Aiming for remote access with smartphones, but the complexity of settings poses a challenge

Founded in 1988, Digital Technology was one of the first to introduce the world's most advanced equipment to Japan, and has greatly contributed to the spread of the Internet in Japan and the development of cutting-edge technology in companies and research institutes. The company, which became a wholly owned subsidiary of DTS Corporation in December 2009, has the ability to build an IT environment cultivated over its long history, the ability to provide unique value-added solutions, and the ability to always stay close to customers and identify their true needs. With the three strengths of our ability to make proposals, we mainly provide the latest technologies such as hybrid cloud integration, hyperconverged infrastructure, and SI related to network security. As a total system integrator that handles everything from sales and construction to maintenance and operation of IT system products through a multi-vendor system, we already have a track record of transactions with more than 1,600 companies, government agencies, universities, and research institutions.

With the replacement of IP-PBX in 2017, digital technology enabled remote access to internal resources such as e-mail and groupware, in parallel with extension telephone extensions using company-issued smartphones for all employees. also aimed. In the company, the general affairs department is also responsible for managing the information system, so this project was also planned to be handled by the general affairs department, from installation to configuration. , which was a major obstacle to its introduction. Koji Arikawa, Manager of System Design Unit 1, Digital Technology IT Integration Department, explains the situation at that time as follows.

“The target smartphones are about 70 in the line department. The general affairs department, which is not an expert, was not enough, so we SEs in the engineering department were put in charge of setting up OpenVPN, which we have experience. It sometimes took up to 2-3 days to kit a single smartphone and issue it to an employee.In addition, once a year, the client certificate needs to be renewed, which also takes time. It was assumed that it would take time and effort, and the company wanted to somehow solve this problem.”

Simultaneous certificate issuance and initial configuration with Pulse Secure onboarding function

What Mr. Arikawa aimed to achieve was a low-cost implementation that would allow remote access to be easily operated even by the general affairs department alone, as well as strict security that would only allow access to company information using company-issued smartphones. From around December 2016, while considering various products, the one that met the most conditions was Pulse Secure's SSL-VPN appliance.

“I knew about the basic functions of SSL-VPN from the time of the old MAG, but it is no exaggeration to say that the ``onboarding function'', which Pulse Secure has set as an option as a unique function, was the decisive factor this time. There is none"

Normally, in order to use SSL-VPN, it is necessary to set client certificates and detailed parameters after installing an application on the terminal, but this setting is not a little troublesome for administrators. By using the onboarding function of Pulse Secure, it is possible to safely and easily issue a client certificate according to the user authority by ActiveDirectory (AD) in cooperation with the SCEP server, and the employee himself/herself can access the URL distributed by the administrator. However, just by downloading and installing the SSL-VPN setting profile, various initial settings are performed, and Pulse Secure remote access can be used immediately.

“This time, in addition to the IP-PBX, we also had to build an in-house wireless LAN environment, so security settings were necessary when connecting the wireless LAN, but with Pulse Secure, we also had the advantage of being able to distribute Wi-Fi profiles at the same time. I was convinced that this was the best choice,” says Arikawa.

Post-installation operations are also centralized on the management screen Dramatically reducing the burden on the general affairs department

After downloading the Pulse Secure virtual appliance (free version) from Macnica 's website and verifying its functions, including the onboarding function, on a virtual server, we determined that it was fully operational. The company decided to adopt Connect Secure PSA3000 in March 2017, conducted various tests in April, and began full-scale operation in May.

"The onboarding function securely imports the client certificate and server root certificate profiles via a complicated URL for increased security, as well as various SSL-VPN parameter settings and Wi-Fi connection settings. is automatically distributed to each user, so all you have to do is hand over the smartphone to the user.There was no need for any special manuals or instructions.The user launches the Pulse Secure app and presses the connection button. You can connect with just a tap, and operations after installation can be performed centrally from the management screen, so the burden on the general affairs department has been dramatically reduced,” says Mr. Arikawa.

With the previous OpenVPN, it took an average of 1-2 days to hand over one smartphone to an employee in a state where it could be accessed remotely, because the general affairs and engineering departments were involved, but with the introduction of Pulse Secure, the work has been reduced to 1. Now finishes within ~2 minutes. Moreover, it is possible to connect to wireless LAN at the same time. Arikawa says the difference is large.

“Both the general affairs department and the engineering department were freed from setting up smartphones and were able to concentrate on their original work. Also, in the case of OpenVPN, if a Linux server fails, it can be restored and reconfigured. PulseSecure is an appliance, so it is stable, and in the unlikely event of a problem, if you export the settings in advance, you can restore it immediately, so it is very safe."

In the future, we will make use of our Pulse Secure implementation experience in making proposals to customers.

User Profile