More than 25,000 people live in the historic city of Rottweil. Rottweil is small and at the same time cosmopolitan. It combines the permanence of tradition with the diversity of modern culture. With its location on the dynamic Stuttgart-Zurich development axis, Baden-Württemberg’s oldest city is also home to a future-oriented economy. All of this is looked after and held together by the Rottweil city administration and its approximately 400 employees in municipal institutions. In addition to the municipal administration, this also includes a maintenance and storage facility, the local administrations and all educational institutions.
In 2020, the city administration of Rottweil decided to equip the city council with mobile devices by the beginning of 2021 at the latest, which, among other things, could be used to access and process decision documents. What at first sounds simple had to be technically well thought out and secured. For the central administration and management of the tablets, the Rottweil city administration first needed a secure mobile device management system (MDM). So far, Rottweil has obtained such services as the internet connection, mail traffic and their protection via firewall from the municipal data centre. However, there was no future-proof MDM in the service offering there at that time. Rottweil therefore turned to its long-standing partner, Bechtle.
Despite the difficult situation, many projects still have to be realised. One of these was our firewall project, which would not have been possible without the good advice, support and implementation provided by Bechtle. It was not only a project that created a lot of work—it was also the enormous time pressure to get the jointly developed firewall concept online at a fixed time. Bechtle implemented this excellently with its firewall specialists. We look forward to a continued good working relationship.
Joachim Merkle-Stöhr, Head of IT, Rottweil municipality
Due to Bechtle’s extensive knowledge, Rottweil opted for the MDM MobileIron from Ivanti, which is often used in the public sector. Other municipalities in the region also use MobileIron, which creates synergies. The MDM is built on three servers, the securing of which was the challenge when it came to acquiring the mobile devices. In order to be able to continue using data centre services together with MobileIron, the internet connection had to be secured by a firewall concept with two independent firewall manufacturers. Together with the Rottweil city administration, Bechtle therefore designed the double-secured operation of the mobile devices, which included compliance with both the IT security standards and the specifications of the municipal computer centre.
Since Rottweil already uses many network components from Cisco, the choice fell on Cisco ASA with Cisco Any Connect and a second, in-line firewall from Sophos. The Cisco ASA sets up a 1,000 Mb/s internet connection provided by Telekom and manages the MDM system’s three public IP addresses. Bechtle created a secured network (demilitarised zone = DMZ) for the MDM’s virtual servers and for access to the regisafe document management system used by the city administration. This way, the councillors can access their necessary documents via the MDM. The second firewall, implemented with two Sophos Securepoint NextGen UTM firewalls, also protects traffic over the mobile devices with multi-layered and proven security technologies such as Advanced Threat Protection (ATP), Intrusion Prevention System (IPS) and web filtering. The entire firewall landscape will continue to be operated and supported by Bechtle.
With its own firewall solution, the city administration of Rottweil was able to introduce the desired Mobile Device Management MobileIron in a timely manner. The planned schedule was hence adhered to: The councillors received their tablets at the beginning of 2021. They are easily managed via MDM. Further terminals can be quickly integrated. With the two firewalls, the municipality is also well prepared for future usage concepts, as more and more applications are operated in a demilitarised zone, which is not possible without your own firewall. In addition, external locations such as kindergartens or local administrations, music schools or adult education centres should also be able to connect securely to the existing network in the future. With the new firewall landscape, the municipality is not only technically well positioned for this, but also meets security and data protection requirements.