ARCHIVED: Completed project: VPN service enhancement
Primary UITS contact: Ed Furia
Completed: July 14, 2009
Description: Access to virtual private networks (VPNs) is vital to many IU faculty, staff, and students who need to gain secure remote access to protected resources on IU campuses. VPN uses range from accessing departmental file servers to utilizing library e-resources. We believe that VPNs will play an increasingly important role as the IU community increases its reliance on telecommuting. Because of the important role of VPNs, IU will replace the outdated PPTP VPN service in favor of an SSL VPN solution. In addition, the role of IPSec/L2TP-based VPNs as a service will be minimized.
SSL VPN is the de facto industry option for delivering client VPN
services. Network access is accomplished via a lightweight Java client
that runs in user space and delivers full IP access. These lightweight
clients are delivered via the SSL VPN gateway (web page). Users will
simply go to https://vpn.iu.edu
and log
in using their Network ID credentials. No device driver installation
and little to no configuration are needed. Because SSL VPN can run
over port 443 (HTTPS), firewall traversal is not a concern.
Currently there are approximately 77,000 VPN connections per week to the IUB and IUPUI campuses. We see a maximum of 2,200 concurrent connections. Half of this usage originates from on campus, and the majority of on-campus usage originates from IU Wireless. Student, faculty, and staff access to the wireless network on the IUB and IUPUI campuses will soon be supported only via IU Secure, and IU Wireless will be retired June 22, 2009. This will, overall, reduce VPN usage by approximately 35%, resulting in approximately 50,000 connections per week with a maximum of 1,400 concurrent connections. We are developing IU's VPN service as a remote access solution. The SSL VPN service will be available to:
- Off-campus users
- Private addresses on campus (support for servers with private IP numbers)
- Users participating in the Groups VPN service
SSL VPN is particularly suited to a centrally distributed service. Because of this, the SSL VPN solution is being offered to all IU campuses that wish to use it.
Outcome: IU will have a modern SSL VPN service, resulting in greater flexibility and ease of use. UITS will deliver a centrally managed fault-tolerant service capable of serving the VPN needs of all IU campuses. SSL VPN will support encryption standards far superior to those used by the current PPTP service.
Milestones and status:
- November 2008: Planning and product selection process begins
- February 2009: SSL VPN solution selected and hardware ordered
- March 2009: Deployment of servers and network components
- May 4, 2009: SSL VPN
(
https://vpn.iu.edu
) available for general use - May 11, 2009: Begin transition of Groups VPN users from PPTP to SSL
- June 22, 2009: IU Wireless SSID removed
- July 13, 2009: PPTP VPN servers retired
Benefits:
- Ease of use (
https://vpn.iu.edu/
) - Little to no software installation
- Improved firewall and NAT traversal
- Support for SafeWord access
- Regional campus support
Issues: The open IU Wireless SSID will be retired. This will affect many users who have not yet migrated to using IU Secure (WPA2 Enterprise). SSL VPN users will use a different IP range than the previous VPN. This will require some units to change any access policies based on IP range.
Primary clients: IU students, faculty, and staff
Project team:
- Planning, engineering, and deployment:
- Ed Furia
- Dave Hunter
- Jeremy Geib
- Charlie Escue
- Damon Beals
- Jacob Farmer
- Planning, support, and implementation:
- Ed Furia
- Karen Garrett
- Chis England
- Sarah Engel
- Greg Moore
- Andrew Hostetler
- Mary Hrovat
- Brent Moberly
- Jonny Sweeny
- Lowell Furman
Governance:
- Matt Davy
- Kirt Guinn
This is document ayfp in the Knowledge Base.
Last modified on 2018-01-18 16:30:14.