Flexible Network Access Overview

1. Flexible Network Access Overview

2. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Flexible Access Managed LAN ports Remote Access for Staff and students On Campus For Staff, Students and Visitors UoG-ISP Dial-In ISP Modem VPN Broad Band VPN Communal Locations and other areas Managed LAN ports VPN Managed WiFi Access VPN

3. On Campus Flexible Access Aims • Allow staff, students and visitors to access UoG campus network resources via their own systems • To provide UoG campus network security measures via authentication, encryption and personal firewall • To provide UoG ISP security measures via mistrust I.e., assume other systems on UoG ISP are suspect • To support as wide a range of systems a possible • To provide a scaleable and manageable solution that could be adapted for specific (faculty/departmental) requirements • To support the most appropriate LAN technologies • To provide as near a self service as possible backed by Web based documentation and FAQs

4. On Campus Flexible Access Progress and Futures • Pilot study initiated in January 2004 – Report available on CS Web site http://www.gla.ac.uk/services/computing/network/flexible/index.shtml • Pilot located in University Library providing a choice of 10/100Mbs Ethernet ports and 802.11b Wireless access points • UoG ISP implemented via private IP address space • UoG Campus access and security implemented via a modified VPN service providing authenticated access, strong encryption and an integrated personal firewall • Choice of existing VPN solution easy to make • Pilot has been extended to other areas in library and other buildings • Plan to continue rollout to other communal areas and work with departments on local requirements • Plan to address Visitor requirements out with UoG VPN solution • Plan to provide ‘lightweight’ alternatives to VPN e.g SSL-vpn, WPA2 and 802.1x

5. Flexible access Pilot General Issues • Scalability complex requiring VLAN structures to maintain the UoG ISP and Private address leakage with ACLs to accommodate departmental requirements • VPN requirement can be daunting for some users • Same old P2P misuse plus un-patched systems – right to mistrust! • Identifying suitable locations and getting agreement to deploy • User support – Self service OK! For most but a significant number of users have problems with VPN configuration and or foreign language support

6. Flexible access Pilot Technology Issues • Both wired and WiFi access ports have proved popular • Wired ports easier to manage and secure • WiFi access certainly provides the required flexibility but requires significantly more work to deploy

7. Flexible access Pilot Wireless LAN Issues • Pilot deployments conform to draft Wireless LAN Policy: http://www.gla.ac.uk/services/computing/regulations/ • Main concerns are to do with • Doing proper site surveys to ensure maximum coverage and a safe and secure operating environment for support staff • Managing non overlapping frequency ranges to avoid interference • Ensuring acceptable levels of security on a shared communications medium • Restricting access to authorised users • Ensuring acceptable contention ratios per Access Point • Real cost of WiFi deployments is the back end infrastructure required to provide security, scalability , AP management, roaming and rogue AP detection

8. Flexible Access Visitor Issues • Because of site licence restrictions and US export restrictions it is not possible to supply visitors with a copy of the VPN client • Other ad hoc solutions have been implemented based on off campus access • Work in progress to provide acceptable visitor solutions based on some or all of the following • Temporary account creation and 802.1x and WPA as appropriate • LIN pilot for proxying authentication to users home site • OS provided or Public domain VPN support