Delivering a secure Citrix Remote Access solution with Swivel, SonicWall and Celestix


The Customer.

As part of one of the UK’s leading providers of risk, savings and investment management products, the customer provides surveying and valuation services to the financial sector.

The Problem.

The customer required a solution to allow secure access for the following systems:

  • Remote access to a Citrix private cloud for senior staff when out of the office and remote home office staff.
  • Secure access to an Extranet system for the customers clients. The Extranet contained confidential management information and many of the customer’s clients are household names in the banking and lending industry.  As such, a secure, true clientless and tokenless  solution was required.

BLUE Profile Solution.

BLUE Profile’s approach was not only to install a secure system, but due to the nature of the system it had to be resilient.  Dual internet connections were installed with a primary 10Mb circuit that could easily be expanded to 100mb on the Thus fibre network with a copper based 2Mb backup circuit.  A Cisco router was used for the 2mb circuit, however a Samsung Ubigate was used as a router for the 10Mb circuit to allow the customer to take advantage of VoIP in the future.  The perimeter firewall was upgraded to a pair of SonicWALL NSA UTM appliances in a HA configuration and all switches were configured in a redundant configuration.

The client had already undertaken a server consolidation and virtualisation project using an IBM BladeCenter and Microsoft Hyper-V.  This provided a platform that allowed the provisioning of the Extranet on IBM Blade servers on a secure and separate VLAN within the same BladeCenter, thus reducing the costs in procurement and on-going management and support.

Secure remote access for both the customer’s remote workers and its clients requiring Extranet access was provided by two Celestix WSA appliances in a high available cluster.  The Celestix WSA appliance with Microsoft’s Unified Access Gateway (UAG) provides a comprehensive and highly configurable secure connectivity solution for publishing enterprise applications.

  • Remote workers access a URL which directs them to the portal on the Celestix WSA appliance, a small endpoint client is automatically downloaded which allows the Celestix to perform endpoint security checks before allowing the remote work to proceed. Vasco Identikey was integrated with the Celestix appliance to provide a secure two factor authentication.  Currently Citrix published applications and Outlook Web Access are delivered to the remote workers,   Outlook Anywhere, Microsoft ActiveSync and Direct Access could also be implemented when the requirement arises.
  • The major requirement was that the customers clients would not have to install ANY software or require any physical token or security device to access the Extranet. A separate URL for the Extranet directs the customer’s clients to a HTTPS portal on the Celestix WSA appliance where no endpoint software is required.  Multi-Factor authentication was provided by implementing Swivel’s Pinsafe solution, which was  integrated into the login page of the Celestix WSA appliance to provide a secure, true clientless, tokenless remote access solution.