Customer Case Study
Transforming the City of Stirling into a City of
the Future
West Australian municipality secures advanced government and citizen services with
Cisco® Identity Services Engine.
The City of Stirling lies in the northern suburbs of the Western
EXECUTIVE SUMMARY
CITY OF STIRLING
● Public Sector
● Western Australia
● 1200 Employees
Australian capital city of Perth. With a population of approximately
220,000 and covering an area of 105.2 square kilometers, the city is
the largest local government area in the state.
For the past several years, this forward-looking city has invested in
BUSINESS CHALLENGE
● Develop a fully integrated, centrally managed
network security system.
● Provide secure services and connectivity to
thousands of visitors and employees.
● Secure multiple networks and information to
protect city data.
an IT vision designed to transform its infrastructure into the next
CISCO SOLUTION
● Cisco Identity Services Engine
the beachfront. In total, the city’s WAN supports more than 30
● Implemented across both private and public
networks
BUSINESS RESULTS
● Transparent security for public sector
networks
● Better worker productivity for government
employees and contractors
● Increased use of public domains by citizens
and visitors
TECHNOLOGY / APPLICATION PARTNER
● Data#3
CHANNELS / INTEGRATOR PARTNER
● DimensionData
generation of secure, centralized networking. Its roadmap supports a
wide range of city functions including government offices, properties,
field operators (such as park staff and property inspectors), and
public assistance. It also covers recreation areas, golf courses, and
locations, with an additional 15 public Wi-Fi hotspots.
However, securing this far-reaching capability has created a
challenge for administrators. “We wanted one centralized solution for
identity management,” says Peter Bennington, Chief Technology
Officer (CTO) for the City of Stirling. “It needed to be a simplified
approach that would integrate with other strategies on both our public
and private networks.”
Furthermore, the new security strategy had to be highly scalable.
The city government and its contractors total approximately 1200
users, but with a popular beachfront zone, the number of visitors on
the Stirling network is often up to thousands at a time. The city also
continues to experience steady population growth.
“With continuous anticipated expansion and growing usage, we knew we had to be able to provide good
performance that would support a quality user experience,” Bennington says. “And, especially on the corporate
side, we needed very high availability. We already had a significant investment in Cisco technologies. For all these
reasons, we chose the Cisco Identity Services Engine (ISE) for our identity management solution.”
The Stirling Security Solution
From the time Stirling began to rely on a mobile workforce, it was understood that a strong security solution would
need to be deployed. The IT roadmap called for a fully integrated security approach that enables central control
and management across VPNs, Wi-Fi, LANs and WANs.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 3
“Mobility has gone in a very short time from a minimal technology used for consuming information—in many cases
relying on manual processes—to a much more electronic capability,” Bennington says. “This means that we need
better, more granular security and controls for our digital networks.”
Cisco ISE is a centralized security solution that automates context-aware access to network resources. It achieves
this by collecting data about the network, the type of device, partner or user identity, and location, and analyzing
the sum total to make an informed access decision. Integrated with the city’s AirWatch security program, ISE is
designed to provide:
●
Differentiation of service based on user identity
●
Securing of the wireless network with Extensible Authentication Protocol (EAP) methods for authentication
●
Web-based authentication for guest users
●
Sponsor access to create guest accounts
●
Profiling and posture capabilities
Onsite work was done by two certified Cisco Gold Partners. These included Data#3, a Brisbane-based company
serving Australia and the Asia-Pacific region, which provided initial planning, product, and deployment services to
Stirling. Partner DimensionData is a global firm, which served as the systems integrator for the Wi-Fi network
security implementation.
“One of the advantages of working with Cisco is its impressive ecosystem of partners, and we had a great partner
experience,” says Matt Younger, the city’s ICT Infrastructure & Network Architect. “These teams were with us the
whole way, from design to implementation.” Cisco also supported the project from the United States, including
creating an early software update to resolve an integration issue. “You always expect to run into some problems on
a large deployment,” Younger added. “It comes down to how quickly they can be resolved. We were very happy
with the personalized support we got from Cisco.”
“We wanted one centralized solution for identity management. It needed
to be a simplified approach that would integrate with our other strategies
on both our public and private networks.”
— Peter Bennington, Chief Technology Officer, City of Stirling, Western Australia
Business Results: Achieving Invisibility
“The goal of our Cisco ISE implementation was to have no one realize that we had done it,” Bennington says, “and
we absolutely achieved that.”
As well as meeting goals of availability, reliability, and performance, Stirling had set the expectation that its new
security solution would literally not be noticeable to its users. “We knew we had it right when we asked workers
how they liked the new identity management system, and they responded, ‘What are you talking about?’”
Bennington says.
City employees and citizen users no longer receive demands for multiple logins, even from field locations; nor do
they go through a complex, multistage sign-in process, even with VPN. Previously, users had to log on
continuously throughout the day, and IT heard many complaints about midsession interruptions. Today, Cisco ISE
identifies users, knows who they are, where they work, and what they should have access to—all transparently to
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 3
these users. The result is expected to be better worker productivity and increased use of public domains by
employees and citizens.
Next Steps for Cisco ISE
Cisco ISE will play an increasingly important role as part of the foundation for the city’s network. Currently a hybrid
environment, Stirling is making the jump to a more complete Cisco infrastructure for routing and switching, as well
as WAN acceleration and blade-based serving. The City was also one of the first councils in Western Australia to
adopt Cisco IP telephony, along with VPN, wireless, and digital media solutions.
With its network well secured, Stirling plans to proceed with the next stages of its IT vision. More work is underway
to enhance access to specific applications, along with better management for mobile devices to avoid data leaks.
Cisco ISE will also become part of a new physical security solution using closed-circuit TV cameras and access
control devices. A Cisco Instant Connect two-way radio capability that integrates a wide range of communications
devices is also under consideration to support emergency services.
“Cisco is constantly adding new functionality, allowing us to create new services on the same flexible foundation,”
Bennington concludes. “Now, we have the confidence that our network identity management is up to the same
challenge, helping to safeguard our network—no matter what changes we make—across the entire city.”
Printed in USA
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
C36-736236-00
02/16
Page 3 of 3