The Rijksdienst voor Pensioenen (RVP) is the government agency that handles pension information for the citizens of Belgium. When it decided to make pension data accessible over the Internet to all employed people and pensioners in the country, it had two key concerns. First, it had to secure its highly personal and sensitive data from unauthorised access. Second, it had to ensure high performance and availability for a potential user base of many millions of people.
Using F5 BIG-IP products, the RVP can now provide citizens with a secure, convenient way to view their pension information online. The high performing F5 solution scales to accommodate traffic spikes, enables the RVP to comply with many regulations, and has also eased IT management tasks.
In Belgium, pensions are calculated from data relating to each individual citizen’s employment history. The government therefore holds vast amounts of data relating to the careers of more than 5 million employees and pensioners.
In the past, the RVP sent out a yearly report to citizens, with information on the number of days worked during the year and any sickness, social security, or disability benefits claimed. This report included data relating to only a single year, so it was difficult for citizens to assess what their pension entitlements might be in the future.
In 2010, the Belgium government made a public commitment to make pension information more accessible to citizens and its processes more open. The RVP launched an initiative to give citizens access to pension information relating to their entire careers, over the Internet. Through this online solution, the RVP wanted to make it possible for citizens to review their own career data on demand, and easily calculate and monitor the pension they would be entitled to, on reaching retirement age.
To meet the needs of an entire nation, the RVP’s online pension application had to be able to deliver exceptional performance and availability for millions of users. At the same time, the application had to be extremely secure to protect the very personal and sensitive data contained in the organisation’s databases. In particular, the application had to be able to support a strong authentication process, using the electronic ID cards that all Belgian citizens carry.
The RVP already used F5 application delivery solutions within the organisation to ensure the optimal performance of its core pensions administration applications. Used by 3,000 employees, these internal applications are both bespoke to the organisation and critical to its operations.
The RVP was highly satisfied with the performance of its F5 solutions, but it couldn’t simply purchase additional F5 products to meet the needs of its new external applications. Like all other public sector organisations in Belgium, the RVP was obliged to follow certain strict tender procedures. It therefore issued a formal request for proposal (RFP) with a technical specification that covered all of the requirements of the new system.
At the end of the tender process, the RVP selected SecureLink, a systems integrator and F5 partner that operates in the Benelux region. “SecureLink provided the best value when we took into account the quality of products offered and the price,” says Ivo Tuytens, IT Security Manager at the RVP. “Because we were familiar with F5 solutions, we had confidence that the solution architecture proposed by SecureLink would meet our needs.”
SecureLink supplied and installed two F5 BIG-IP Local Traffic Manager (LTM) application delivery devices, along with the BIG-IP Application Security Manager (ASM) module.
The two BIG-IP LTM units are configured in active/passive mode to provide instant failover in the event of a fault. The solution currently supports four production web application servers.
During the course of the installation project, the RVP used the F5 iRules scripting language to create customised processes for logging in, routing traffic between web servers, and strengthening security. “The iRules feature is very valuable,” Tuytens says. “If something isn’t done by F5 by default, you can always create it with iRules to precisely meet your needs.”
Since the online pensions application has been implemented, it is typically accessed by more than 30,000 users every month, or approximately 400,000 a year. In addition to providing secure access for citizens, the F5 solution is also used to provide secure access to pension data for the RVP’s partners, including other government agencies.
Through the use of the F5 solution, the RVP has been able to keep highly sensitive data about citizens completely secure. Over recent months, there have been several attempts to penetrate the system, launched from locations in Russia, Kazakhstan, and China, but in each case, the F5 solution successfully detected and blocked the attacks.
“F5 works,” Tuytens says. “High security is the most important feature offered by F5 BIG-IP Local Traffic Manager learns from the traffic it handles and can then create new policies to enhance the protection provided.”
Understandably, the RVP has to comply with a great many government, financial, and data protection regulations, including ISO 27001. Tuytens says, “F5 products ensure our compliance, and they actually go much further than the regulations demand, to provide us with even stronger security.”
F5 has given the RVP an effective way to centrally control its entire external application infrastructure. Easy to use, the solution has simplified many routine network management and security tasks, thereby freeing up time within the IT team.
“Without F5, we would have to make security updates to all of our web servers,” explains Tuytens. “With F5, however, we have to make the changes just once. F5 provides all the capabilities we need, centralised in one solution.”
Typically, the RVP receives up to 30 Mbps of traffic on its external applications. However, a simple announcement from a government minister can lead to a spike in traffic, as more citizens are prompted to check their pension status. On one occasion, following a government announcement, traffic levels jumped up to 70 Mbps. Throughout this period of exceptional system usage, the F5 products continued to balance the load and deliver high performance for users.
Tuytens concludes, “F5 delivers the performance that citizens want and the security we need.”