SECURE DIGITAL WORKSPACE
Windesheim, one of the largest universities of applied sciences in the Netherlands, wanted its staff and students to work remotely, but could not place even more demand on an outdated and overworked IT infrastructure. To solve its challenge, the university turned to Citrix Netscaler, which enabled fast access, easy migration and plenty of flexibility.
For many years, to secure and accelerate connections to the Internet, the university used Microsoft Internet Security and Acceleration Server 2006 as a reverse proxy and F5 load balancers. But the server was due for replacement and the support for the load balancers had ended. To make matters even more challenging, the university wanted staff and students to be able to work remotely, which would place even more demand on the overworked infrastructure.
"We wanted to replace both solutions with one product that combined the functionality," says Kees Kamphuis, coordinator of infrastructure at Windesheim. "An additional requirement was that the new solution had to support claims-based authentication for single sign-on."
Windesheim sent out an RFP and five companies responded, but only one of them provided a Citrix solution. "We did not use any Citrix technology, but we selected the Citrix NetScaler solution because it best met our requirements for high availability, throughput, SSL offloading, the number of simultaneous sessions and flexibility," says Kamphuis.
"The initial introduction—along with Citrix Consulting—went very smoothly. We already had prepared an IP plan for configuring the Netscaler, so the Citrix Netscaler consultant had the system operational within half a day. Then, gradually, applications were added to the NetScaler, such as Lync, Exchange and SharePoint."
Two NetScaler SDX appliances, one node in the production datacenter and the second node in the disaster recovery data center, now run five virtual NetScalers in HA mode.
Windesheim uses Microsoft Lync for telephony. This was the first service implemented through NetScaler and requires a highly stable and smooth operation, with good call quality. "In the previous environment we had great difficulty properly load balancing this service, but after the initial configuration of NetScaler this has worked very well," says Kamphuis. "The annual independent risk assessment by Microsoft this year focused on Lync. The outcome was that our Lync deployment was unique in terms of installation and performance. This is the best compliment Citrix can get for its NetScaler solution."
Now, 25,000 students and staff use NetScaler for SharePoint and webmail, but also to synchronize their smartphones or tablets internally and externally and even during the weekend. "I am very excited about Citrix NetScaler," Kamphuis says. "All our services are monitored, optimized, accelerated and secured via a single physical device with virtual machines. The 24x7 availability is easy to manage with the management console and reusable building blocks."
"In the old environment we could not add anything more, but now the possibilities are almost endless," Kamphuis says. "We already run several other internal services over NetScaler, including Oracle, our roster package and the externally accessible website of Windesheim." The flexibility of NetScaler makes migrating much easier. To upgrade Exchange 2010 and Lync 2010, the new versions of Exchange and Lync are built on an additional virtual NetScaler, tested and then released by simply switching virtual NetScalers.
"Another big advantage of Citrix is that we can use all the features, now and in the future, as a result of the licensing model we selected," Kamphuis conclude. "The limitations are more determined by our knowledge than what the device can handle. We aim to unlock all applications via NetScaler, from client/server applications, our video portal and access to our file shares."
In the future, Windesheim plans to enable secure access to network shares via Direct Access for telecommuting. Also, the university will lighten the load on application servers by moving claims-based authentication from the applications to the NetScaler. Ultimately, the DMZ will be dismantled completely by locating all servers on the internal network, for additional security and easier system administration by enabling domain connectivity.
Copyright © 2014 Citrix Systems, Inc. All rights reserved. Citrix and are trademarks of Citrix Systems, Inc., or a subsidiary thereof, and are or may be registered in the U.S. Patent and Trademark Office and other countries. All other trademarks are the property of their respective owners.