Northwest Airlines Improves Remote Access with Easy-to-Manage ...

ovalscissorsInternet and Web Development

Jul 30, 2012 (5 years and 16 days ago)

220 views






Microsoft

Forefront: Security Products for Business

Customer Solution Case Study







Northwest Airlines
Improves Remote Access
w
ith Easy
-
to
-
M
anage Security Solution






Overview

Country or Region:

United States

Industry:

Aviation


Customer Profile

Northwest Airlines is a major airline with
hubs in Detroit, Minneapolis, Memphis,
Tokyo, and Amsterdam. The Minnesota
-
based airline serves more than 900 cities
and has 40,000 em
ployees worldwide.


Business Situation

Northwes
t Airlines wanted easier
manage
ment of its remote Web
applications and e
-
mail. The airline sought
a solution that would integrate with existing
technology to reduce costs and improve
security.


Solution

Northw
est Airlines implement
ed

Microsoft
®

Internet Security and Acceleration Server
2006 to improve the administration and
security of its Web
-
based applications.


Benefits



Streamlined administration



Improved security



Scalable architecture



Smoother access for re
mote employees





“Using ISA Server 2006 allow
s

us to access Web
applications easily from home or, in the case of pilots
and crews, from hotels. All they need is access to the
Internet.”

Wendy Lou, IT Security Architect, Northwest Airlines




Northwest
Airlines (NWA), a major international carrier, wanted to
improve security and provide its mobile work force better access to
Web
-
based applications and e
-
mail. The need to remember multiple
passwords and manually log off
from
shared client devices was a
hi
ndrance to employees and presented potential security risks. The
company was also using a variety of tools and filters to

try to
provide secure

connectivity, and
it
needed a solution that was less
costly to operate and easier to manage. In response, NWA
im
plemented
Microsoft
®

Internet Security and Acceleration Server
2006.
With
the solution in place, employees
now

need only a single
password to open e
-
mail and other critical applications, and idle
connections

close

automatically. The company

has also

reduc
e
d

IT
costs by taking advantage of integrated security, connectivity, and
management features.















Situation

Northwest Airlines is one of the world’s
largest airlines with
40,000 employees and
hubs at Detroit, Minneapolis/St. Paul,
Memphis, T
okyo
,

and Amsterdam
.

Northwest
is a member of SkyTeam, an airline alliance
that offers customers one of the world’s most
extensive global networks. Northwest and its
travel partners serve more than 1
,
000 cities
in excess of 160 countries on six continents.

The airline’s mobile work force depends on
remote access to e
-
mail and intranet
applications for managing schedules and
human resources information.


NWA served its remote users with a complex
technology environment that was costly and
difficult to manag
e. The airline published
more than
6
0 Web applications
that
were
remotely
available to employees, and

it
provided remote access to e
-
mail for 14,000
workers.
NWA

personnel needed to access
common business applications and more
specialized tools. For exampl
e, employees
typically check flight schedules, plan
vacations, and review payroll information
online.
U
nlike
employees in other industries,
however,
many NWA employees seldom use
corporate appli
cations in a conventional
office environment. A pilot’s “offi
ce” might be
at home, an airport, or a hotel

anywhere
there is an Internet connection. NWA
employees also use a variety of client devices
to get online. Some devices might belong to
the individual, but employees can also log on
from shared devices such as
those found in
airport kiosks or Internet cafes.


Maintaining tight security with remote access
means enforcing strict authentication
policies. NWA employees using their own
devices
needed to
supply a physical token (a
smart card) as well as a password.
C
onnectivity also require
d

the installation of
client software so that employees c
ould

connect to

the airline’s network through a
virtual private network (VPN). Managing
remote authentication was cumbersome for
both users and adminis
trators, who had to
cop
e with issuing
and managing
tokens,
installing client software, and assisting users.
The cost and burden of supporting the
authenticatio
n process
indicated to

Wendy
Lou, IT Security Architect

at Northwest
Airlines
, that “NWA needed an easier way for
people

to securely access applications
remotely.”



In addition to a more simplified authentica
-
tion procedure, NWA wanted to reduce the
number of passwords that employees needed
for application
access. According to Lou, “We
have multiple applications, and every
body
ha
d
too many passwords and too many
logons. Our goal was to make it so that once
an employee logs on to our intranet home

page, he or she doesn’t have to log on again
to use another application.” NWA also wanted
an automatic timeout feature to
safegua
rd

both the network and remote users, who
risked exposing personal information by
forgetting to log off
from
shared devices.


The airline spent considerable resources
on

developing a filter
to accomplish
single
sign on (SSO)
and timeout
, and

it

also
purcha
sed an off
-
the
-
shelf product.
Costly
and challenging to manage and support, t
he
combined filters

did not work well with
multiple
applications.

Moreover, they were
yet another piece of technology that had to
be maintained and upgraded.


The airline also ho
ped to improve session
management through the use of delegated
authentication. In this scenario, user
credentials would automatically be passed
to

servers
such as
IBM WebSphere
Application Server and other application and
Web servers that the airline uses.

NWA
wanted a solution that would integrate
smoothly with existing technology, thereby
providing

easier adminis
tration, better




security, and improved access to published
Web applications.

Solution

To create a solution
that
integrated with
existing technol
ogy,
provide
d

highly secure
remote access to Web appli
cations
, and was
easy to deploy, NWA turned to

Microsoft
®

Internet Security and Acceleration
(ISA)
Server
2006
. The airline had been intro
duced
to ISA Server features in late 2003, when it
began deplo
ying Internet Security and
Acceleration Server 2004.


Using ISA Server 2004 had helped the airline
consolidate its servers at corporate
headquarters in Minneapolis, and NWA was
interested in implementing the next version,
Internet Security and Acceleratio
n Server
2006. The airline wanted to take advantage
of the en
hanced remote access and security
features of ISA Server 2006, which
integrated

with its current technology infrastructure.


With

ISA Server 2006

deployed
,
NWA
is

using
some of
its
forward
-
proxy

features, including
enhanced
built
-
in
security filters and
improved Web page load times through HTTP
traffic compression and caching. However,
the airline currently places more priority on
features supporting remote access to
published Web applications. N
WA
has
integrated

ISA Server 2006 with its Web
applications and Microsoft Office Outlook
®
Web Access, a component of Microsoft
Exchange Server 2003. Automatic timeout
and SSO features
have been a

primary focus
of the integration. NWA
also integrated

ISA
Se
rver 2006 with its authentication

mechanisms
,
including the Active

Directory
®

service
.



NWA began implementing the beta version of
ISA Server 2006 in April 2006

and
servers
were

deployed in production in August

2006
.

In addition, NWA
has implemented

form
s
-
based authentication, a feature of ISA Server
2006 that
gives

administrators

the ability
to
customiz
e

the logon page.

With the exception of Outlook Web Access,
forms
-
based authentication was not available
in earlier versions of ISA Server.
I
n the past,
NWA used basic authentication, which Lou
describes as “just a little gray box that has a
user ID and password on it.



She continues
, “
There was no place for us to
put our logo, Help information, or links. It
was

a big prob
lem; we had a lot of complaints
from our users and our developers.” To
compensate, the airline
had
used a third
-
party solution to support forms
-
based
authentication. NWA
replaced

that ancillary
tool with fea
tures built into ISA Server 2006
,
and

t
he
new
logon page
includes

graphics
and
l
inks

to Help information about issues
such as
lost passwords.


The airline has also taken advantage of the
delegated authentication capabilities inher
-
ent in ISA Server 2006 to provide smooth
access to applications managed by IBM
WebSphere Application Serv
er and other
Web

and application servers that the airline
uses. Because ISA Server 2006 can pass
identity information to other servers,
employees are able to access those servers’
applications without needing to log on to
each one separately. In effect,
wi
th ISA Server
2006,
once remote employees log on to
NWA’s intranet home page, they are able

to
quickly access e
-
mail or open other
necessary applications stored on different
servers.


Benefits

By implementing a solution based on ISA
Server

2006
, Northwest
Airlines
simplified

the administration of published Web
applications, which help
s
reduce costs and
improve
s

security through enhanced
authentication and management tools.
With
t
he scalable architecture
,

the airline
can

quickly adapt to fluctuating access d
emands





by using Web publishing load balancing to
easily deploy servers as needed. As a result,

remote employees
are

benefit
ing

from
smooth access to vital Web applications.

“For example, pilots
are

able to log on once to
the intranet home page, check thei
r
schedules, and then book a flight to the
scheduled airport,” explains Lou. “At the
same time, pilots
are

able to check for
important crew news or the weather
conditions at the airports. This can all be
done at home, a hotel, or any airport crew
base.”


Easier
-
to
-
Manage
,

Streamlined
Administration

Using ISA Server 2006, Northwest Airlines
has cut

costs and simplif
ied

administration
by
reduc
ing

its

reliance on stand
-
alone
security and management tools.
By t
aking
advantage of integrated features
such as
si
ngle sign
-
on access

and forms
-
based
authentication
,
the airline
can

more
effectively manage
highly
secure access while
reducing
management overhead
for
thousands of
tokens and

security add
-
ons
.
NWA has already
eliminated
thousands of
tokens issued to VPN u
sers,
simpli
fying
maintenance and cutting hardware and
administration costs.


The airline

also benefit
ed

from streamlined
server administration. Lou points out that the
proxy server solution running ISA Server is

easier to manage. She notes, “Because
pol
icies are shared by multiple servers, I need
to make changes on only one, at one place.
In the past, I had to make changes on each
individual server. I don’t have to do that
anymore.”


Future a
pplication deployment will also be
simplified with automated d
eployment tools.
For example, ISA Server 2006 has added a
publishing wizard that
simplifies configuration
of

Outlook Web Access. Wizards are available
for other Microsoft server offerings,
including
Microsoft Office SharePoint
®
Server

2007
.

With
ISA Server

2006,
NWA
has experienced
the benefits of
operating a more streamlined
technology environment. “ISA Server is easy
to implement and very easy to support,” says
Lou. “Reducing reliance on the third
-
party
add
-
ons
will actually make continued
implementation
much easier.”


Improved Security

Security and administration
has also been

improved with automated Web publishing
tools and enhanced certificate administra
-
tion, help
ing

the airline integrate ISA Server
2006 with Web servers and the Microsoft
Exchange Serv
er environment. Better
certificate administration
has made it

easier
to authenticate
users
and manage access to
multiple applications through the different
client devices used by NWA employees. In
addition, automatic timeout
has helped

ensure that whatever

device
is
used, whether
shared or privately owned, employee
information and corporate data will
protected.


Scalable Architecture

As Northwest Airlines
continues to make

changes
to
its operating environment, ISA
Server 2006
has given

the airline the
flexi
bility to adapt quickly. Lou says, “As more
applica
tions
have
become Web based and
remote access
is

increasingly required by our
vendors and contractors, ISA Server
has
enable
d

us to pub
lish Web applications easily
and effectively.”


New features
such as

Web publishing load
balancing make it easy for the airline to
deploy more Web server farms as needed,
while the ability to balance access demands
helps ensure that remote employees
receive
continuous service. Adding new ISA Server
computers to accommodate

growth is also
easily accomplished. Lou explains, “I feel
pretty comfortable that if we need an
“Because policies are
shared by multiple
servers, I need to make
changes on only one,
at

on
e place. In the past,
I had to make changes
on each individual
server. I don’t have to
do that anymore.”

Wendy Lou, IT Security Architect,
Northwest

Airlines







additional server, we’ll just join it to the
existing array. Because all of the
configuration can be done quickly, I can add
capacity very easily.”


Smoother
Access for Remote Employees

ISA Server 2006 is helping to provide secure
remote access to e
-
mail and intranet
applications for
more than

40,000 Northwest
Airlines employees, suppliers, and vendors.

Indeed,
remote

employees

at Northwest
Airlines
have

enjoy
e
d

quick, convenient
access to vital infor
mation from nearly any
location.
Single sign
-
on access

and the ability
to use
practically

any device with a browser
and Internet connec
tion
have helped

employees stay connected. Lou says
, “Using
ISA Server 2006
ha
s allowed

us to access
Web applications easily from home or, in the
case of pilots and crews, from hotels. All they
need is access to the Internet. I think that’s
the biggest advantage for us.”


Lou continues, “The airline industry is a very
competitive ma
rket. We need to be able to
adapt to changes quickly and cost
-
effectively.
With ISA Serve 2006
,

we can deploy Web
applications easily, more securely, and with
lower costs to meet the access requirements
from our employees, vendors, suppliers, and
partners.



Microsoft Forefront Product Portfolio

The Microsoft
®

Forefront


comprehensive
line of business security products provides
greater protection and control through
integration with your existing IT infrastructure
and through simplified deployment,
management, and analysis. Forefront is a
comprehensive solution that help
s provide
protection for the client operating system,
application servers, and the network edge.


For more information about the Forefront
product portfolio, go to:

www.microsoft.com/forefront







For More Information

For more information about Microsoft
products and services, call the Microsoft
Sales Information Center at (800) 42
6
-
9400. In Canada, call the Microsoft
Canada Information Centre at (877) 568
-
2495. Customers who are deaf or hard
-
of
-
hearing can reach Microsoft text telephone
(TTY/TDD) services at (800) 892
-
5234 in
the United States or (905) 568
-
9641 in
Canada. Outside t
he 50 United States and
Canada, please contact your local
Microsoft subsidiary. To access information
using the World Wide Web, go to:
www.microsoft.com


For more information about Northwest
Airlines products and services, call (800)
225
-
2525
or visit the Web site at:
www.nwa.com


This case study is for informational
purposes only. MICROSOFT
MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
SUMMARY.


Document published
August

200
7




Software and Services



Microsoft Server Product Portfolio



Microsoft Exchange Server 2003



Microsoft

Internet Security and
Acceleration Server 2006




Technologies



Active Directory



Microsoft Office Outlook Web Access