Funk Gruppe Secures and Manages 1,500 Digital Workstations with Ivanti Endpoint Manager

As the largest owner-managed insurance broker and risk consultant in Germany, Funk is one of the leading brokerage houses in Europe. The Hamburg-based company also acts as a systems house for risk solutions and supports companies from all sectors in matters relating to insurance and risk management, as well as the provision of pensions. The long-established company was founded in Berlin more than 140 years ago and develops individual plans for its customers to provide optimum coverage for any business risks.

Internally, security is a high priority at Funk, in the IT environment in particular – especially since hybrid workstations were introduced in recent years. The secure and efficient management of the complete end device portfolio is therefore more important than ever for Funk's employees. With this objective in mind, the IT team at Funk introduced the Ivanti Endpoint Manager (EPM) in 2018, in close cooperation with the system integrator SVA System Vertrieb Alexander GmbH.

A growing client base required adjusting to the deployment

Before installing the Ivanti Endpoint Manager, Funk was working with a solution that only implemented software distribution in the client environment. The deployment still had to be set up manually. Ralf Metzner, the Funk IT system engineer overseeing the project, remembers how he initially had to use a USB stick to "feed" each terminal device with important configuration data. All the same, the Ivanti Environment Manager was already being used to provide this information. Using flexible guidelines, the Environment Manager helped personalize desktops and customize their configuration. This allowed the IT team at Funk to design the desktop configuration depending on the user, location and platform. Users can now switch between PCs, virtual desktops and terminal servers at any time and effectively take their personal configuration with them.

When Metzner started at Funk nine years ago, there were only about 250 clients to manage. Since then, the client base has grown to 1,500 thanks to the introduction of hybrid workplaces. In addition, there are around 70 depot servers at 15 locations within Germany. Considering this immense growth, Ralf Metzner and Tim Nikolaus, Senior Professional Services Consultant at SVA, joined forces to consider how the existing Unified Endpoint Management could be brought up to date.

Enhanced security and a combined offer for clients and servers

After the Funk IT team took a closer look at various solutions, the winner was the Ivanti Endpoint Manager (EPM). The EPM supports companies on several levels: in increasing user and IT staff productivity and in the automated deployment of devices and software. It enables IT administrators to quickly troubleshoot user issues and to locate devices and software assets in a timely manner. 

The factors of security and price / performance had special priority in Funk's decision – the existing antivirus installation was to be replaced and Ivanti's platform offered the advantage of technically aligning antivirus solutions such as Bitdefender and Crowdstrike in the same agent. In addition, SVA made an attractive offer to Funk, allowing them to use the full range of EPM features for both clients and their server environment. For the 70 depot servers operated by Funk, professional patch management of both the software and the operating system was essential. Ivanti's solution included module device discovery, operating system provisioning, provisioning, (third party) patch management and device control functionality modules, including the complete security suite.

Rapid roll-out followed by the organic introduction of all EPM modules

SVA was able to realize a smooth roll-out within four weeks. After the installation, Ralf Metzner and his team started with the endpoint management step-by-step. Initially, end devices were set up as the basis for deployment. This was later followed by the software distribution. The software's patch distribution is now automated via Auto-Fix. Since its installation in 2018, the Hamburg-based company's IT team has grown with Endpoint Manager and uses almost all its modules.

Everywhere Workplaces: getting set up quickly and at a good price

Replacing the existing antivirus system with EPM Antivirus, with Bitdefender's underlying technology, provides tremendous benefits and saves time by securing all devices via a single interface. Before the EPM was introduced, the previous agent had to be reconfigured each time it was deployed. With Endpoint Manager, this time-consuming step is no longer necessary. This standardization of security functionality within one system saves Funk a significant amount in licensing fees each year. Using the EPM console, the IT experts at Funk also manage and configure all end devices. And with the help of automation, provide software and clients for state-of-the art workstations. This reduces the workload of IT staff and allows users to work more productively. The result: a better user experience and no compromises regarding protection.

Self-help for employees via the software portal

"I'm particularly excited about the versatility of EPM. The solution keeps showing new ways to make enterprise-wide endpoint management even easier - that's a great added value for us!" says Metzner. "A really great thing is the software portal, which is very popular with Funk employees. Through the portal, users can install software locally, independent of IT – they don't need administrator rights, they don't have to wait or push; they just install the package they want with the click of a button."

Further optimization of patch management and remote deployment is planned

In the future, there are plans to expand the self-service portal feature for local installations. If, for example, the VPN tunnel does not work or a new certificate must be imported, scripts, telephone lists, room allocation plans and, of course, software installations, can be stored there. The user can execute these locally with a mouse click.

Currently, Funk is working on patch management for the client drivers with significant support from Ivanti and from SVA in the development area. Furthermore, existing security gaps for the Windows operating system are to be successively closed with the help of the Ivanti solution.

Devices located outside the corporate network can be configured outside the managed LAN, even without a VPN connection and patches can be applied with software. Funk is currently still using an in-house solution for this. However, it is possible to cover these functions with Ivanti as well. Over an Internet connection, the Cloud Service Appliance (CSA) can troubleshoot remotely, prepare inventory, install patches and provide remote control and software. Each CSA can cover approximately 6,000 endpoints and can be scaled to meet the desired requirements.

"The unified endpoint management strategy that we implemented with SVA puts us in a comfortable position. We can act much faster today, say 'yes' to new demands from our users and launch ideas for the digital workplace more quickly," says Metzner.

"Unified Endpoint Management contributes significantly to digitalization and end user experience," explains Tim Nikolaus, formerly with Ivanti, now with SVA. "In this project, Ivanti and SVA worked in partnership and close coordination with Funk to find the optimal EPM solution."

_{Note: A customer’s results are specific to its total environment/experience, of which Ivanti is a part. Individual results may vary based on each customer’s unique environment.}