Man drawing an umbrella over family icon

Secure VPN Solution for Reliable and Compliant Remote Access

Abstract

The successful installation of a secure VPN solution leveraging Pulse Secure’s appliance-based SSL technology enabled this insurance company with reliable and compliant remote access.

What Data Networks Did for BMIC

 

  • Analyzed an existing SSL VPN hardware/firmware/client configuration and recommended specific best practices-oriented improvements.
  • Installed a new SSL VPN appliance-based solution to replace aging equipment.

The challenge

Headquartered in Hagerstown, Maryland, Brethren Mutual Insurance Company (“Brethren”) is a personal, commercial, and farm insurance provider that has been in business for more than 110 years. The company is privately owned by its policyholders, employs approximately 150 professionals, and serves clients in three U.S. states.

Like many organizations, Brethren relies on secure-socket layer (SSL) virtual private network (VPN) technology to conduct business. To adequately support the company’s end users who required secure remote access to the internal network, Brethren implemented the Juniper Networks SA2500 SSL VPN infrastructure (including Network Connect client with host-checker policies). This solution successfully managed Brethren’s endpoint security compliance requirements for many years until more recently when the company’s emerging business needs required technology changes.

To maintain the Juniper Networks-based SSL VPN, Brethren would need to upgrade its hardware. Additionally, Brethren’s decision to upgrade its desktop operating system to Microsoft Windows 10 would necessitate additional firmware updates. However, because Juniper Network Connect was end-of-life, Brethren began investigating a switch to a Windows 10-compatible SSL VPN architecture. According to Brethren Operations Manager Tom Harley, “Our first step required us to find a consulting partner with proven proficiency in our choice solution, the Pulse Secure SSL VPN.” As a trusted Pulse Secure partner, Data Networks ultimately became Brethren’s choice IT solution provider.

The solution

Data Networks proposed and implemented a comprehensive SSL VPN conversion project in which new hardware and firmware were installed, existing configuration settings were migrated to the new hardware, and users were switched over to the Pulse Secure client software. To replace the Juniper hardware, Data Networks engineers installed a pair of high-availability (HA) Pulse Secure PSA3000 appliances complete with the latest firmware, and then mapped existing configuration settings to corresponding settings that controlled the new hardware, and then migrated all settings efficiently.

Upon careful consideration, Data Networks engineers ultimately recommended that Brethren keep its current version of Network Connect as its end user SSL VPN client, citing that not only are end users accustomed to it, but that it is fully compatible with Windows 10 for the time being. Data Networks engineers would, however, proactively preconfigure and develop a new Pulse Secure client that would be ready for an eventual conversion. As explained by Dwayne MacKenzie, Solutions Architect for Secure Networking at Data Networks, “Because our clients sometimes need for us to get creative with our design, we’ll provide them with not only an immediate solution that satisfies their requirements, but one that also prepares them for the long haul. In Brethren’s case, their current instance of Network Connect was a proven application with which the users were comfortable, so we kept it in the architecture but prepared them for the eventuality of replacing it with the Pulse Secure client.”

Mission accomplished

Data Networks engineers finished the project by moving end users’ physical SSL VPN connections from the old hardware to the new Pulse Secure appliances during a planned 30-minute outage period. They then conducted an end-to-end test of the new SSL VPN from end user workstations positioned outside the Brethren firewall to confirm that resulting network connectivity and access matched that of the prior solution. Knowledge transfer from Data Networks to the Brethren IT team regarding the new PSA3000 configuration, a demonstration of the Pulse Secure client designed for future use, and the verified improvements concluded the successful project.

The Pulse Secure SSL VPN architecture was delivered by Data Networks in 10 business days and has since proven itself as a solution that Brethren truly needed in order to keep pace with the insurance industry marketplace. Brethren IT team members have observed excellent connection throughput supported by the HA appliance pair, and the revision of the Network Connect software continues to be a user-friendly client that experiences no issues with Windows 10. The Pulse Secure client stands ready to replace it when the time comes.

“In the insurance industry, we’re high-uptime and need to minimize user disruption during technology upgrades,” says Brethren Operations Manager Tom Harley. ”Data Networks is truly attentive to our needs with regards to this and all other areas. Additionally, we greatly appreciate Data Networks’ ability to transfer an existing configuration, such as our SSL VPN settings, to a new solution, without having to reinvent the wheel.”

Click here to view the PDF version of the Delivering Secure and Compliant VPN Technology at Brethren Mutual Insurance Company case study.