“SecureLink proposed an F5 solution that delivers the performance

Industry: Government
The Challenges:
• Deliver citizen pension data online
• Ensure tight security for private, sensitive information
• Provide high availability and fast performance for millions of users
The Solution:
• BIG-IP® Local Traffic Manager™
• BIG-IP® Application Security Manager™
The Benefits:
Using F5 BIG-IP products, the RVP can now provide citizens
with a secure, convenient way to view their pension
information online. The high performing F5 solution scales
to accommodate traffic spikes, enables the RVP to comply
with many regulations, and has also eased IT management
tasks.
• Strong security against all forms of attack
• High performance for online users, even during peaks
in traffic
• Ease of management for the internal IT team
SecureLink NV
Uilenbaan 80
2160 Wommelgem
T +32 3 641 95 95
F +32 3 641 95 99
[email protected]
www.securelink.be
“SecureLink proposed an F5 solution that delivers the performance
that citizens want and the security we need.”
Rijksdienst voor Pensioenen (RVP)
The RVP is the government agency that handles pension
information for the citizens of Belgium. When it decided to make
pension data accessible over the Internet to all employed people
and pensioners in the country, it had two key concerns. First, it had
to secure its highly personal and sensitive data from unauthorised
access. Second, it had to ensure high performance and availability
for a potential user base of many millions of people.
Business Challenges
In Belgium, pensions are calculated from data relating to each
individual citizen’s employment history. The government therefore
holds vast amounts of data relating to the careers of more than 5
million employees and pensioners.
In the past, the RVP sent out a yearly report to citizens, with
information on the number of days worked during the year and
any sickness, social security, or disability benefits claimed. This
report included data relating to only a single year, so it was difficult
for citizens to assess what their pension entitlements might be in
the future.
In 2010, the Belgium government made a public commitment to make pension information more accessible to citizens and
its processes more open. The RVP launched an initiative to give citizens access to pension information relating to their entire
careers, over the Internet. Through this online solution, the RVP wanted to make it possible for citizens to review their own
career data on demand, and easily calculate and monitor the pension they would be entitled to, on reaching retirement age.
To meet the needs of an entire nation, the RVP’s online pension application had to be able to deliver exceptional performance
and availability for millions of users. At the same time, the application had to be extremely secure to protect the very
personal and sensitive data contained in the organisation’s databases. In particular, the application had to be able to support
a strong authentication process, using the electronic ID cards that all Belgian citizens carry.
Solution
The RVP already used F5 application delivery solutions within the
organisation to ensure the optimal performance of its core pensions
administration applications. Used by 3,000 employees, these internal
applications are both bespoke to the organisation and critical to its
operations.
The RVP was highly satisfied with the performance of its F5 solutions, but
it couldn’t simply purchase additional F5 products to meet the needs of
its new external applications. Like all other public sector organisations in
Quote
“F5 delivers the performance that
citizens want and the security
we need. Because we were
familiar with F5 solutions and
the workaround of SecureLink,
we had confidence that the
solution architecture proposed
by SecureLink would meet our
needs.”
Ivo Tuytens, IT Security Manager,
RVP
Since the online pensions application has been implemented, it is typically accessed
by more than 30,000 users every month, or approximately 400,000 a year.
Belgium, the RVP was obliged to follow certain strict tender
procedures. It therefore issued a formal request for proposal (RFP)
with a technical specification that covered all of the requirements of
the new system. At the end of the tender process, the RVP selected
SecureLink, a system integrator and F5 partner that operates in the
Benelux region. “SecureLink provided the best value when we took
into account the quality of products offered and the price,” says Ivo
Tuytens, IT Security Manager at the RVP.
“Because we were familiar with F5 solutions, we had confidence
that the solution architecture proposed by SecureLink would meet
our needs.” SecureLink supplied and installed two F5 BIG‑IP Local
Traffic Manager (LTM) application delivery devices, along with the
BIG-IP Application Security Manager (ASM) module. The two BIGIP LTM units are configured in active/passive mode to provide
instant failover in the event of a fault. The solution currently
supports four production web application servers.
During the course of the installation project, the RVP used the
F5 iRules® scripting language to create customised processes
for logging in, routing traffic between web servers, and
strengthening security. “The iRules feature is very valuable,”
Tuytens says. “If something isn’t done by F5 by default, you can
always create it with iRules to precisely meet your needs.”
“Because we were familiar with F5 solutions, we had confidence that the solution architecture proposed by SecureLink would
meet our needs.” SecureLink supplied and installed two F5 BIG‑IP Local Traffic Manager (LTM) application delivery devices, along
with the BIG-IP Application Security Manager (ASM) module. The two BIG-IP LTM units are configured in active/passive
mode to provide instant failover in the event of a fault. The solution currently supports four production web application
servers.
During the course of the installation project, the RVP used the F5 iRules® scripting language to create customised processes
for logging in, routing traffic between web servers, and strengthening security. “The iRules feature is very valuable,” Tuytens
says. “If something isn’t done by F5 by default, you can always create it with iRules to precisely meet your needs.”
Since the online pensions application has been implemented, it is typically accessed by more than 30,000 users every
month, or approximately 400,000 a year. In addition to providing secure access for citizens, the F5 solution is also used to
provide secure access to pension data for the RVP’s partners, including other government agencies.
Benefits
Through the use of the F5 solution, the RVP has been able
to keep highly sensitive data about citizens completely
secure. Over recent months, there have been several
attempts to penetrate the system, launched from locations
in Russia, Kazakhstan, and China, but in each case, the F5
solution successfully detected and blocked the attacks.
“F5 works,” Tuytens says. “High security is the most
important feature offered by F5. BIG-IP Local Traffic
Manager learns from the traffic it handles and can then
create new policies to enhance the protection provided.”
Understandably, the RVP has to comply with a great
many government, financial, and data protection
regulations, including ISO 27001. Tuytens says,
“F5 products ensure our compliance, and they actually go
much further than the regulations demand, to provide us
with even stronger security.”
F5 has given the RVP an effective way to centrally control
its entire external application infrastructure. Easy to
use, the solution has simplified many routine network
management and security tasks, thereby freeing up time
within the IT team.
“Without F5, we would have to make security updates to
all of our web servers,” explains Tuytens. “With F5, however,
we have to make the changes just once. F5 provides all the
capabilities we need, centralised in one solution.”
Typically, the RVP receives up to 30 Mbpsof traffic on its
external applications. However, a simple announcement
from a government minister can lead to a spike in traffic, as
more citizens are prompted to check their pension status.
On one occasion, following a government announcement,
traffic levels jumped up to 70 Mbps. Throughout this period
of exceptional system usage, the F5 products continued to
balance the load and deliver high performance for users.
Tuytens concludes, “F5 delivers the performance that
citizens want and the security we need.”