The city of Regensburg is the capital of an administrative district with currently just under 168,000 inhabitants. The UNESCO World Heritage city is sought after as a business location. But the city administration also relies on high user comfort and maximum secure service for all employees in terms of technology & data storage. In the municipal administration with the associated districts, there are currently about 4,000 people working in the administration and about 2,500 employees in the schools.
Up to now, all data of the administration and the schools was stored using conventional data storage technology (SAN). The exchange of data was mainly carried out as an attachment via email or with the help of open source cloud systems. However, with the EU-GDPR coming into force in 2015, the requirements changed and the desire for an easy to connect solution, beyond the boundaries of the own network, became loud. It should be easy to integrate into Windows, but also guarantee a secure and data protection-compliant provision of large amounts of data through a connection to Outlook.
Since the local government previously used the NetApp storage system, docking should also be possible here. However, the focus was also on promoting team collaboration, both internally and externally, in order to meet the constantly growing demand. Another factor was that teachers in schools in particular had special requirements for the solution. For this group of users, it is a top priority that teaching materials are available at all times. This also applies, for example, to students who are not usually registered in the system as authorized users.
So the requirements were:
It should also be possible to register all the schools in the district as separate clients with their own administration. In addition, it was a prerequisite that in future all data of the administration instance be stored in an object storage via S3 technology, since in future the file service should be set to object storage. The decisive factor was that object storage offers a far better price/performance ratio in terms of scalability and back-up than "old" storage technologies.
The decision was made in favor of the Enterprise File Service solution based on DRACOON and NetApp StorageGRID. DRACOON is developed in Germany, hosted in German data centres or, as in the case of the city of Regensburg, implemented on-site at the customer's premises. DRACOON is attested to the highest security standards by various certificates and seals such as BSI C5, ISO27001 and TÜV.
At DRACOON all data is already securely encrypted on the end device according to the principle "Privacy by Design". There is no possibility to decrypt the data on the server itself, as the key material is located on the client. All information that is stored or sent with it is maximally protected in this way so that not even an admin or DRACOON as provider has access. An outflow of data can thus be excluded.
This also underlines the philosophy "Your key to digital freedom". With its service DRACOON stands up for digital freedom. The control over the data lies exclusively with the user. By means of a fine-grained user and rights management, rights can be assigned to all stored data. With DRACOON access rights can be easily and individually assigned to internal employees as well as external parties such as students. This ensures that certain persons are only granted read-only rights, for example, while others can edit and delete data. Sensitive data can be stored and made available in real time in separate data rooms, which are only accessible to predefined users, for example. Through easy-to-create download and share links, components from these data rooms can be securely shared with internal and external team members via an Outlook add-in. Instead of the previously common mail attachment, even large data packages containing sensitive data can be shared securely and quickly without burdening the mailbox. All users, but also all data shares can be limited in their availability for a limited time. Likewise, a previously granted release can be deleted retroactively. Optionally, an additional password protection can be activated for data provision. If a file sent via a release link is retrieved, the sender receives a message about the download or upload on request.
The integrated reporting tool with audit log provides information on file access at any time. Authorized persons can thus trace at any time who shared, edited or deleted data. All data can be managed browser-independently via a Web App. In addition, DRACOON can be integrated as a separate drive in Windows Explorer or Mac Finder. Thus, the data can be saved as usual on the respective computer or laptop using the "Save as" function. The apps developed by DRACOON for Android and iOS ensure that all data is also available on the smartphone. This step provides security for the user and a clear assignment to the city administration or the respective school. The cloud is used in the branding of the city of Regensburg.
The connection of the object storage (S3) is done by a configuration that the admin of the customer carries out independently within DRACOON. Thus all data is stored exclusively within the administration network. Furthermore, the number of users is flexibly scalable.
With a lead time of three months the local government of Regensburg succeeded in providing a future-proof and modern solution together with the teams of DRACOON and NetApp. The implementation took about one week including all configuration adjustments.
Today DRACOON is mainly used for two core areas:
From this location, technical support and central administration is carried out in the computer centre. Currently 1,000 user licenses are used here. There is no permanent storage in this area, only data exchange. DRACOON is mainly used for the encrypted exchange of large amounts of data in personal data rooms. But also team data rooms for interdisciplinary exchange - across network boundaries - play a central role. Here, for example, it is necessary to exchange data with other authorities or external service providers (such as scans of plans, bidirectional exchange with planning offices or even time-dependent tender documents).
At the moment about 23 schools with unlimited users (tendency rising) work with DRACOON's File Services. Primarily teaching materials are stored there permanently in personal data rooms. In addition, so-called department folders are being set up, which are to serve for the joint maintenance of a data pool of teaching material with a corresponding rights system. Furthermore, relevant documents are exchanged with the respective students.
Josef Kast, technical contact person and project manager at the city of Regensburg, says about the conversion:
Especially the schools have been very enthusiastic about the changeover to DRACOON. Especially the teachers have so far lacked the possibility of a central data storage for teaching material. With DRACOON we now have a system that can be flexibly adapted to all technical and organisational system environments. It has a modern architecture and guarantees an easy handling of updates through a complete implementation of the system in docker containers. Although we are managing a very complex server scenario with data storage in a NetApp StorageGRID, we have very few problems with the system in our daily work. The errors that occur can be described as classic user errors that can be quickly corrected or explained. In larger cases, the DRACOON service desk always provides a competent contact person quickly who has found a solution for every problem, even beyond the system boundaries. As a customer we feel very well looked after by DRACOON. This started with the first appointment with the sales department and continued with the implementation. But the DRACOON team is also open for new ideas and suggestions. Especially when it comes to the use in schools improvements are always taken up and implemented. Meanwhile there is also the possibility to send approval links via QR code, which is a great benefit especially for our schools. In the next step, we will also migrate the data in the administration environment to a NetApp object storage with S3 connection, so that we can store all data here as efficiently and securely as possible. We are also planning to dock additional systems via API so that we can use statistical data and evaluations even more effectively in the future."