Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Campus VPN Services

From: Gary Dobbins <dobbins () ND EDU>
Date: Wed, 20 Aug 2003 18:50:58 -0500
Presently, we're using an MS-windows host to provide modest levels of VPN function to the present audience, but it is an interim solution.
We're planning to complete our study, but at present a solution based on a mainstram (let's call it brand 'C') VPN concentrator looks appealing, for the following reasons, among others:
- Following the pattern employed by IU, we hope to have support for both MS-clients, with their built-in PPTP for "generic" needs, and also for brand-specifc client-ware.
- We would also apply VPN-device policy configs to require use of the concentrator's VPN client for specific circumstances. (e.g. where split horizon must be disabled, certain combo's of user/data where higher assurance is needed, etc.)
- Our expectation is that by remaining with a mainstream VPN, its clientware will tend to remain more predictably current with OS releases, offer comparable pre-deployment configuration options, and high general supportability, compatibility.
One concern is how brand C handled PPTP crypto processing, versus its own client's native crypto (IPsec). CPU co-processors are available for scalability, but may not assist with PPTP clients, so mileage may vary based on how the client-type mix balances out. 


Angel L Cruz wrote:


Colleagues:


We are looking at VPN deployment strategies.
Our NetBIOS border blocks have caused service issues – some expected, some not -- e.g. Microsoft Exchange has OWA, but it is not accessible (ADA).
Clearly, we need to offer secure access for off-campus users, and we want to improve our ability to protect internal resources from external threats.
We have a Cisco blade but are concerned that with such a large number of users on a single campus, this solution may not scale.
We are also concerned about the potential challenge of supporting VPN client users via our help desk.
Can I get a sense of what others are running for their VPN solution (product) and how it scales?
What kind of architectural challenges did you face? What type of changes did you have to consider? 


Are you using client and clientless VPN?


Have you used the MS VPN? How well does it work?


Are you running VPNs alone or in combination with border firewalls?


Have you engaged specific vendors, integrators, or consultant?


What are the major support issues or technical support overhead?


Is anyone doing a VPN presentation at EDUCAUSE Anaheim?


If you prefer, please send me your comments and counsel directly.


Thanks.


Mr. Angel L. Cruz, BS

Director & University ISO

ITS - Information Security Office

The University of Texas at Austin

1 University Station, #G0900

Austin, Texas 78712-0557

(512) 475-9462

cruz () austin utexas edu <mailto:cruz () austin utexas edu>


++++++++++++++++++++++++++++++++++++++++++++
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. If you are not the named addressee you should not distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is prohibited. 
++++++++++++++++++++++++++++++++++++++++++++
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. 

--

  ------------------------------------------------------------
  Gary Dobbins, CISSP -- dobbins () nd edu
  Director, Information Security
  University of Notre Dame, Office of Information Technologies
  Voice: 574.631.5554
  ------------------------------------------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: