experience irrespective of the device / computer used to access the corporate network without compromising the security and efficiency with Juniper's SSL VPN solution.
The company also zeroed it down to use Cisco's GET VPN technology to secure Essar's data in motion across different service provider networks.
What was ahead was the implementation of these solutions, but few problems were to be addressed:
- Confidentiality of Data in Motion: Secure business data flowing through multiple ISPs.
- Remote Access to non-Essar Employee: Partners and customers who are not part of the domain have no means to connect to Essar network
- Disaster Recovery: During a business disruption, demand for remote access could spike to include the majority of Essar workforce.
- Extranets: To promote increased collaboration, wider access for business partners is needed, yet without compromising access control and security.
- Mobility: Mobile devices like smartphones and tables running on heterogeneous platforms need to securely connect to Essar network.
- Enforcing Policy: Collaboration and regulatory compliance is encouraging more granular access controls, yet IT may struggle to enforce policy across disparate points of entry
Â
Â
The most intriguing challenge the company faced with SSL VPN was the acceptance by business users who are already acquainted with a different technology for remote access (Cisco IPSec). Other technical challenges were conflict with websense remote filter client, Client deployment through SCCM, access through android devices and network integration.
GET VPN, on the other hand, had its own set of challenges while implementing. It was a new technology and hence required a steep learning curve, as it was first-of-its-kind implementation.
"Acceptance by business of a totally new technology which is never been used by the manufacturing sector in India," says Keyur Desai, associate vice president, IT infrastructure and projects group, Essar.
Solutions
SSL VPN-Essar used SSL which eliminated the need for pre-installed client software, changes to internal servers, and costly ongoing maintenance and desktop support.
The SA series also offered partner/customer extranet features that enabled controlled access to differentiated users and groups without requiring infrastructure changes, demilitarized zone (DMZ) deployments, or software agents.
The SA series included Juniper Networks' Junos Pulse, a dynamic, integrated, multiservice network interface for mobile and non-mobile devices. Junos Pulse also enabled secure SSL access from a wide range of mobile and non-mobile devices, including smartphones, tablets, laptops, and desktop PCs, as well as Wi-Fi or 3G/4G and Long Term Evolution (LTE)-enabled devices.
Junos Pulse delivered enterprises improved productivity and secure, ubiquitous access to corporate applications and data anytime, anywhere.
"We rolled it out across 1,500+ retail outlets across ‘The Mobile Store' and for 10,000+ mobile users across the Essar group. As per Essar's technology road map this implementation is a significant step towards BYOD," says Desai.
Â
GET VPN by Cisco
Cisco's GET VPN technology, based on the group domain of interpretation (GDOI) protocol defined in RFC 3547, is a group key based tunnel-less VPN solution for the enterprise network using private MPLS/IP core.
It enables secure end-to-end fully meshed network, for data, voice, video, IP multicast and other applications, without the use of point-to-point VPN tunnels.
"We rolled out Cisco GET VPN across 62 locations and total 3 ISPs (Tata, Airtel and Tulip)," confirms Desai.
How they Helped
The Essar group after implementing information security project viz SSL VPN, GET VPN with required hardening of all nodes, saw huge RoI on the project.
Impact
As per Essar's technology road map, the implementation of SSL VPN is a significant step towards BYOD. This provides an uniform remote access platform for plethora of hardware and software platforms available in the market.
"SSL VPN access enabled Essar to deployment of secure IP telephony solution. Users can now receive calls and make calls to any office extension across the Essar group using their tablet (iPad) or smartphone through internet. This provided flexibility and significant cost savings, " explains Desai.
Essar is going global and Juniper's SSL VPN solution provides seamless connectivity to corporate network without the need for any special software installation while maintaining adequate security.
"We were able to make the communication secure for the applications like JDA using clear text protocols (Telnet). This mitigated a big risk for Essar's retail ventures like ‘The Mobile Stores' and ‘Steel Hypermart', "adds Desai.
On the other hand, GET VPN Implementation is first-of-its-kind for any manufacturing industry in India and a role model for others. "It uses existing infrastructure hence no capital investment on equipment involved. No additional point of failures introduced, QoS and Multicast configurations not impacted and no overlay routing," says Desai.
Â