ARCHIVED: Completed project: VPN service enhancement

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Primary UITS contact: Ed Furia

Completed: July 14, 2009

Description: Access to virtual private networks (VPNs) is vital to many IU faculty, staff, and students who need to gain secure remote access to protected resources on IU campuses. VPN uses range from accessing departmental file servers to utilizing library e-resources. We believe that VPNs will play an increasingly important role as the IU community increases its reliance on telecommuting. Because of the important role of VPNs, IU will replace the outdated PPTP VPN service in favor of an SSL VPN solution. In addition, the role of IPSec/L2TP-based VPNs as a service will be minimized.

SSL VPN is the de facto industry option for delivering client VPN services. Network access is accomplished via a lightweight Java client that runs in user space and delivers full IP access. These lightweight clients are delivered via the SSL VPN gateway (web page). Users will simply go to https://vpn.iu.edu and log in using their Network ID credentials. No device driver installation and little to no configuration are needed. Because SSL VPN can run over port 443 (HTTPS), firewall traversal is not a concern.

Currently there are approximately 77,000 VPN connections per week to the IUB and IUPUI campuses. We see a maximum of 2,200 concurrent connections. Half of this usage originates from on campus, and the majority of on-campus usage originates from IU Wireless. Student, faculty, and staff access to the wireless network on the IUB and IUPUI campuses will soon be supported only via IU Secure, and IU Wireless will be retired June 22, 2009. This will, overall, reduce VPN usage by approximately 35%, resulting in approximately 50,000 connections per week with a maximum of 1,400 concurrent connections. We are developing IU's VPN service as a remote access solution. The SSL VPN service will be available to:

  • Off-campus users
  • Private addresses on campus (support for servers with private IP numbers)
  • Users participating in the Groups VPN service

SSL VPN is particularly suited to a centrally distributed service. Because of this, the SSL VPN solution is being offered to all IU campuses that wish to use it.

Outcome: IU will have a modern SSL VPN service, resulting in greater flexibility and ease of use. UITS will deliver a centrally managed fault-tolerant service capable of serving the VPN needs of all IU campuses. SSL VPN will support encryption standards far superior to those used by the current PPTP service.

Milestones and status:

  • November 2008: Planning and product selection process begins
  • February 2009: SSL VPN solution selected and hardware ordered
  • March 2009: Deployment of servers and network components
  • May 4, 2009: SSL VPN (https://vpn.iu.edu) available for general use
  • May 11, 2009: Begin transition of Groups VPN users from PPTP to SSL
  • June 22, 2009: IU Wireless SSID removed
  • July 13, 2009: PPTP VPN servers retired

Benefits:

  • Ease of use (https://vpn.iu.edu/)
  • Little to no software installation
  • Improved firewall and NAT traversal
  • Support for SafeWord access
  • Regional campus support

Issues: The open IU Wireless SSID will be retired. This will affect many users who have not yet migrated to using IU Secure (WPA2 Enterprise). SSL VPN users will use a different IP range than the previous VPN. This will require some units to change any access policies based on IP range.

Primary clients: IU students, faculty, and staff

Project team:

  • Planning, engineering, and deployment:
    • Ed Furia
    • Dave Hunter
    • Jeremy Geib
    • Charlie Escue
    • Damon Beals
    • Jacob Farmer
  • Planning, support, and implementation:
    • Ed Furia
    • Karen Garrett
    • Chis England
    • Sarah Engel
    • Greg Moore
    • Andrew Hostetler
    • Mary Hrovat
    • Brent Moberly
    • Jonny Sweeny
    • Lowell Furman

Governance:

  • Matt Davy
  • Kirt Guinn

This is document ayfp in the Knowledge Base.
Last modified on 2018-01-18 16:30:14.