Debenhams has implemented an identity management system
and virtual private network technology to provide flexible access
to its internal IT systems.
The department store chain is using PortWise Application Access
software to provide secure remote access for its staff and business
partners. The initial deployment to 250 users is expected to be
completed this week.
The PortWise virtual private network platform replaces an
existing internet-based system, which was only able to provide
limited remote desktop access.
Paul Willitt, technical architect at Debenhams, said, "We wanted
to find a means of securing full application-centric identity and
access management for all of these groups of remote users."
For internal staff, PortWise will be used to access applications
running on Citrix Presentation Server 4.0, including Microsoft
Office, Outlook e-mail, an imaging program, human resources
software and Debenhams' core financial system.
Remote workers are also being given access to Retail Express, a
bespoke, terminal-based retail application hosted on the company's
IBM AS/400 platform.
Business partners, such as furniture suppliers, will be able to
access orders and schedules via a web portal which links to
Debenhams' back-end system via the PortWise VPN.
Willitt said end-users would be offered two methods of logging
in based on two-factor authentication. They can choose a software
token applet that generates a one-time password on their PC.
Alternatively, a one-time password can be sent via SMS to an
end-user's mobile phone. In both cases, the user is required to key
in the one-time password to gain access to the VPN.
The PortWise system comprises an access gateway which resides on
the edge of Debenhams' network and a management server which runs
within its intranet.
The access gateway is deployed on two IBM x336 xSeries servers
running Red Hat Enterprise. The PortWise management software and
Citrix server are hosted in Debenhams' Taunton datacentre on an IBM
HS20 blade server rack running Windows Server 2003.
PortWise Application Access is designed to provide secure
extranet access to applications for mobile users, business partners
and customers. It provides a way to assess the capabilities of the
device the end-user is using. It also provides policy-based user
authentication.
The system does not require any client software to be run on the
device.