To keep administrative processes as citizen-friendly as possible, the State Government of Carinthia (AKL) offers an extensive palette of webservices to carry out these administrative tasks online. 25 000 hits per hour via 90 portals and 200 online websites challenge the IT department of the state government to keep up with mandatory security standards and accessibility.  

Whether or not these standards have been achieved is checked through annual audits and when a need for change became apparent last year, a call to action echoed through the IT department of the state government. At this point there was a firewall solution active; the systems behind it, however, were accessed directly, which made the framework that the systems were operating in completely visible to all users. Another problem posed the fact that each and every user accessed the server directly which made the server load skyrocket.  

“The goal was to hide as much of the structure of the web applications from potential attackers as possible. If every single user accessing our web applications through a browser can find any kind of information with-out any filter, this holds a lot of security risks and makes the system vulnerable,” head of the IT department, Rudolf Köller, says, explaining the strategy. “We wanted to find a solution, which would minimize any direct access to the server and create a single point of entry. Additionally, we wanted to offload our servers in such a way that information would reach those using our websites faster than before,” Josef Jartisch - system engineering and responsible for webserver operations - adds.  

In order to assess the situation and find the best possible solution, X-tech was invited as an exter-nal partner. “The IT structure had grown over the years and although development was partly done by in-house engineers, other parts were programmed by external service providers. Because of this the IT structure was not ‚cast from one mold‘ - there was an uncontrolled growth of web applications,” Roland Geldner, IT infrastructure architect at X-tech, explains the situation in situ. The assessment process laid bare the following requirements:

• Faster website delivery
• High availability for all accesses to the web resources
• Securing the web resources against data loss and damage caused by unauthorized access
• Implementation of a central logging

Further analysis revealed that these requirements could best be met by Citrix NetScaler, which was consequently evaluated and then decided for by the IT department of AKL. After placing the order with X-tech, implementation of the project was ready to begin under the supervision of Josef Jartisch as project leader and Roland Geldner as the X-tech project leader. After the network implementation, imaging websites and functions, as well as backing them up, the solution was ready to go online.  

Using Citrix NetScaler has made securing systems more efficient: not does it only control user access to the websites - as the old firewall solution did - it also governs what kind of data may be exchanged with the webservers. Changing the security strategy to Whitelisting allows total control over data transfers in both directions. In addition, a huge improve of webservice performance from users point of view was provided by placing several technical functions on to Citrix NetScaler. Even more: As central access point the NetScaler governs what data may or may not be transferred, and by doing so averts data loss. The requirement of central W3C weblogging was met with NetScaler functionality, that logs which client IP-address has accessed what service. 

By now, 95% of all webservices are run via the NetScaler and the positive feedback of all those persons involved confirms the success of the project: “We’re able to meet the demands of the IT administration when it comes to quality and security. There are also improvements when it comes to application programming and security, since we often receive ready-to-go applications and now have a way avoiding security leaks of those applications,” Josef Jartisch, project leader, assesses the achieved status. Another positive effect: A certain kind of flexibility regarding webservers since those applications can be easily moved between webservers without downtimes or the users even noticing. Head of the IT department, Rudolf Köller, expresses satisfaction as well and ponders about future course of action: “We know we’re on the right path with this project and we really want to push this regime in our applications sector as well.”

• Case Study AKL (Typ: PDF, Größe: 1,6 MB)