Osaka Gas achieves secure application availability with XenDesktop
- Data leak is a major concern as Osaka Gas use ordinary PCs with a hard disk and external output device.
- Need to solve the conflict between data protection and the serving customers effectively.
- The introduction of XenDesktop and XenApp allows Osaka Gas to implement tight security without affecting operation.
- XenDesktop enables Osaka Gas to have easy management and stable load distribution.
Osaka Gas Information System Research Institute Co., Ltd (OGIS-RI) was established in June 1983 and is wholly owned by Osaka Gas Co., Ltd. OGIS-RI has three main divisions: Sales, Solution Development and Operation Services. It provides comprehensive solutions—based on advanced engineering and all-round capabilities—from consulting and IT strategy planning to designing, developing, operating and managing IT systems. OGIS-RI’s core business is the full outsourcing of systems operation and management for the Osaka Gas Group. The Operation Services Division of OGIS-RI, which is engaged in infrastructure construction including networks and OS, has utilized Citrix® XenDesktop™ in a call center that supports Osaka Gas systems. This has enabled OGIS-RI to realize a secure call center business, without modifying applications.
The challenge-How to combine information security with convenience
OGIS-RI operates a call center that handles inquiries relating to in-house systems as Osaka Gas. Previously, staff would directly access Osaka Gas systems from supporting clients across a firewall, find out how the problem could be solved and answer the caller’s question. Takanori Horie in the Operation Technology Team within the Operation Services Division describes the situation as follows: “At the call center, we used ordinary PCs with a hard disk and external output device as supporting clients. Consequently, there was concern that personal information might leak from Osaka Gas. But it was also inefficient to have multiple clients serving different purposes, so we needed to find a better solution.” Moreover, some applications needed firewall ports to be opened, so closing unnecessary ports was another issue. Kazuhisa Yoneda, department director at the Systems Operation Department in the same division added, “Ideally, we wanted to make the firewall as strong as possible, but overprotection would interfere with day-to-day work, meaning our business would be hindered. It was important to solve these conflicting problems.” Therefore, OGIS-RI decided to employ XenDesktop as a desktop virtualization solution, enabling security problems to be solved without loss of convenience.
The solution-A secure delivery environment
In 2008, OGIS-RI introduced 20 thin clients as supporting clients at call centers, using XenDesktop as the desktop virtualization solution. Yoneda says, “From the thin clients, we can access Osaka Gas applications via virtual desktops running on XenServer across the firewall. With XenDesktop, the desktop itself is delivered in virtual form, so it enables secure access, with no data left on the support clients.” Another reason for using XenDesktop was that the Osaka Gas system included applications that cannot be run on Citrix® XenApp™. Horie says, “Client-specific applications and applications that do not support multiple users cannot be used on XenApp without modification. However, it was difficult to alter Osaka Gas’ systems, so we employed XenDesktop, which enables current applications to be used as is.”
OGIS-RI had already introduced XenApp to achieve heightened security in four systems: delivery infrastructure for Osaka Gas service shops, infrastructure to prevent personal information leaks by centralizing applications that use such data, remote delivery infrastructure for use by Osaka Gas employees, and J Node, which is an IT control infrastructure used by the Solutions Development Division to manage Osaka Gas systems. For example, in 2003, XenApp was installed in the delivery infrastructure for service shops, where about 550 service shops access information about Osaka Gas customers and their payment history. It has enabled the creation of a secure environment without changing the current interface. Also, in infrastructure for preventing information leaks, XenApp was used to separate file servers that store personal information from other servers. With a remote application delivery infrastructure, Osaka Gas staff can access applications on XenApp from outside via Secure Gateway.
In addition, in J Node, XenApp was used as a means of preventing server administrators and developers from accessing applications and databases directly. In combination with the acquisition of logs for access, operation and communication, this is employed to prevent unauthorized access and to comply with J-SOX legislation.
Also, from 2003 to 2004, systems operated by each group company were streamlined into a datacenter, to construct an XSP network as an internal cloud environment for Internet access from each company. In order to distribute load among the interfaces, Citrix® NetScaler® was installed in March 2008. Horie says, “We decided to introduce NetScaler because it met our three requirements of permanently enabling Layer 7 server access, without affecting the current Layer 4 environment, and implementing a Virtual IP in the same segment; moreover, it could be installed at low cost.” She adds, “We had previously used CUI-based management tools, but with NetScaler, we had the convenience of choosing between GUI and CUI. In particular, the user-friendliness of GUI tools was a major factor, enabling operators to manage NetScaler intuitively. Another advantage of NetScaler was a stable running environment.”
Speedy support from Citrix was critical
The objective of OGIS-RI introducing XenDesktop and XenApp was tight security without affecting operability. Horie says, “The result of introducing XenDesktop and XenApp was as we expected.” Yoneda says, “We have the assurance of knowing we have eliminated future risks, because we could close firewall ports other than those used by XenDesktop and XenApp.” Yoneda continued that “We compared Citrix products with their rivals before introducing them. We found that not only is XenDesktop functionally superior, but Citrix provided more hands-on support. Speedy support is especially important when introducing new technologies.”
Future plans-Remote access in preparation for pandemics
OGIS-RI plans to reinforce its delivery infrastructure for remote access, in preparation for natural disasters or pandemics in the future. “Gas supply is a lifeline in everyday living, so it cannot be interrupted even if a pandemic occurs. In such an event, system operators would remain stationed at the datacenter to prevent infection, while other employees would work from home.” Yoneda said.
However, the current remote access environment can only be used for e-mail, the web and limited applications, which prevents employees from working at home on a daily basis. Therefore, the remote access environment must be upgraded to support all applications necessary for ongoing business. Yoneda says, “By utilizing XenApp effectively, we aim to enable all applications to be used in a remote access environment over the long term. We will also consider using XenDesktop, because some applications will not be usable on XenApp and each user will need a personalized desktop.”