Paul Strobeck discusses tablet file synchronization that complies with remote access security policies. One solution is WebDAV with Cisco AnyConnect.
Our enterprise has standardized (for now) on the Apple iPad, but we've still experienced some challenges concerning employees using tablets. Fortunately, we've discovered some secure solutions for the more vexing issues we've encountered.
Accessing data remotely
The first data stage that we crossed was access to email and calendar items while employees were on the go or out of the office. The tablet form factor was an ideal tool for this kind of data access compared to a BlackBerry device. The employees immediately saw the advantages that tablets gave them for their day-to-day activities. For example, they could email important documents for meetings or other purposes. They were also freed from paper.
At first, this was acceptable, but soon it became limiting. The primary limitation was our lack of an 802.x infrastructure and a reliance on WLAN (3G). The employees became frustrated due to the length of time it took for documents to be retrieved and viewed from email to the tablet.
Physical files and security policies
The second stage we encountered were requests to help them get files (data) onto their iPad (rather than having to always email documents and reports). Of course, the next thing they usually stated was that a colleague showed them this app called Dropbox, which allowed access to documents right there on the iPad. They wanted to know if they could install Dropbox as well.
I was fairly fortunate at my agency, because they were open to my explanation on how Dropbox and other file synchronizing apps worked. I also explained our enterprise remote access security policies that clearly stated business data protection requirements and that the use of Dropbox fell well outside of those policies.
Tablet file synchronization
I will only speak from my perspective as to how I approached this issue regarding the staff using Dropbox et al. on tablets. Our agency has always been willing to work within the boundaries of our enterprise policies. I needed to find a solution that would work with our remote access security policies and to appease our tablet users.
Working in local government has its constraints, both fiscally and technically. We always try to use the infrastructure tools that we have available and discover creative ways to come up with solutions. On my personal iPad, I had an app called GoodReader that I was using to backup and synchronize my personal files to Dropbox.
As I looked through the many connect-to-server options in GoodReader, I saw a connection option for a WebDAV server, and the iPad does support the WebDAV standard. We have an Intranet that runs with Microsoft IIS & SharePoint services, so we decided to take the approach of enabling the WebDAV service on our IIS server and using a shared network folder to then create a virtual folder in IIS and use the WebDAV protocol.
Using the iPad's native VPN capability (since all of our current tablet users had VPN accounts), this would be easy to configure with GoodReader. This app can perform one-way and two-way file synchronization and also has the capability to mark up documents.
WebDAV with Cisco AnyConnect
I proposed WebDAV file synchronization to our CISO as a no-cost solution that fell within the remote access security policies, and it was approved as a proof-of-concept project (POC) for my agency. The CISO was being inundated with requests from other tablet users to use these file synchronization apps on their tablets, and so the timing was perfect.
At first, we found there were a few too many steps (taps) to make WebDAV as seamless as Dropbox, especially since the integrated VPN client on the iPad caused users to have to re-enter their VPN credentials each time they wanted to access WebDAV or if the device went into standby mode. Fortunately, a new Cisco AnyConnect secure mobility client VPN app became available at the beginning of our POC. The AnyConnect app remains connected until it's manually disconnected, even if the iPad goes into standby.
The other issue that holds us back somewhat is that our enterprise does not have a seamless 802.x infrastructure across all campuses and facilities. There's limited 802.x AP's available to tablet users in some of our facilities, but they're primarily falling back onto the 3G capabilities. The good news is that file synchronization with WebDAV over 3G to the tablet is actually quite speedy, but it's dependent on the 3G coverage and QOS. If our users utilize 802.x to access WebDAV for file synchronization, the experience is very much like Dropbox.
During our POC evaluation for file synchronization, users have been quite pleased with the Dropbox experience that this WebDAV and VPN solution has provided. They can now easily access their documents and add them directly to their iPads. This new found ability and flexibility to be free of paper has been a first step toward a paperless environment for our iPad users.
The 3G coverage is quite good in our primary facility, so our recommended best practice is for the tablet users to synchronize files to their tablets prior to leaving. The lack of an 802.11x infrastructure has held back the seamless computing user experience for our agency, and we're currently evaluating project proposals to implement an 802.x infrastructure for all of our agencies' branch offices.
Finally, our enterprise is considering expanding the POC and to bring online a virtual server running the WebDAV protocol and evaluate AD integration for multi-agency file access. For now, however, we've found a secure way for users' data to be made available on their tablets that complies with our enterprise remote access policies.