Re: The VPN question

["Flynn, Gary - flynngn" <flynngn () JMU EDU>]

Do those of you who manage hundreds of roles manage memberships manually
on the VPN or through directory lookups? If through directory lookups,
were the directory attributes or groups pre-existing or did you create
them for the VPN?






-----Original Message-----
From: Julian Y Koh <kohster () NORTHWESTERN EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tue, 5 Jul 2011 18:53:10 +0000
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] The VPN question

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue Jul 5 13:46:54 2011 Central Time, Jay Graham <jwg+ () PITT EDU>
> wrote:
> > Yes. I know this is a ton of roles to manage.
>
> Another thing to point out is that the Juniper UI makes it really easy to
> manage all of this stuff on the concentrator side.  Now, keep in mind
> that we did our eval/comparison back in 2007, and the gap has likely
> closed somewhat between then and now, but back then Juniper was light
> years ahead of everyone else in terms of ease of management.  In our
> eval, I had the thing up and running in under an hour, authenticating to
> our LDAP directory and assigning people to different roles based on LDAP
> attributes.  The other boxes we tried took close to half a day each.
>
> - -- 
> Julian Y. Koh                         <mailto:kohster () northwestern edu>
> Manager, Network Transport                         <phone:847-467-5780>
> Telecommunications and Network Services         Northwestern University
> PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iEYEARECAAYFAk4TXZcACgkQDlQHnMkeAWPLiwCfWy4YWM8rhVbGj2SlOh4fAXeJ
> 6LIAnjku3r6DWX25pJPH9mBmzYrnFEu3
> =kTm0
> -----END PGP SIGNATURE-----


-- 
Gary Flynn

Security Engineer
James Madison University

Attachment: smime.p7s
Description: