CUSTOMER STORY

City of Bellevue delivers future-forward mobility, security, and compliance with F5

PRODUCTS

BENEFITS

Aligned with federal and industry regulations

Increased access to secure VPN

Reliable maintenance and load balancing

Easy migration to cloud and SaaS applications

Positioned for future growth 

CHALLENGES

Meeting authentication compliance requirements

Insufficient remote systems access

Strict SLAs for uptime and service turnaround

Limited capacity for growth

Ongoing subscription-based costs

The City of Bellevue, Washington, is a thriving technology and economic hub with more than 144,000 citizens. To serve its diverse needs—including remote employees, citizen site visitors, police and emergency services, maintenance crews, among others—Bellevue turned to F5 for upgraded access, load balancing, and capacity, as well as a solution that would position the city well for future growth.

With F5, the city can more easily manage complex requirements for federal compliance and industry regulations. Bellevue’s VPN systems meet FIPS standards and CJIS rules with BIG-IP Access Policy Manager (APM), allowing police secure access to data they need to do their jobs.

And with BIG-IP APM handling authentication, employees can sign in once—from anywhere—and securely access the apps they need. The city also gets the functionality it needs to simplify and protect user access to apps and data, while delivering a scalable access gateway. BIG-IP APM also supports multiple authentication methods.

BIG-IP Local Traffic Manager (LTM) dramatically reduces load times, improving user experience for citizens and employees in the field. For its contracted hosting services with other local municipalities, the city must adhere to strict SLAs, including short recovery windows, while alsostriving for “five nines” agreements for uptime. Relying on BIG-IP LTM, the team can ensure apps continue functioning, even during maintenance and while faced with increasing site traffic.

F5’s BIG-IP LTM provides transparency into network application traffic, too, and control over how it’s handled, allowing the IT organization to make intelligent traffic management decisions based on server performance, security, and availability. Additionally, the LTM’s SSL performance lets the city cost-effectively protect sensitive data by encrypting every layer from the client to the server. 

City of Bellevue delivers future-forward mobility and compliance with F5

Located near Seattle, Washington, the City of Bellevue is a thriving technology and economic hub with more than 144,000 citizens. With its level of information services, e-commerce services, and mobility requirements exploding in recent years, the city turned to F5 for an upgrade. The updated solution now handles access management, load balancing, security, and compliance with federal standards, enabling Bellevue to serve the diverse needs of a modern city while positioning itself for future growth.

The Need

Like many modern cities, the City of Bellevue’s digital needs have grown. A decade ago, only a handful of technical workers used its VPN to access systems remotely. Today, all 1,600 employees are enabled for remote work.

The city’s online presence also has grown dramatically. Its website offers a range of services such as payments, permit applications, online job applications, and maps, hosting more than 800,000 visitors annually with more than 80 gigabytes of content. And it must meet strict service-level agreements (SLAs) for uptime and service turnaround for hosted services. The site also hosts the eCityGov alliance, a public non-profit organization providing regional online services for 22 smaller area municipalities in the surrounding area.

The city also needed a way to enable secure remote access for employees who primarily work in the field. Inspectors issue permits on the go. The parks department surveys and updates central systems with information on maintenance, plants, and other issues.

For the city’s police force, enabling access to sensitive criminal history data means systems must comply with strict federal guidelines, including the federal Criminal Justice Information Services (CJIS) security policy and the related Federal Information Processing Standard (FIPS). Compliance with CJIS and FIPS is enforced through an annual federal audit; without meeting the standard, police are restricted in the information they can access in the field.

Faced with a mounting list of requirements, the city knew it needed an enterprise-grade solution that could handle it all and keep evolving over time. The IT department stepped up its investment in F5 technologies to meet this challenge, implementing BIG-IP Local Traffic Manager (LTM) and BIG-IP Access Policy Manager (APM), providing the highest levels of uptime and accessibility while increasing security and compliance for CJIS, FIPS, and industry standards like Payment Card Industry Data Security Standard.  

“F5 was a natural decision, given the existing partnership. We continue to be pleased that the functionality the product lines offered meets our needs and that the quality and performance has been demonstrated over time.” Garrett Solberg, IT Manager, Infrastructure Division

The Transformation

The city viewed F5 as a natural fit to help them implement the upgrade given their decade-long partnership. While they had previously migrated their access solution to FirePass from Cisco in 2008, the city needed a new solution that would scale to their growing capacity needs. The city selected F5’s Access Policy Manager solution for all of its remote access challenges.

The city was also interested in trading its annual subscription-based access services for a new piece of infrastructure it could purchase and manage independently. Ultimately, the city needed the ability to provide secure, compliant access to all city services, provide near 100 percent uptime for its hosted services, and position the city to take advantage of cloud services and SaaS applications in the future. 

“The modularity and robustness of BIG-IP has helped us leverage our investment across the city.” Garrett Solberg, IT Manager, Infrastructure Division

The Outcome

In implementing BIG-IP, the City of Bellevue solved for both past and future challenges. BIG-IP LTM provides the city with a clear view into network application traffic and control over how it’s handled. This transparency allows the IT organization to make intelligent traffic management decisions based on server performance, security, and availability.

Additionally, the SSL performance of BIG-IP LTM lets the city cost-effectively protect sensitive data by encrypting every layer from the client to the server. The city gets an enterprise-class load balancer with granular Layer 7 control, SSL offloading and acceleration capabilities, and ScaleN technology, delivering on-demand scaling.

With BIG-IP APM handling authentication, the city now has the functionality to simplify and protect user access to apps and data, while delivering the most scalable access gateway on the market. BIG-IP APM supports multiple authentication methods, including multi-factor authentication required for CJIS and FIPS compliance. Employees can sign in once and securely access the apps they need.    

Effective load balancing and SLA compliance 

For its contracted hosting services with other local municipalities, the city must comply with strict SLAs, including short recovery windows and “five nines” agreements for uptime. With Big-IP LTM, the team can ensure applications continue functioning during maintenance. Using real-time protocol and traffic management decisions based on application and server conditions, extensive connection management, and Transmission Control Protocol and content offloading, F5’s LTM also dramatically reduces load times, improving user experience for citizens and employees.    

Federal compliance for critical information

The city’s access technologies affect all employees, but they have special significance for police. For example, the City must meet strict federal compliance requirements in order to maintain access to CJIS data that police require to do their jobs.

With F5, compliance is built into BIG-IP to help the city manage these complex requirements. APM allows the city to easily create distinct policies for different users on different virtual servers. For police, it has implemented RSA SecurID two-factor authentication to enable secure VPN access to sensitive data. Remote patch management—another FIPS requirement—also is enabled, freeing employees to update devices in the field, instead of physically at headquarters. Additionally, cities the size of Bellevue must use tamper-proof, FIPS-compliant hardware; F5’s BIG-IP solution checked that box, too. 

“You can’t quantify being compliant. You can’t quantify being more secure. You either have it or you don’t. With F5, we’ve acquired everything we need to meet those strict federal requirements.”

Garrett Solberg, IT Manager, Infrastructure Division    

Enabling a wide range of mobile users    

The city’s decision to consolidate access management with APM was largely driven by user count. In the past, technical support employees were among the few VPN users. Today, everyone from public safety to utilities workers to inspectors requires mobile access to work efficiently and effectively.

The city needed a way to increase capacity as it increased its mobile device infrastructure. With its old Netmotion solution, users had trouble connecting to internal resources. The city’s Citrix solution didn’t have the capacity to support the growing user base reliably, and costs kept escalating.

APM has changed all that, making it easier to support remote users while facilitating vendor services and allowing the city to decommission its aging Citrix and Netmotion solutions.    

Positioned for future growth 

The city was able to make a one-time investment in F5 BIG-IP to avoid ongoing subscription costs while leveraging existing infrastructure to expand VPN access to all city employees.

These steps have positioned the City of Bellevue for growth. As the city prepares to support IoT-based solutions, migrates to the cloud and moves applications to SaaS, its decision to partner with F5 will continue to pay off.    

Connect with F5

F5 Labs

The latest in application threat intelligence.

DevCentral

The F5 community for discussion forums and expert articles.

F5 Newsroom

News, F5 blogs, and more.