Government Agency Successfully Secures Cloud-Based Email Solution Using F5 Federal agencies are under a government mandate to implement cloud solutions to cut costs and administrative overhead. One agency chose to replace its existing in-house messaging system with Google’s Gmail cloud-based solution. To ensure security, the agency wanted to keep user authentication and provisioning in house. Having successfully used F5 BIG-IP solutions to manage traffic across two data centers, the agency decided to take advantage of the advanced features and strategic placement of its BIG-IP devices in the network. Today, the agency uses BIG-IP solutions to provide on-premises user authentication for its cloud-based Gmail solution as well as other outward-facing systems. Business Challenges An independent government agency has 1,500 employees in its Washington, D.C., headquarters and in several regional offices. It operates a data center at its headquarters and in an alternate computing facility in another state. Together, these facilities support a number of off-the-shelf software packages such as Microsoft Office and Exchange Server, as well as custom applications and web portals that connect to private-sector companies. The agency is under federal mandate to consider cloud computing options first when looking to implement new IT projects or update existing systems. This mandate, known as the Cloud First policy, applies to all federal agencies and aims to reduce federal IT spending, increase operational efficiency, and enable agencies to respond faster to constituents’ needs. “We started looking into cloud options to determine if there were any in-house projects that could be moved to the cloud without compromising performance or security,” explains the agency’s systems architect. In spring 2011, the agency determined its existing Microsoft Exchange Server messaging system was a good candidate for replacement by a cloud-based solution. The existing solution didn’t provide the archiving capabilities that the agency required. The system was also expensive to maintain and time-consuming to operate since it required data to be backed up and replicated at a disaster recovery site. In addition, since the organization had adopted a unified communications strategy that delivered digitized voice mail and fax messages to email inboxes, the volume of messages stored had significantly increased. “You can derive multiple benefits from the ingrained capabilities of BIG-IP devices. That’s what I like about F5.” Systems Architect, U.S. Government Agency Solution The agency chose Gmail, part of the Google Apps for Government suite, as its cloud messaging solution. It could scale to meet the agency’s needs, and it offered additional features the agency required. For security reasons, the agency wanted to keep user authentication and provisioning services in house. The agency had already been using F5 BIG-IP Local Traffic Manager (LTM) and BIG-IP Global Traffic Manager (GTM) to manage application traffic across data centers and to enhance the organization’s security posture. For example, when the systems architect discovered that a custom application was exposing internal data, he used the full proxy capabilities of BIG-IP LTM to obfuscate packet contents and correct HTTP headers until the problem with the custom application was corrected. Having successfully used BIG-IP LTM to solve this challenge, the agency decided to take advantage of the full capabilities of the product to securely handle user authentication on premises. “We created some web services and crafted some special scripts to create on-premises sign on based on F5 products,” he says. “When a user wants to log in to their Gmail account, the F5 solution pops up a small window for authentication, passes the user’s credentials to Google messaging in the cloud, and the user is good to go.” “Any time a network challenge comes up, I try to see if I can use F5 to solve it. In almost every case, I can.” Systems Architect, U.S. Government Agency Benefits The F5 solution enables this federal agency to reap the cost and administration benefits of a cloud-based messaging system. In addition, it can ensure that security and transparency standards are met. Recently, the agency expanded its BIG-IP systems deployment to provide authentication for all outward-facing systems, and it is looking at new ways to use other F5 offerings to transition additional functions, such as storage, to the cloud. Provides security for cloud-based email solution “Once we found success with our messaging system, we decided that all of our authentication should be done that way,” explains the systems architect. What’s more, the agency now has the means to push more applications into the cloud, helping to further consolidate and reduce costs. “As the ecosystem evolves and we have the capability, security, and a good level of confidence, we’ll move more and more applications to the cloud,” he says. Enables greater data transparency The need to provide transparency in federal management IT systems is another government initiative that agencies are working to implement. This push toward open government platforms is designed to help the federal government crackdown on wasteful technology spending, attack fraud and abuse, and spur innovation by democratizing data—making data that was once restricted available to the public. By maintaining access and usage logs, BIG-IP devices enable agencies to improve the transparency of their IT systems without requiring any additional time or attention.