Open Source facilitates German world-wide secure network

In our modern western economies, most people have become used to being connected to the internet 24 hours a day. We browse, mail and chat wherever and whenever we want. The same thing holds for large organisations, which deploy their own intranets to provide internal information to employees. But what if most of the employees work abroad, with a large number in risky or unsafe regions? And what if one security leak in the communication could lead to political scandals?

German secure network7

Introduction

German secure networkGermany\'s Auswärtiges Amt (Federal Foreign Office, AA for short) employs around 10,000 people, 2,400 of whom work at the headquarters in Berlin. The other 7,600 work somewhere abroad in one of the country\'s 217 foreign agencies, such as embassies and consulates. The headquarters has an IT staff of 210 people and the entire IT budget is €30 million.
Before 2001 there were almost no available networking facilities between foreign agencies and the Berlin headquarters. Most communication was done via regular mail. Agencies situated in exotic or far-away places often found themselves relying on the fortnightly visit of the postman for their official written communication, leading to long delays in several of the agency\'s processes.
Of the 50 offices that did have networking facilities, communication was only possible using a fairly primitive store-and-forward mechanism, comparable to how email is sent over the internet. This method ruled out any interactive communication, such as browsing a webpage from within an embassy.
To add even more complexity, several different technologies were in use to communicate. Depending on the country in which the agencies were located, they used X.25 lines, modems, satellite links or leased lines. Securing each of these required different and system-dependent hardware. For instance, securing a telephone line was done differently than securing a satellite transmission.
Extending or modifying the network proved difficult and costly, especially with foreign agencies located in countries that are subject to very harsh environmental pressures, such as heat, humidity, or dust.

Case

When the cost of communication services began to escalate at the beginning of the millenium, the AA decided to invest in a new centralised communication system to replace the divergent systems in use across the different foreign agencies. As only a few agencies had their own IT staff, the network would be completely managed from the headquarters in Berlin.
Around the same time a new long-term IT strategy was under development. This strategy set out to deliver better IT services at lower cost, whilst also tackling other issues in the process.
One of the annoyances identified concerned the software. Up until 2001 the AA had mostly used Microsoft products such as Windows NT/2000, Exchange, SQL Server and Office 97. Although not unhappy with their technical performance, they were not satisfied with the lock-in aspects of the products, nor the fact that the vendor decides when and how they should upgrade.

German secure network1The new IT stategy (see above) set out to regain control over the internal IT. It was officially signed-off by the Secretary of State, making it formal policy and not some internal issue of the IT department.
In line with the IT strategy, the AA decided that all software, whether open or closed, should use open standards whenever and wherever possible. In addition, Linux was chosen as the server platform and the project was to use Open Source software as much as possible.
With respect to the physical connections it soon became clear that using the publicly available internet would provide an excellent solution to building the network. It not only meant off-loading most of the maintainance costs, but it also offered huge advantages in terms of standardisation on IP-based traffic.

 

Project

In short, the project set out to achieve the following goals:

  • Allow any employee to access information on the AA intranet;
  • Provide email to all agencies and all users;
  • Provide better co-operation capabilities for all users;
  • Design for maximal scalability with minimal complexity; and
  • Facilitate secure remote access and administration.

Constraints were defined as follows:

  • Only use open standards, proprietary standards explicitly forbidden;
  • Use Open Source software wherever possible; and
  • Only use certified and secure encryption technology.

Planning and design of the network, as well as execution of the project was done by AA\'s IT-employees. An external firm was hired to provide expertise on the introduction of secure connections and Open Source software.

German secure network2On the management side, the project was divided into eight parts, covering specific areas such as clients, servers, infrastructure and logistics. Each sub-project had its own team leader. Weekly meetings were organised in which all team leaders exchanged progress and shared experiences. Problems concerning migration from the present infrastructure to the new OSS-structure were discussed in detail and solved during these meetings.
In total around 140 people from the AA\'s IT-staff were involved in the project, which was executed between 2001 and end 2003.

 

 

Network design 

German secure network3The entire Virtual Private Network (VPN) is star-shaped, meaning that every foreign agency connects to a central network hub, which forwards traffic to other agencies if necessary. The hub is formed by the central computer center in Berlin.
Connections are made using public internet facilities. Every foreign agency has its own internet connection with two different ISPs. In case connection with one ISP fails, the other one automatically takes over. At the agency\'s end of the internet link is a secure router, which transparently routes and encrypts traffic between the agency\'s local network and Berlin.
Key to the functional design of the network is the central directory service, that contains the information of all network users. This directory serves as the central point for user authentication. The only system that is allowed to create, modify or delete users is the central personnel system.
In addition, every agency received its own Linux server, which hosts local network services such as email and groupware. To maintain independence between systems, designers chose x-manage to implement groupware facilities. x-manage is a commercial groupware solution that ties in nicely with the central directory.

Encryption Technology

One of the project goals was the unification of communication lines and encryption technologies. For encryption, the AA settled on SINA-technology, which is provided by the Federal Security Office. This technology transparently encrypts and decrypts network packets over public lines and is a certified solution to transmit classified information.
German secure network4The required hardware for these cryptographic machines is made up of standard industrial PC components and a chipcard reader, making the solution very cost-effective. The chipcards are pre-configured with network parameters and encryption keys at the German headquarters and mailed by courier to the agencies. Failure or loss of a chipcard can easily be solved by invalidating the old card and mailing a new one.
Although the VPN routers are seen as black boxes, a nice detail is that they are fully Linux-based. They run Linux from a CD and load specific configurations from the chipcards.

 

 

Costs

Initially a \'conventional\' implementation of the AA network was estimated to cost around €50 million. Using commonly available hardware technology along with Open Source software, the AA managed to reduce deployment costs to €17 million, or one third of the original estimation.
The extremely cost-intensive X.25 lines were shut down and all communication now uses the public internet. Before the migration, the total budget used for connecting 50 foreign agencies was €8 million. Amazingly that same budget is now used to connect all 217 agencies world-wide.

Evaluation

The project was finished in late 2003 following the migration of all 217 foreign offices. Since then, the amount of data being transferred between the headquarters and the foreign agencies has increased tremendously. This can be attributed to the fact that the Intranet, as well as all sorts of applications, can now be accessed through transparent IP connections.
For users in the foreign agencies, the new communications network has revolutionised their work. They can now instantaneously access or provide information and send documents to all embassies at the click of a button. Some users accustomed to using the postal service for their communication needs have even testified that the network \'makes them feel part of the world again\'.
The introduction of Webmin as the standardized administration tool enabled management to reduce the number of so-called \'global administrators\'. The deployed solution with Webmin integrating with OpenLDAP opens up new possibilities to reduce system access to only those parts that an administrator really needs to administrate.
System administrators quickly adjusted to the new environment, but there are some downsides to the extreme standardisation that the IT strategy has imposed. A simple example is the fact that groupware is now provided by a webbased application, making it impossible to accept a meeting invitation with a single mouse-click. Other actions which used to be done using drag-and-drop now require a little more work. Possible future Webmin modules will address these issues, but for now they pale into insignificance when compared to the strategic, functional and cost advantages.
Overall the AA sees the project and its resulting network as a real success. Several other German ministeries have since visited the AA to see what they did and how they did it, concluding that Open Source really is a serious alternative for reclaiming control over their own IT and reducing cost at the same time. The solution, with its modular design in network-construction, hardware-components and software definitely opens a window for an efficient and collaborative future.

German secure network5

Next steps

The AA is currently working on more improvements of its network. The internals of the computer center in Berlin will shortly be migrated and more IT services are on the verge of deployment. Since the entire management of the network can be done remotely, a \'follow-the-sun\' strategy of system administration is being implemented, with IT service centers in Singapore and New York.
The existence of the world-wide intranet has also catalysed a number of new ideas and initiatives for the internal IT. For instance, the first successful experiments with Voice over IP (VoIP) telephony have already been conducted, promising more cost reduction.
With respect to Open Source, the AA is serious about migrating all its Windows desktops to Linux. But before that, and to be independent in the long run as well, all the applications that are used internally are being rewritten as web-applications.
The adopted IT strategy has proven itself invaluable in the eyes of the AA and will surely be kept up in the future.

References
Auswärtiges Amt homepage
http://www.auswaertiges-amt.de

OpenLDAP homepage
http://www.openldap.org/

SINA VPN homepage
http://www.bsi.de/fachthem/sina/

x-manage homepage
http://www.x-dot.de

Webmin homepage
http://www.webmin.com
 
Paper version of this case study
Auswärtiges Amt and Linux VPN (sxw. 537 Kb)
Image removed.Image removed.[262 Kb]
 
© European Communities 2005
Reproduction is authorised provided the source is acknowledged.
The views expressed are not an official position of the European Commission.
Disclaimer 
 

Categorisation

Type of document
Open source case study
Login or create an account to comment.