The Canadian medical community relies on the Medical Council of Canada (MCC) to administer examinations, provide results, and verify and store physician credentials. The MCC IT department recognized the fact that its firewalls no longer met the needs of its sophisticated testing environment.
“We needed a security solution with improved application layer visibility,” said Eli Haiby, Senior Systems Administrator at the MCC. Additionally, MCC employees and committee members who work remotely from home offices and hospital environments were struggling with the SSL VPN portal. “Our users were experiencing access issues. People want to be able to use their tablets and iPads, but they were encountering connectivity issues depending on the device and browser they were using,” continued Haiby.
The MCC conducted in-depth research, which included speaking with leading technology vendors and studying the Gartner Magic Quadrant firewalls and remote access research reports. Upon narrowing down the playing field to two potential solutions, the IT department built a list of requirements and invited vendors and their partners to participate in a proof of concept (POC).
Our users were experiencing access issues. People want to be able to use their tablets and iPads, but they were encountering connectivity issues depending on the device and browser they were using
We partnered with Palo Alto Networks and F5, proposing a solution that combined application control and visibility with Palo Alto 3050 next-generation firewalls and unified access control with the F5 Access Policy Manager (APM). Working with the MCC throughout the 6-month competitive POC process, our professional services team provided ongoing knowledge transfer in order to get the IT staff comfortable with the new technology. Upon completion of the POC, the project was awarded to us.
After the pilot, we went with Scalar because they have a very bright team of people who are experts in this space. They actually took the time to guide us and explained what they were doing along the way
Working closely with the MCC, we mapped out deployment timelines and a solid testing strategy. This first stage involved the set-up of the F5 APMs in a testing environment. During this phase, the MCC was busy preparing end user documentation and policy reviews, ensuring a smooth transition experience for the employees, committee members, physicians and universities, who are all users of the remote access portal. The team was then given a window of time overnight to stage a test deployment, identifying and documenting every issue and fix, paving the way to a smooth cutover. “During the night of the cutover, we got all of our IT staff involved, going through each test scenario,” said Haiby. “I am happy to say that we did not experience any downtime,” he continued. In addition to the primary data centre, the MCC has a disaster recovery site where a Palo Alto firewall was set-up to replicate for essential services only.
The MCC experienced visibility improvements and performance gains. The IT staff has a much better understanding of what is happening in the network and is able to quickly detect malicious behavior. It is also noticing fewer support calls and has experienced positive feedback from employees and committee members. “We used to receive support calls from physicians and employees who were unable to access the old SSL VPN because they were logging in from a particular browser or device. Those calls have really tapered off,” said Haiby. “We have seen marked improvements in the SharePoint application and we can now publish MCC web applications securely within the appliance,” he continued.
Positive feedback from users accessing the MCC’s web applications continues to come in. “The remote access solution has been an important upgrade to our systems and has improved the efficiency of our day-to-day work,” said Tanya Rivard, Test Development Officer of the Evaluation Bureau.