All Mgrs Mtg-2008.10.01-Campus VPN

Update item information
Title All Mgrs Mtg-2008.10.01-Campus VPN
Subject Information Technology
Description Campus VPN - Dan Hutten - See the old presentation from 2004 by Matt McBride - it's really very good - NOC has provided VPN for many years. Currently there are about 50 average consistent connections, split between the WebVPN and the heavy client. - Brad Zumbrunnen is the NOC VPN guy. Want to improve the communication more. Is the current set up working well enough for IT Managers, end users? - AnyConnect SSL VPN "mini client" - 50 seats. What would happen when the 51st user gets on? Failure, Cisco tells us. - Two ASA5540 units - one in production, one in testing. Physical location: EBC. Not currently redundant; not a priority since there isn't much use. - See the icon slide. WebVPN: SSL-AnyConnect - http://vpnaccess.utah.edu - just start surfing! Users get confused, go to the AnyConnect button on the left - AnyConnect SSL VPN: Session begins and encrypts between the Campus VPN server for the session. Not currently auto-deleted, but could set it to do so. It's written in Java, so it could be a little lighter. 128- bit encryption, runs higher on the stack. We can get more licenses if there is a need. - There are two class C's that are allowed to get journal access. The WebVPN is a nice way to access these. - IPSec heavy client - 256 bit encryption. Traditional tunnel on the network layer. Can't use the heavy client with a 64-bit system. Help Desk refers users with 64-bit systems to use the WebVPN. - Solaris 10 version isn't on the grid. Mobile devices aren't there either. **** - Department VPN solutions: request a pool of a certain size. NID Tools (sort of) allow IT Mgrs to add users. Users login with their @dept.utah.edu email address and uNID pw. Radius server authenticates users. - Split tunneling doesn't happen now, but it could. Security concerns. EBC runs split tunneling and have seen no problems. Hospital guys are using Juniper to allow split tunneling. Jon: SSH tunneling will allow a single port for a specific service that is desired. Hang: users don't understand about split tunneling - not all traffic is on the VPN IP. Adds confusion. - Steve Adams: couldn't the VPN check for firewall config, etc? We're pretty blind right now. CleanAccess, Microsoft have products to do this; we're just not using them. - Brad Hawks: has users who sincerely don't want to use VPN, no matter how easy. They don't want one more login. - Richard G: wants a more user-friendly grid or something like it.
Publisher Computing and Media Services
Type Image
Format video/mp4
Language eng
Rights Management Digital version copyright 2008, University of Utah. All rights reserved
Holding Institution Computing and Media Services, Marriott Library, University of Utah
Scanning Technician UUMM
ARK ark:/87278/s68918jz
Setname uu_mmc_mr
Date Created 2011-08-28
Date Modified 2015-03-13
ID 232856
Reference URL https://collections.lib.utah.edu/ark:/87278/s68918jz
Back to Search Results