Educause Security Discussion mailing list archives
Re: The VPN question
From: Jay Graham <jwg+ () PITT EDU>
Date: Tue, 5 Jul 2011 14:46:54 -0400
Brad,Yes. I know this is a ton of roles to manage. However, we have a firewall (albeit virtual) in front of every department here on campus. Each department has at least one role to access their firewalled resources. i.e. 200 departments 200 workstation zones 200 vpn roles. Add the server zones and some other zones in and you top out at around 300. Each area requires restricted access to their resources.
Thanks, Jay On 6/30/2011 8:01 AM, Bradley, Stephen W. Mr. wrote:
I have a question about the your VPNs. Why so many roles? I can see maybe ten but 100, 300? That seems to me to be a lot of roles to care and feed. steve ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () listserv educause edu] On Behalf Of Julian Y Koh [kohster () NORTHWESTERN EDU] Sent: Thursday, June 30, 2011 7:35 AM To: SECURITY () listserv educause edu Subject: Re: [SECURITY] The VPN question -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed Jun 29 16:44:42 2011 Central Time, Jay Graham<jwg+ () PITT EDU> wrote:With our SA6000s we create roles to protected resources based on LDAP groups and currently have over 300 roles. We are now implementing the Pulse Client for this so that iOS and other platforms can use it to access protected resources.I'll echo what Steven said: Pulse for us (at least on iOS) seems to work just fine to provide Network Connect functionality on those devices. We're still on 6.5 software now (just over 100 roles here), but we are planning on upgrading to 7.1 in the next few weeks. - -- Julian Y. Koh<mailto:kohster () northwestern edu> Manager, Network Transport<phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html> -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk4MX4cACgkQDlQHnMkeAWOYxACg89/gGfD6a4hB3ZZUCjBQ3VQl 0BoAn2m9wxGthrVB7pQWWmuyHex1p9FI =nH4h -----END PGP SIGNATURE-----
Current thread:
- Re: The VPN question Jay Graham (Jul 05)
- Re: The VPN question Julian Y Koh (Jul 05)
- Re: The VPN question Flynn, Gary - flynngn (Jul 05)
- Re: The VPN question Julian Y Koh (Jul 05)
- Re: The VPN question Flynn, Gary - flynngn (Jul 05)
- Re: The VPN question Julian Y Koh (Jul 05)