Debenhams has implemented an identity management system and virtual private network technology to provide flexible access to its internal IT systems.
The department store chain is using PortWise Application Access software to provide secure remote access for its staff and business partners. The initial deployment to 250 users is expected to be completed this week.
The PortWise virtual private network platform replaces an existing internet-based system, which was only able to provide limited remote desktop access.
Paul Willitt, technical architect at Debenhams, said, "We wanted to find a means of securing full application-centric identity and access management for all of these groups of remote users."
For internal staff, PortWise will be used to access applications running on Citrix Presentation Server 4.0, including Microsoft Office, Outlook e-mail, an imaging program, human resources software and Debenhams' core financial system.
Remote workers are also being given access to Retail Express, a bespoke, terminal-based retail application hosted on the company's IBM AS/400 platform.
Business partners, such as furniture suppliers, will be able to access orders and schedules via a web portal which links to Debenhams' back-end system via the PortWise VPN.
Willitt said end-users would be offered two methods of logging in based on two-factor authentication. They can choose a software token applet that generates a one-time password on their PC. Alternatively, a one-time password can be sent via SMS to an end-user's mobile phone. In both cases, the user is required to key in the one-time password to gain access to the VPN.
The PortWise system comprises an access gateway which resides on the edge of Debenhams' network and a management server which runs within its intranet.
The access gateway is deployed on two IBM x336 xSeries servers running Red Hat Enterprise. The PortWise management software and Citrix server are hosted in Debenhams' Taunton datacentre on an IBM HS20 blade server rack running Windows Server 2003.
PortWise Application Access is designed to provide secure extranet access to applications for mobile users, business partners and customers. It provides a way to assess the capabilities of the device the end-user is using. It also provides policy-based user authentication.
The system does not require any client software to be run on the device.