Case Study: Transforming a Traditional Windows Client/Server Application

Our software firm's financial application was developed on a traditional clientserver model. Individual user workstations run the application (on the Microsoft Windows Operating System) on a local area network. Our customer required that remote users from five locations across the country access the application over remote connectivity. They needed to provide an Application Service Provider (ASP) service with these sites accessing the application on central common hardware. It was critical that the individual locations remain logically independent of each other. Our financial application consists of millions of lines of code. It was not practical to rewrite it to operate effectively over a wide area network. Off the shelf technology, namely Citrix Metaframe and MS Terminal Server, was chosen to enable remote access to the application without major modification. Placing our application on Terminal Server and Citrix introduced new security concerns, as users no longer had dedicated workstations. Our application had resource requirements and security exposures that were a risk on shared hardware. We also had to consider the security of the network traffic to the remote users. This paper explores the process that we (the software vendor) and our client (the ASP provider) used to securely implement a solution.