Jelly Belly found itself and its network in a sticky situation -- the VPN was too secure.
That "overboard" security prompted some of the top executives at the Fairfield, Calif.-based candy company, known worldwide for its gourmet-flavored jelly beans, to come up with the saying: "The network is so secure, even we can't get in."
While that may be a source of pride for some large enterprises, a jelly bean maker with 50 remote users, 650 employees and 300 who access the network doesn't need that level of security, said Nick Saechow, Jelly Belly's network manager.
"When the owner says, 'The network is so secure I can't get in,' that tends to be a bad thing," he said. "When it comes down to it, we're a candy company. We make candy."
Jelly Belly had used a Linux-based VPN device. Though Saechow won't divulge the vendor, he said the old client wasn't Windows native, it was too complex to manage and remote users would run into IP blocks on the road, not allowing them to log on. It became increasingly time-consuming and costly to work with, and authentication problems were plenty.
Instead of hiring a pricey consultant to come in and address the problems, the confectioner ditched the VPN.
But Jelly Belly didn't leave the network exposed. It sought a new method for secure connectivity, ultimately selecting two NS Series Security Appliances from Canton, Mass.-based vendor, Network Engines Inc.
The NS-6400s are powered by Microsoft Internet Security and Acceleration (ISA) Server 2004.
Saechow said the souring struggles with the VPN prompted his team to start looking into the ISA Server and appliances that integrate with it.
"We're an all Windows shop," he said. "We took a really simple approach and looked at recommended [appliance] manufacturers."
Saechow said they wanted something with minimal administrative overhead, an automated patch process, speed and ease of use for remote access. Once Jelly Belly decided to go with appliances, they evaluated the NS6400s in a test environment to validate remote user access performance and to determine if the Network Engines Web Services (NEWS) management interface would work for them.
The pair of NS6400s protect at the application layer, blocking Internet threats and enabling deployment of Microsoft applications like Exchange, OWA/OMA, Share Point, IIS and Windows XP clients. The NS6400 supports up to 1,000 users, while other versions in the NS family are suitable for larger and smaller user bases.
The boxes provide automated updates, configuration management for backup and restore operations, remote management, failover, alert management and monitoring thorough Microsoft Operations Manger.
Now, the executives no longer have any trouble. They can log onto the network from anywhere. And, Saechow said, it's become much easier to manage.
"It's easier for us to manage," Saechow said. "It's more intuitive. We're a Windows shop. We work on all Windows so we intuitively think along those lines."
This article originally appeared on SearchNetworking.com.
Dig Deeper on Secure Remote Access