Case Studies Archive Search Case Studies

RIKEN, Japan’s Renowned Research Institution Makes a Technology Shift that Eliminates Hassles and Lowers Costs

RIKEN is an international research organization with more than 3,000 personnel doing work at nine locations throughout Japan. 

The institution needed to combine all the ways employees accessed the network into a common, single method. Using F5, RIKEN unified its disparate network connections. Today, when RIKEN employees participate in multi-site projects, they use one login method to access various sites. 

Business Challenges

Founded in 1917, RIKEN is Japan's largest comprehensive research institute in the natural science and is highly regarded for its innovative research in science and technology. 

RIKEN has multiple research campuses, many with network systems that operate independently of each other. When thousands of employees attempt to access siloed networks and use various devices and log-in methods, chaotic situations can often occur. 

For instance, whenever an employee had problems connecting to the network, RIKEN’s IT Department could not troubleshoot the issue until it first identified which site the employee actually belonged to. If it turned out the employee was trying to access a site different from the one he or she regularly used, then IT would have to determine whether or not the root problem was caused by the employee’s device, or if the issue resided with the site that the employee was attempting to access. 

Ken Mizoguchi of the RIKEN Advanced Center for Computing and Communication’s Yokohama Unit stated, “Since each hardware unit was procured from its own vendor, solving issues and deploying services to new users were time-consuming processes. They also created a lot of inconvenience for our users.” 

Because system access issues were a hassle that also interrupted employees’ work flow, RIKEN was intent on finding a permanent solution. The institution brought in F5 BIG-IP with Access Policy Manager to integrate all external VPN connections. Using F5, employees gained a single login method and could access the RIKEN network securely from any location, with any device. 

By unifying SSL-VPN connections with BIG-IP APM user convenience has drastically improved. From any of our sites, users can start using VPN by accessing a single URL from the browser he or she is using.

Ken Mizoguchi, RIKEN Advanced Center for Computing and Communication, Yokohama Unit

Solution

Researchers at RIKEN use various devices. This includes Windows, Mac OS, iOS and Android; some visiting scientists from overseas may even use Linux.

In 2011, RIKEN selected a single vendor for all equipment used in its Yokohama site. During 

April 2013 RIKEN announced a clear timeline for system unification, and by October 2014 began accepting bids. It was in December of the same year that RIKEN selected the proposal offered by Toyo Electron Device Ltd. (TED). 

RIKEN’s integration deployment plan specifically required that the system accept concurrent VPN accesses by hundreds of users. SSL-VPN needed to be included as the VPN protocol so that it could be deployed over many types of devices. In order to satisfy both requirements TED included unification of SSL-VPN using BIG-IP Access Policy Manager (APM) in its bid proposal to RIKEN.

The figure below depicts the architecture of an integrated system. 

The first step is for the digital certificate issuing system to distribute a digital certificate for the SSL-VPN connection to each user device. This digital certificate generates an SSL-VPN tunnel between the device and BIG-IP APM. With RIKEN sites connected to each other using wide area Ethernet (WAE), users can easily connect to other sites remotely. 

Using SSL-VPN by BIG-IP APM is considered to have provided the highest degree of unification.

Ken Mizoguchi, RIKEN Advanced Center for Computing and Communication, Yokohama Unit

Benefits

Complete Flexibility
Before integration, different settings were required for different sites and for different devices. Users also were restricted to a location because they could not access their network remotely. 

“Unifying SSL-VPN with BIG-IP APM greatly enhanced user convenience,” stated Mr. Mizoguchi. “This is thanks to the fact that accessing a single URL starts a VPN connection regardless of the location of the user. Also different access protocols that used to be deployed in different sites necessitated multiple instruction manuals. This is no longer the case,” added Mr. Mizoguchi.

Lower operational cost
Because each research site had its own VPN protocol, when it was time for a device’s operating system to be updated, someone from RIKEN’s IT department had to verify whether or not the protocol supported the newer OS version. If the newer version could not be supported, then IT had to update the VPN software. Having to update VPN software meant validating requests for new OS versions from each RIKEN site and then preparing a site-specific plan for rolling out an update. 

This process was eliminated because the single BIG-IP APM handles all VPN accesses. “Using SSL-VPN by BIG-IP APM has provided the highest degree of unification,” commented Mr. Mizoguchi. 

Easy troubleshooting
In the past many employee system access issues were due to inappropriate device settings. Yet in order for this to be confirmed, troubleshooting had to begin with IT support having the user identify which research site they were attempting to access. Since access to all sites use SSL-VPN with BIG-IP APM, users avoid this process altogether and any troubleshooting with the IT department is much easier.