Remote AccessSSL VPN Stewart Duncan Technical Manager
Remote access for both teachers and pupils to single schools network and resources Remote access to all school networks for support staff Intra VPN access to all schools networks for support staff. Remote access from public Internet hotspot Why Remote access?
Current Issues… • Insecure MIPs • 152 insecure MIPs from ANY source • 50 Remote Desktop (TCP 3389) • 64 “Any” service • Support • ICT staff spend many days in the year on support for remote access issues using the traditional IPSec client • May have no control over the host PC the user is connecting from • Third parties have to setup site-to-site IPSec VPN for every site they manage • Control • No granular level of control of resources users can access
What is SSL VPN? • A VPN accessed via HTTPS from any browser (theoretically). • SSL VPNs require minimal client configuration
Advantages of SSL VPN • Removal of insecure MIPs as no longer required • 152 insecure MIPs from ANY source • 50 Remote Desktop (TCP 3389) • 64 “Any” service • Ease of support. Freeing up time for other projects • No client management all security policies such as host checking centralised. • Host checking enables greater control of what devices are allowed access into the network • Granular level of control for users to internal resources • Third parties can easily remotely manage sites by a few mouse clicks and no additional software is required • No additional databases to manage since authentication can be tied into the existing authentication domains (e.g. Active Directory)
How it works School Servers Teacher B Teacher A Teachers at Home Directory Store Pupil A Server Farms Intranet / Web Server E-mail Pupils at home Unix/NFS = Encrypted External Session = Standard Internal Session Pupil B Apps
How do I use this service? • The LGfL SSL VPN service is currently being piloted is several Local Authorities • So far the pilot has proved to be successful • SSL VPN will be available from LGfL, through Synetrix, in the Summer Term
Summary • Remote access is a requirement being asked of LGfL more and more • Synetrix will be delivering the SSL VPN solution to London schools • It be be available in the Summer Term • For more information contact Synetrix (email@example.com or 08700 636465 option 1) or speak to your Local Authority LGfL representative