In 2002, 28 towns were forced to join Montreal on orders from the provincial government. The decision was unpopular; the following year a new government was elected, partially on a platform allowing amalgamated towns the right to vote to secede. But for a town to have that right, 10 per cent of its listed voters had to register for the de-amalgamation referendum.
In May 2004 the city set up 28 temporary centres where citizens could register. To create secure locations the city used a Check Point Software Technologies Ltd. virtual private network (VPN) solution.
With remote voter registration centres often located in shopping malls and connecting back to the city’s systems over public DSL lines, creating a secure environment was a top concern, said Normand Jette, a telecommunications specialist with the city. Montreal decided to use diskless PCs running a Citrix Systems Inc. MetaFrame solution. This thin-client platform would let data reside on the city’s servers rather than on local machines — that way, if a thin-client machine were stolen (none were) there would be no voter information on the hard drive for the thieves to peruse, said Jette.
Montreal also had to encrypt data travelling back to the city’s voter registration databases, Jette said. “[DSL] is good but it is not safe.” A Check Point VPN 1 Edge device was installed at each location to handle the encryption as well as to create the VPN tunnel into the city’s systems.
The VPN 1 Edge box connected to a main Check Point security end point within the city’s infrastructure, said Sandra Perreault, Check Point’s Montreal-based territory manager for Eastern Canada. VPN I Edge handled communication between local sites and the central office, while a Check Point VPN 1 Pro box on the city side did the decrypting, Perreault explained.
Before starting the deployment, Jette and his team bought one PC and created a virtual test office over a DSL line. There were no snags so they bought 30 more. Jette’s team configured the boxes and had them up and running in a week. But he said the boxes started losing one connection per day — and never the same one twice — as they tunneled back into the city’s systems.
Check Point set up a remote voter registration box in Israel (where Check Point has offices) to help solve the configuration problem, Jette said. All the boxes had been given the same user name and password, but this is what caused the dropped connections back through the VPN tunnel, according to Perreault.
Giving multiple PCs the same user name and password created a certification conflict in the Check Point infrastructure, so the VPN appliances occasionally barred access. To solve the problem, the city gave each box its own user name and password.
“To be sure at the beginning some people (at the remote locations) wanted to kill us,” Jette said. “They (just) did the job manually until the services came back up.”
This fall Montreal residents will vote for mayor. Jette said he’s sure the next remote voter registration drive will be smooth.
Twenty-two of the 28 boroughs voted on de-amalgamation and 15 voted to secede.