Flexibility and faster time to market
Improved security posture of apps and data
Agile and consolidated infrastructure
Time to market new services seamlessly
Low confidence of securing apps and data, compounded by new and sophisticated threats
Raising user expectations, from doubling of internal users
Fraser Coast Regional Council (FCRC) is a local government agency located in the Wide Bay–Burnett region of Queensland, about 250 kilometres north of the state capital of Brisbane. FCRC is responsible for providing local government services to more than 96,000 residents in a region covering over 7,000 square kilometres.
FCRC had initially realised that its network security infrastructure was approaching the end of its useful life back in September 2014. What started as a Cisco ASA replacement project, aimed at replacing firewalls and implementing two-factor authentication, led to a broader discussion to assess more efficient ways of delivering services in a secure manner.
FCRC also has another data centre deployed for disaster recovery and business continuity purposes. With dated infrastructure and servers, it was becoming more complex and costly to manage and maintain.
FCRC approached the situation to consolidate and improve its IT infrastructure, by moving from a traditional data centre to one that is virtualised to reduce complexity. It kicked off an ambitious upgrade by engaging IT solutions provider Deployus, as well as the leader in applications delivery networking F5 Networks.
Along with problems associated with managing an aging infrastructure, the council’s highly siloed IT infrastructure was also lacking in flexibility and scalability. That translated directly into a significant day-to-day operational limitation. This also presented a major barrier when it came to introducing web-based services. One of the primary concerns included the impact on the IT team tasked with securing and delivering the services effectively and efficiently.
The end-users who are largely the mobile workforce demand easy to use and secure access to services in a timely no-fuss manner. Prior to deployment, it took FCRC an average of two weeks to provide a service and that usually resided outside the network completely.
Historically, FCRC wrote their own web based solutions to give users access to its corporate systems via the browser interface. Security was always an area of concern.
“Adding to lack of web application firewall functionality, single points of failure also existed at the edge of the network. And, like any local government agency, a shrinking budget made it difficult for the council to constantly deliver solutions that were up and running at all times,” said Wade Rogers, Manager, Information Technology and Systems, Fraser Coast Regional Council.
An additional complication arose when FCRC began a process to transition the local water authority – Wide Bay Water – which increased the number of internal users from about 600 to 800. Growing user numbers required increased mobility and higher performance threshold for applications and mobile devices.
Any new solution had to be capable of supporting all these requirements without having to redesign or reimplement anything. A tall order, but not impossible with a creative architectural vision and the right technology.
Working with Deployus and F5, FCRC developed an Edge Security Enhancement and Infrastructure Consolidation Solution that transformed its infrastructure from a traditional into a modern hybrid cloud and premises based architecture.
The project takes advantage of F5’s application delivery networking (ADN) portfolio, deploying modules like Local Traffic Manager (LTM), BIG-IP DNS, Application Acceleration Manager (AAM), Application Security Manager (ASM), Application Policy Manager (APM) and iRules to protect the council’s critical resources and eliminate numerous single points of failure at the edge of the network.
Consolidation started with a centralised platform, where all application services can be provisioned regardless of where applications reside. These services include authentication of users access, SSL offloading and traffic load balancing.
Public-facing community web applications were the first services to be transitioned. That was followed by a remote access solution, desktop delivery, and DNS services before transitioning the core services and property applications that are used across the business as well as at Exchange. Last but not least was the integration of an existing video delivery solution so that Queensland Police could monitor the cameras deployed throughout the region. APM was used to support single sign-on to the Queensland police network and back into FCRC. That enables the Queensland Police to securely access the camera network, monitor and review any incidents around the region.
In addition to consolidating physical servers and networking switches with F5’s application services, FCRC now enjoys the freedom and flexibility to rapidly design and deploy web-based applications to its stakeholders.
What once took up to two weeks to release new services is now reduced to a couple of days. FCRC is now confident to run services internally as opposed to having it reside outside of the network completely.
In fact, the council will be using F5 to implement a new mapping solution for the local community and are at ease knowing they have the capability to provide access to end-users or members of the public in a secure manner.
Other services from FCRC include a property and rating system, which is an external interface for rate payers to view rate balances and lodge requests. Additionally, the council has also launched online booking system to allow the local community to book public spaces such as parks and community halls for events.
Deploying web-based services without web application security is a dangerous move. ASM allowed FCRC to spin up web application firewall (WAF) services close to apps, to fend against application vulnerabilities.
"In a hybrid environment, the ability to secure and differentiate access to the council’s applications and network is important. APM provided centralised policy-based control on user identity and context, and manage access to applications, network or cloud, with visibility of devices and locations they access the apps from. With simplified remote access, our ability to develop web applications from a single pane of glass, whilst introducing two-factor authentication is the coolest thing about F5. We are able to deliver applications to the users and ensure that the security posture doesn’t change no matter where the users are,” said Rogers.
In a hybrid environment, the ability to secure and differentiate access to the council’s applications and network is important. With F5, we are able to deliver applications to the users and ensure that the security posture doesn’t change no matter where the users are.
The biggest benefits are undoubtedly in three main areas – flexibility and faster time to market, an improved security posture and an agile infrastructure.
“In the past we were technically challenged, but today the challenge is minimized as we are in a more flexible and agile position to roll out new services within a couple of days,” said Rogers.
APM’s ability to integrate with FCRC’s two-factor authentication allows the council to bypass it in the event of a disaster. This allows FCRC to provide an increased number of users remote access, a level of flexibility that was non-existent previously.
Providing access to both internal and external users is simpler with APM and the active directory integration. Previously, there were security concerns with users accessing corporate systems via a browser interface, but now F5 is able to manage those transactions. This drastically changes the way people access environments remotely also simplifies day-to-day operations.
Consolidation of infrastructure is another key benefit. In the past FCRC had a combination of Citrix Netscaler and RSA tokens alongside other physical infrastructure in its DMZ, today everything is either virtualised or in the cloud.
“Globally, expectations of the mobile workforce on public sector are influenced by new technologies and changing private sector service delivery standards. Hence, the onus is on us to increasingly deliver more convenient choices and ease of access, while ensuring that our services are secured,” said Rogers.