Healthcare group picks SSL for remote access

Secure Sockets Layer-based remote access has been just what the doctors ordered - and more - for Virtua Health in Marlton, N.J.

The company, which operates four hospitals and two clinics, was looking to simplify doctors' access to network resources after a standard browser upgrade made the existing system unworkable.

Installing an SSL remote-access system from 3-year-old start-up Netilla has given doctors the access they required. What's more, it has helped Virtua slash its software licensing costs, provide more employees with intranet access and more than doubled the number of applications available to remote users.

"We're finding new uses for it all the time," says Andrew Gahm, Virtua's network architect.

The Netilla Service Platform relies on the SSL technology found in most Web browsers and used to protect Internet credit card transactions. Rather than granting access directly to servers, databases and other resources protected by corporate firewalls, Virtua has situated the Netilla appliance behind the firewall, where it provides access to protected company resources over the Internet via SSL.

Virtua looked into Netilla because 400 physicians and other users were having trouble accessing the Siemens Shared Medical System (SMS) healthcare application they were used to reaching by Web browser.

The problem arose last year when many doctors upgraded their browsers to Microsoft's Internet Explorer 6.0, which was not supported by the SMS application or the VeriSign digital certificate used to authenticate remote users. Doctors rejected the workaround of reverting to Internet Explorer 5.5 and using proprietary Siemens security tokens.

The Netilla box can set up secure links with Internet Explorer 6.0 and proxy to a Microsoft Terminal Server containing the SMS Web page, solving the problem.

Once Virtua installed the Netilla gear, it wasn't long before the company discovered other uses for the product. These include using it as a less-costly alternative to expanding its use of Citrix's thin-client-based remote-access technology.

Virtua has used Citrix's Web-based ICA client software to give some employees easy access to a handful of networked applications, such as those from PeopleSoft and Per-Se Technologies. Citrix software on remote machines and the servers being accessed lets end users run Unix, Windows and Java applications that are located on servers in Virtua's network.

But expanding its use of Citrix would have required purchasing secure gateway software that would cost more than the $40,000 to $50,000 Virtua already had spent on its Netilla box, 400 simultaneous user licenses and a maintenance agreement, says Tom Pacek, assistant vice president of technology for Virtua. With the Netilla technology, Virtua has increased the number of applications it makes available to end users from between 10 and 25 to more than 50, he says.

Another benefit of the Netilla setup is that Virtua has tightened security by cutting the number of firewall ports left open, Gahm says. Before Virtua bought the Netilla appliance, Citrix users would access the network via one firewall port for authorization and then access the servers running the desired applications through other firewall ports. "All our Citrix servers were exposed to the Internet along with the Web page that led you to them," Gahm says. Now those ports are closed, and all traffic comes through the SSL port leading to the Netilla box.