"ONE CLICK SOLUTION" FOR GLOBAL USE

Headquartered in Fürth, Germany, the UVEX WINTER HOLDING GmbH & Co. KG operates internationally in 22 countries, holds 41 subsidiaries and employs more than 2000 members of staff. Since 2005, well ahead of other companies, uvex has been using a fully automatic remote access solution for the implementation of its global virtual network.

As early as in 2001 uvex implemented a Europe-wide virtual private network, based on IPsec standards. Looking for a suitable solution, Peer Reichert, KIM systems manager at uvex Winter Holding, evaluated the VPN solution of NCP engineering GmbH, located in Nuremberg, Germany. Since its inception in 1986, the medium-sized company has been focusing on highly secure, universal remote access solu-tions. "NCP’s technology, their know-how and the smooth co-operation with NCP’s IT-department persuaded us", Reichert explains. In co-operation with NCP’s sales partner Pegasus, headquar-tered in Regenstauf, Germany, a VPN was set up. At first, it only connected the 50 employees of the IT and sales department to the company’s network. In order to access the network, the employees could use ISDN, 3G, GSM, Wi-Fi or DSL.

Soon, further employees had to be integrated into the system. Until 2004, the number of users was five times

higher than initially. Consequently, the IT department’s VPN management workload was rising steadily. Up to 2004, every single VPN client had been managed manually. "On top of that, we wanted to put an end to the myriads of passwords. We wanted to imple-ment one central workstation, where each employee logs on to only once in order to gain his or her personal-ized and process-oriented access to all data, information and applications of the company. Furthermore, we were looking for a system which allowed for strict adherence to all of the company’s policies" Reichert reports.With the aim to relieve both, IT department and users, the company decided to invest in a VPN solution, which allows for fully automatic operation for both, user administration and data com-munication. User policies were to be distributed through a central manage-ment system. This lead to the imple-mentation of an identity management system (IDM) and a centrally managed VPN solution. The central management was to integrate seamlessly into the IDM and the already existing firewall. A redundant VPN server system, in two distinct datacenters, the implementation in VMware as well as a service for automatic updates were to be introduced as well.

Migrating from the previous VPN solu-tion to a centrally managed VPN solu-tion, the uvex Winter Holding GmbH & Co.KG continued to use NCP’s remote access technology. "We remain faithful to NCP, because of our positive rela-tionship in the past and because of the software’s high acceptance among our users. In this way, of course, system migration was easy and our administra-tors were already experienced in deal-ing with NCP’s technology", Reichert explains.

Prior to system migration, the new solution was rolled out to a test group called "information management". After successfully testing the site-to-site feature, NCP’s Secure Enterprise Solution was implemented in parallel to the already existing system in 2004 / 2005. NCP’s Secure Enterprise Solution consists of a VPN client suite, a VPN gateway and a VPN management system. Again, the IT service provider Pegasus supported Reichert and his team.

NCP’s Secure Enterprise Management (SEM) is the core element of the

centrally managed remote access solution. The software serves for systematic administra-tion and monitoring of the whole remote access network. Fully automatic, a single console monitors compliance to security policies as well as rollout and operation of the

UVEX IMPLEMENTS FULLY AUTOMATIC REMOTE ACCESS SOLUTION FOR GLOBAL VPN

"NCP’S TECHNOLOGY, THEIR KNOW-HOW AND THE SMOOTH CO-OPERATION WITH NCP’S IT-DEPARTMENT PERSUADED US"

Peer ReichertManager KIM systems, uvex

CASE STUDY

tele-workstations. This includes soft-ware and configuration updates, user management, licenses and certificates. The system monitor, a real time moni-tor, graphically displays all state infor-mation for the uvex IT administrators. NCP’s Secure Enterprise Management System has been integrated into the IDM via LDAP. Joining the two systems greatly relieved the IT department. Now, the HR department is in charge of entering the users’ master data. If an employee resigns or a new one is hired, the employee’s access to the VPN network can be easily locked or set up. The user only has to memo-rize a single password only to access all applications.

In order to secure high availability of NCP’s Secure Enterprise Server, located in a datacenter, an NCP failsafe server has been added to the system. The failsafe server - i.e. the backup system - has the same scale as the primary system.

On a global basis, a total of 350 users are integrated into the VPN - this includes the executive board, the sales personnel, all uvex subsidiaries and the IT support team. Furthermore, suppliers and business partners use this communication platform via a

policy-based access. The VPN is being used for monthly reports and flex-ible access to applications like CRM, Lotus Notes and email or for service purposes. Apart from that IT suppli-ers use NCP’s VPN software for their service purposes. Since IT suppliers frequently have several VPN clients on their computers, NCP’s VPN client runs as VMware on these machines.

INTELLIGENT CONNECTION SETUP"Even among our employees who are not too keen on IT, NCP’s software has high acceptance. Especially the fully automatic connection setup of NCP’s Secure Client Suite impresses us. The user only has to click once to gain immediate access to the company’s headquarter - no matter which commu-nication medium our employee uses," Reichert explains delightedly.

NCP integrated a dialer and a dynamic firewall into the client suite, in order to provide highest security and the easiest access possible in all remote access environments. Depending on the loca-tion (hotspot, home office or company Wi-Fi) a different set of policies defines the security measures. The firewall soft-ware automatically recognizes secure and insecure networks. Depending on the environment, the software’s "friendly net detection" (FND) feature automatically activates the required firewall rules. The user cannot modify or alter these rules for they are set centrally. Network access control (NAC) only allows network access to end devices, which meet all security policies. "We meticulously check every network access. If any end device does not comply with our company policy it is not allowed network access", Reichert explains.

INTEGRATED SUPPORT OF 3G CARDSAdditionally users and the IT depart-ment are relieved by the NCP client suite’s support of integrated 3G cards. All important information is displayed on the client monitor. It is not neces-sary to install the user interface of the card’s supplier.

"ESPECIALLY THE FULLY AUTOMATIC CONNECTION SETUP OF NCP’S SECURE CLIENT SUITE IM-PRESSES US"

Peer ReichertManager KIM systems, uvex

If new 3G cards are being used in the company, which, according to Reichert, in the case of uvex, may be the case every two months, NCP offers a "3G update package". The uvex administra-tor only needs to download the pack-age from NCP’s website and load it onto the VPN management system. Each client, which is to receive the package, automatically receives it as soon as it logs on the uvex network. The user always works with a single interface, because all features are running in the background.

PLANNING AND INVESTMENT SECURITYModularity and high scalability of the VPN software solution allow uvex to adapt or expand their remote access network according to their needs. The fully automatic remote access operation helped to quickly redeem the investment costs. The IT department’s workload has decreased significantly and the reclaimed time can be used productively for other tasks. In the future, Reichert and his team plan to integrate further platforms like Mac, Linux and iPhone as well as introducing SSL connections to the remote access network.

About UVEX WINTER HOLDING GmbH & Co.KGFUVEX WINTER HOLDING GmbH & Co. KG brings together three globally active companies under one roof: the uvex safety group, the uvex sports group (with uvex sports and Alpina Sports), and Filtral. The uvex Group is represented in 22 countries by 41 subsidiaries but chooses to do most of its manufacturing in Germany. Two thirds of the company’s 2,040-strong

workforce (as at 31 March, 2010) is employed in Germany. Uvex is a global partner to international elite sport and equips a host of top athletes. The motto "protecting people" is at the heart of the company’s activities. Uvex develops, manufactures and distributes products and services for the safety and protection of people at work, in sport and for leisure pursuits.

About NCP engineering, Inc. Since its inception in 1986, NCP engineering has delivered innovative software that allows enterprises to rethink their secure remote access, and overcome the complexities of creat-ing, managing and maintaining network access for staff.

Headquartered in the San Francisco Bay Area, the company serves 30,000-plus

customers worldwide throughout the healthcare, financial, education and government markets, as well as many Fortune 500 companies. NCP has established a network of national and regional technology, channel and OEM partners to serve its customers.

To learn more about NCP engineering, visit www.ncp-e.com. Reach the company on its blog, VPN Haus, or on Twitter.

NCP engineering, Inc.444 Castro Street, Suite 711Mountain View, CA 94041

Phone: +1 (650) 316-6273Fax: +1 (650) 251-4155www.ncp-e.com

© 2010 NCP engineering, Inc. All rights reserved.