Educause Security Discussion mailing list archives
Re: VPN service -- Quick Poll (split tunneling?)
From: Dave Koontz <dkoontz () MBC EDU>
Date: Tue, 13 Mar 2012 18:52:58 -0400
On Sun, Mar 11, 2012 at 11:59 PM, Valdis Kletnieks <Valdis.Kletnieks () vt edu>wrote:
On Fri, 09 Mar 2012 19:56:02 EST, Dave Koontz said:First disclosure, we only allow supervisor approved access to our VPN for our users, and only on institutionally owned machines. A fall back for a pandemic or other emergency is in place where those rules change.OK, I'll bite - have you *tested* being able to get VPN enabled on user-owned machines on short notice when everybody is out sick? If so, what snags did you hit, and any advice for others who are looking at having to do this sort of emergency rollout? (Sorry, anytime I see "rules change in an emergency", I see potential for screw-ups, either from people and systems that don't know that the rules are different, or from insufficient testing of cut-over).
Hi Valdis, sorry for my delayed response, but things have been crazy here. To answer your question completely requires a little clarification. When you indicate "everybody is out sick", are you referring to IT personnel or campus users? SSL VPNs are extremely user friendly, and in our case only requires the entry of a username and password, and the VPN gateway. In fact, so easy, I am concerned about users trying to setup themselves up without approval. The login prompts are not much different than a user logging into a Microsoft domain if you think about it, the only change is the VPN gateway address instead of the domain. We have the SSL VPN setup well documented, which is only a paragraph or so long, along with screen shots. While we have no way of doing a complete full fledged emergency test (nor want to given access policies), we have shared the documentation with very non-technical users in some of our remote offices without any issues. Coming back to your "everybody is out sick" question, the clarification is key. The question is this, can anyone in IT move users or groups of users in AD into the proper group, and forward the instructions on how to access the SSL VPN? If everyone in IT is out, then I suspect you have more issues than just VPN emergency access. Just my two cents... <grin>
Current thread:
- Re: VPN service -- Quick Poll, (continued)
- Re: VPN service -- Quick Poll Morrow Long (Mar 09)
- Re: VPN service -- Quick Poll Patrick Ouellette (Mar 09)
- Re: VPN service -- Quick Poll Miller,James R (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Kris Monroe (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Miller,James R (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Julian Y Koh (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Jeff Kell (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Schumacher, Adam J. (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Dave Koontz (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Valdis Kletnieks (Mar 11)
- Re: VPN service -- Quick Poll (split tunneling?) Dave Koontz (Mar 13)
- Re: VPN service -- Quick Poll Morrow Long (Mar 09)
- Re: VPN service -- Quick Poll Hugh Burley (Mar 09)