West Australian municipality secures advanced government and citizen services with Cisco® Identity Services Engine.
The City of Stirling lies in the northern suburbs of the Western Australian capital city of Perth. With a population of approximately 220,000 and covering an area of 105.2 square kilometers, the city is the largest local government area in the state.
For the past several years, this forward-looking city has invested in an IT vision designed to transform its infrastructure into the next generation of secure, centralized networking. Its roadmap supports a wide range of city functions including government offices, properties, field operators (such as park staff and property inspectors), and public assistance. It also covers recreation areas, golf courses, and the beachfront. In total, the city’s WAN supports more than 30 locations, with an additional 15 public Wi-Fi hotspots.
However, securing this far-reaching capability has created a challenge for administrators. “We wanted one centralized solution for identity management,” says Peter Bennington, Chief Technology Officer (CTO) for the City of Stirling. “It needed to be a simplified approach that would integrate with other strategies on both our public and private networks.”
Furthermore, the new security strategy had to be highly scalable. The city government and its contractors total approximately 1200 users, but with a popular beachfront zone, the number of visitors on the Stirling network is often up to thousands at a time. The city also continues to experience steady population growth.
“With continuous anticipated expansion and growing usage, we knew we had to be able to provide good performance that would support a quality user experience,” Bennington says. “And, especially on the corporate side, we needed very high availability. We already had a significant investment in Cisco technologies. For all these reasons, we chose the Cisco Identity Services Engine (ISE) for our identity management solution.”
The Stirling Security Solution
From the time Stirling began to rely on a mobile workforce, it was understood that a strong security solution would need to be deployed. The IT roadmap called for a fully integrated security approach that enables central control and management across VPNs, Wi-Fi, LANs and WANs.
“Mobility has gone in a very short time from a minimal technology used for consuming information—in many cases relying on manual processes—to a much more electronic capability,” Bennington says. “This means that we need better, more granular security and controls for our digital networks.”
Cisco ISE is a centralized security solution that automates context-aware access to network resources. It achieves this by collecting data about the network, the type of device, partner or user identity, and location, and analyzing the sum total to make an informed access decision. Integrated with the city’s AirWatch security program, ISE is designed to provide:
● Differentiation of service based on user identity
● Securing of the wireless network with Extensible Authentication Protocol (EAP) methods for authentication
● Web-based authentication for guest users
● Sponsor access to create guest accounts
● Profiling and posture capabilities
Onsite work was done by two certified Cisco Gold Partners. These included Data#3, a Brisbane-based company serving Australia and the Asia-Pacific region, which provided initial planning, product, and deployment services to Stirling. Partner DimensionData is a global firm, which served as the systems integrator for the Wi-Fi network security implementation.
“One of the advantages of working with Cisco is its impressive ecosystem of partners, and we had a great partner experience,” says Matt Younger, the city’s ICT Infrastructure & Network Architect. “These teams were with us the whole way, from design to implementation.” Cisco also supported the project from the United States, including creating an early software update to resolve an integration issue. “You always expect to run into some problems on a large deployment,” Younger added. “It comes down to how quickly they can be resolved. We were very happy with the personalized support we got from Cisco.”
Business Results: Achieving Invisibility
“The goal of our Cisco ISE implementation was to have no one realize that we had done it,” Bennington says, “and we absolutely achieved that.”
As well as meeting goals of availability, reliability, and performance, Stirling had set the expectation that its new security solution would literally not be noticeable to its users. “We knew we had it right when we asked workers how they liked the new identity management system, and they responded, ‘What are you talking about?’” Bennington says.
City employees and citizen users no longer receive demands for multiple logins, even from field locations; nor do they go through a complex, multistage sign-in process, even with VPN. Previously, users had to log on continuously throughout the day, and IT heard many complaints about midsession interruptions. Today, Cisco ISE identifies users, knows who they are, where they work, and what they should have access to—all transparently to these users. The result is expected to be better worker productivity and increased use of public domains by employees and citizens.
Next Steps for Cisco ISE
Cisco ISE will play an increasingly important role as part of the foundation for the city’s network. Currently a hybrid environment, Stirling is making the jump to a more complete Cisco infrastructure for routing and switching, as well as WAN acceleration and blade-based serving. The City was also one of the first councils in Western Australia to adopt Cisco IP telephony, along with VPN, wireless, and digital media solutions.
With its network well secured, Stirling plans to proceed with the next stages of its IT vision. More work is underway to enhance access to specific applications, along with better management for mobile devices to avoid data leaks.
Cisco ISE will also become part of a new physical security solution using closed-circuit TV cameras and access control devices. A Cisco Instant Connect two-way radio capability that integrates a wide range of communications devices is also under consideration to support emergency services.
“Cisco is constantly adding new functionality, allowing us to create new services on the same flexible foundation,” Bennington concludes. “Now, we have the confidence that our network identity management is up to the same challenge, helping to safeguard our network—no matter what changes we make—across the entire city.”