Say Hello to SSL-VPN

On August 18th, CIS began the transition to SSL-VPN, a new way to securely connect to Brown’s network when off-campus using VPN (Virtual Private Network). During the transition period, as the new service gears up in the Brown environment, the current Cisco client will continue to be available, to be decommissioned sometime later in the academic year.

SSL-VPN will offer several improvements over the current VPN and Web-VPN services for its users:

  • faster online access
  • no client to install (it’s browser-based), like the current Web-VPN but with full access to network services (when using your computer’s native browser, i.e., Safari for Mac OS X and Internet Explorer for Windows)
  • seamless connections when transitioning between locations (due to its advanced roaming, domain detection and automatic connection capabilities)
  • the ability to use it with a variety of devices from many different locations — including remote VPN, internal LAN, and both public and internal wireless

The new SSL-VPN service replaces the existing Cisco VPN one with a clientless, browser-based, Secure Socket Layer (SSL) Virtual Private Network (VPN) solution for secure remote access to the university network.

Any Brown University ID holder is eligible to use the new service after first installing a small application (which will be appear as the “BIG-IP Edge Client in your program list) to allow your browser and network interface card (NIC) to interact. You do not need to uninstall the Cisco VPN client in order to use vpn.brown.edu.  Information to help you get started is available at Virtual Private Network and VPN – FAQ.

The new SSL-VPN has several technical advantages over the Cisco solution:

  1. It allows for far more concurrent VPN connections. Brown was limited to approximately 500 with the Cisco VPN and is licensed for 5,000 with the new service. This would be especially useful in a disaster scenario in which most people had to work from home.
  2. It doesn’t require the installation of a client, only a small shim in your browser.
  3. It works on machines with 64-bit processors.
  4. There is an app for iOS devices.

Resources:

Virtual Private Network: Configuring and Using the SSL-VPN Service
VPN Frequently Asked Questions
About the Big-IP Edge Gateway

1. SSL, or Secure Socket Layer, is the standard way to create an encrypted link between a browser and the web.  For technical definition, see SANS’ glossary of terms: SSL.
2. VPN, or Virtual Private Network, allows you to connect to Brown’s network from any location. The benefits include the security of the connection and access to services that can only be accessed from the Brown network. For technical definition, see definition in SANS’ glossary of terms: VPN.
3. The Cisco client will continue to be available until it is decommissioned sometime later in the academic year.



Posted in Fall 2011 Edition, Safe Computing | Comments Off