One of the greatest challenges in the world of Technology Services is secure, efficient and manageable mobile services. Clackamas County Technology Services (TS) supports a wide array of departments within the County, all who have a constantly growing need for various levels of remote or mobile access as part of their business model – which is increasingly relying on the ability to utilize County resources from almost anywhere – anytime. Technology Services embraced secure remote access to County services years ago by deploying secure SSL and VPN services allowing access to County resources, applications, data, email etc from any internet connection utilizing our Citrix and web services to manage application delivery. TS also setup a BES Server to support Blackberry devices so Exchange would be available to true mobile users. This allowed many services to be utilized on-premise where needed, via wireless connections, remote support centers, telecommuting, mobile email etc.
With the introduction of “smart” devices, especially the iOS devices, and the enhanced performance of the cellular networks, the requirement to use mobile devices, especially personal (BYOD), has become a business assumption. However, the industry’s lack of standardization, product maturity, security and reliability has been a major hurtle for IT departments to adopt such technology as an extension of core services allowing access to email, file systems, applications and secure data. This is especially problematic with increasing governance and the push for personal devices.
TS recognized early on both the great potential for expanded services, and the mine field of policy, technology and cost issues. It was decided to take on this issue as a full technology initiative to determine the best infrastructure and policies so cost and expectations could be contained. A project team was formed which spent the last year testing mobile device management (MDM) solutions, various popular phone models and platforms, tablets, security configurations and application delivery options. Other critical issues such as policy, BYOD impacts, costs, governance and business requirements were also part of the overall project. Ultimately an overall architecture was chosen that provided the best balance of usability, security, supportability and cost containment – plus the ability to support the business needs of the County now, and into the future.
The final design included a strong, industry leading MDM with a strong security policy (for both County issued devices and BYOD) enforced by policy and configurations. This was reinforced with the deployment of a Public Key Infrastructure (PKI) to deliver device and user security certificates to mobile devices. By adopting a tiered approach to the service delivery and cost allocation, a structured business model was developed that allowed County departments to map utilization to business need and allow for long term support while adapting to evolving technology and markets. This has proven to be a great success for Clackamas County and a showcase for other agencies who want to implement their own mobile solutions. While this has worked well for Clackamas County, we are constantly monitoring the device market for adjustments in our support model as well as adapting to changing technology and governance. This will definitely be an ongoing process as the County business model becomes increasingly mobile.
Benefits & Services
With the implementation of the mobile service architecture and methodology, utilization has and continues to grow at a rapid rate while the cost per device goes down. At the same time desire to be constantly connected and new mobile solutions increase. The number of new devices, mobile enabled users and applications grows daily and is expected to continue for the foreseeable future. Some of the key success points include:
- Current over 750 Mobile devices (smart phones and tablets)
- Expected to grow to over 900 next year
- Several hundred laptops using wireless and cellular connectivity
To maintain an efficient and consistent technical infrastructure that provides business solutions without all the confusion of multiple access methodologies, security levels, device management, cost variability etc – TS has developed a business utilization model to structure the services around how users utilize the mobile services and not the particular technology. This also allows an efficient charge-back (allocation) model that is tied to the tier and the costs to support that tier rather than a complex layer of charges. This also allows County departments to better determine the business need and justification for mobile services.
- Tier 1 Web Based Exchange
Entry level access, internet access to Exchange Web (OWA) from any internet connecteddevice to County Exchange Service. Primarily for periodic use or occasional travelers.
- Tier 2 Mobile Exchange
Mobile device utilization for County Exchange access via a persistent connection to any supported mobile device including BYOD. Used by those who need reliable and consistent access to email and calendar.
- Tier 3 Applications
This tier enables full delivery and use of applications (such as Office, files systems, vendor and custom applications) to mobile devices via an evolving array of supported delivery mechanisms.
Most common access for those that need true mobile / remote services in the field for customer support and telecommuting.
- Tier 4 VPN and Special Requirements
Special situations that requires particular security or access requirements, or remote non-County facilities with County personnel, inter-agency connectivity etc.
Some of the benefits and services implemented:
- Overall service design and architected to meet required tiers of service versus based on specific technology or single solution option
- Allows new service models to be deployed to better serve County citizens and businesses
- Increased utilization and availability of mobile services to support County services especially in the field such as on-premise health care, permitting, inspections, social services, emergency operations etc.
- Maximize utilization of technology while containing costs
- County departments actually reduce costs required to deploy and maintain many services
- Managed and efficient use of data plans, devices, licensing and staff to keep costs minimized
- County able to maintain inventory of standardized and market stable devices for efficient support levels and device reliability, minimize support staff training costs
- Effective, enforceable and understandable policy around the utilization, costs and security related to mobile services, devices and overall governance.
- Secure to meet the many governance requirements such as CJIS and HIPAA
- Deployment of secure certificates to manage devices, authentication and services
- Flexible, supportable and expandable architecture to meet evolving business & technical world
- Allows BYOD for common devices while still maintaining security and reasonable costs
- Consolidated, manageable and understandable policy requirements
- Single overall design to meet various changing remote / mobile requirements especially as technology and available services change
- Designed to support ever changing device market and growing number of applications available to deploy tuned for mobile use
- Able to maintain separation of County security requirements and personal information for BYOD
- Development of convenient automated process (API) for users to request / manage mobile services and devices for their staff and applications while maintaining approval process
- Development of automated process to implement backend provisioning and configuration creating a streamlined and efficient management methodology
- Allows County to take full advantage of the potential of mobile services without many of the headaches, costs and pitfalls of deploying a challenging technology and service
- Successful model used by other local governmental agencies as a case study in how to efficiently implement and manage mobile services
Devices support currently:
- For mobile (BYOD and County issue)
- iOS (iPhone 4s and above, iPad 2 and above)
- Droid (Samsung Galaxy 3S and above, Note )
- Blackberry (will be discontinuing soon)
- Laptop via aircard (Microsoft XP and above)
- Microsoft Devices – coming soon
- For Client (Personal and County issue)
- Any internet connected device that can securely run Juniper SSL via the County secure SSL website.
Technical support of the mobility project is complex and integrated into the overall architecture of the County systems. However, some of the key technology deployed includes:
- Mobile Management
- MobileIron MDM System and AppConnect
- Blackberry BES Server
- Certificate based two-phase authentication deploying multiple certificates based on utilization
- Client Remote Management
- Juniper SSL
- Cisco VPN
- Application Support and Delivery
- Citrix XenApp
- Citrix Receiver
- Cisco AnyConnect
- Verizon Tunnel