This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."
Download it now to read this article plus other related content.
The county's NetMotion server was installed in one day. Domain authentication is now used instead of tokens, and administrators say users find the client very transparent.
"It's like logging in from your desk, whether you're [connected to] a home network or hotspot," says Kuner. "NetMotion chooses the fastest connection. When you unplug and go into the field, you don't have to close your application or restart NetMotion. You can close your laptop, go home for the weekend, and on Monday [when you log in to your laptop], your connections will still be there."
According to Hunt, session persistence has been a significant improvement. Whether connectivity is lost due to laptop suspension or network change, mobile VPNs work to avoid tunnel disconnection and the resulting user disruption. "We do have some dead spots where cars lose signal. NetMotion continues that application without interruption, whereas the VPN client would have dropped the tunnel and the user would have had to restart their VPN, their applications--everything."
After deployment, the county started thinking of new ways to use the mobile VPN. "For example, food inspectors can go to a facility, complete their inspection, type up a report right there at the facility, and print the report while still on-site," says Carter.
| users ran into problems in public networks that required Web login. The county created profiles to circumvent those issues and purchased NetMotion's Mobility XE Policy Management Module for more granular access control. "Rather than letting VPN clients have open access to our network, we can now give different groups access to different systems," says Hunt.
Hamilton still uses its old Cisco 3005, but repurposed that VPN to focus on vendor/administrator access and site-to-site tunnels. Attorneys were shifted onto a provider-hosted Web portal called Doxpop. "That's gotten us out of the loop, so we don't have to support lawyers," says Carter.
The county is now planning its next steps, including redundancy and virtual servers to facilitate disaster recovery. Although work remains, the team is pleased with its new strategy. "We've gotten more positive feedback on this [migration] than anything else we've done," says Carter. "We've even had old VPN users turn in their tokens and ask to be switched to NetMotion."
This was first published in November 2007