Presentation is loading. Please wait.

Presentation is loading. Please wait.

eduVPN Institute Access as a Managed Service

Published byΧρυσάωρ Αναγνώστου Modified over 5 years ago

Similar presentations

Presentation on theme: "eduVPN Institute Access as a Managed Service"— Presentation transcript:

1 eduVPN Institute Access as a Managed Service
Model currently implemented in the Netherlands eduVPN instance managed centrally by SURFnet Lightpath back to the private resource Support by SURFnet No need for hardware on campus or licensing limitations

2 Life cycle & portfolio management

3 Life cycle & portfolio management: steps
The business model has three phases. Every phase requires approval. Final version 1.0, contains: SLA, DAP, GDPR compliance, risk analyses, contract outsourcing partner, business case calculations

4 eduVPN pricing in .NL Total Size institute Costs 0 – 1.000
€ 100,00 per month 1.001 – 5.000 € 500,00 per month 5.001 – € 850,00 per month € 1.250,00 per month This pricing model is inspired on the expected costs of maintaining a commercial VPN concentrator. Idea is that the eduVPN service should be the same price level as ‘running your own commercial VPN box’. In this way every institute should be able to afford the service. Institute access Lightpath costs are NOT included!

5 How to ‘sell’ eduVPN Establish eduVPN as your ‘official’ NREN service
Guarantee the service for at least 3-4 years Be sure you’ve enough knowledge about the product in order to convince an institute Make sure support is available Key is integration with your federation service

6 How to ‘sell’ eduVPN (SURFnet strategy)
Marketing & communication aspects Few times tech presentation at .NL CSIRT meetings Service security conference Offer trial accounts to people in the CSIRT community “try out a few months” for free First year low price ->“how it’s being used” Have trustworthy people involved Security/crypto implemented like .NL government GDPR compliant Audits on all components Mention meetings

7

8

9 How to ‘sell’: question to ask
Students are used to commercial and ’shady’ free VPN products. These products always have the ability to ‘switch country’. Is your current VPN concentrator solution an attractive alternative? Or will they probably continue to use those shady tools inside your organization.

10 How to ‘sell’: eduVPN world domination ;-)

11 How to manage the service (outsourcing)
The eduVPN maintenance (eduVPN server upgrades, OS updates, VM configuration, SAML configuration) has been outsourced We searched for a partner with VPN knowledge: Greenhost.nl Greenhost.nl does all change management and uses ansible scripts -> future offer support via GEANT (?)

12 Institute access experiences
Setup of institute access takes quite some effort We use a questionnaire to ask how an institute likes to use institute access. Find out if they need VLAN’s, ipranges, which user groups etc We schedule a personal intake meeting onsite with IdM, network, security, workstation and other people In general we visit the institute roughly 3 times in order to discuss the details of the setup. Many s to discuss, technical details.

13 Institute access redundant design (current)
Customer datacenters SURFnet backbone SURFnet datacenters

14 Institute access redundant design (maybe future)
EVPN SN8 SN8 Customer SURF Static route to switch Router VRRP address on both routers EDU VPN VM switch Router SN8 SN8 ESI ESI VRRP /29 subnet

15 Experiences in the field
Use eduVPN for bulk-VPN. Institute Access: Only create a few profiles. Managed Institute Access: experience like a cloud service One institute likes to receive syslog, to be more in control Windows app: Antivirus technology uses whitelisting -> can’t release new executables directly One university forces re-login every 12 hours -> is this handy?

16 SP login: total vs unique users

17 2FA login & sessions expire after 12 hrs

18 Currently 12 paying customers in .NL
Universities: RU, VU , EUR, LeidenUniv (4) Research/other: 4 Lower educational: 2 Polytechnique: 1 Other institutes: 1 Reason why some not interested: Recently moved to new VPN concentrator/firewall A full redundant setup was difficult to integrate with local network Recently bought firewall has VPN feature too Like to do it themselves Everything is in the cloud “we don’t need VPN” They want managed device VPN

19 Enthusiastic users “It even works in China” ”It works quite nicely”
“I can watch Dutch soccer when travelling” “Finally a solution to get around GEOblocking”

Download ppt "eduVPN Institute Access as a Managed Service"

Similar presentations

BalaBit Shell Control Box

BalaBit Shell Control Box
Greg Pierce| Concerto Cloud Services Which Cloud is Right for Microsoft CRM?

Greg Pierce| Concerto Cloud Services Which Cloud is Right for Microsoft CRM?
AgVantage IT Services Systems Management Team Partnered with You and IBM® Agenda Disaster Recovery Service Disaster Recovery Service IT Visors IT Visors.

AgVantage IT Services Systems Management Team Partnered with You and IBM® Agenda Disaster Recovery Service Disaster Recovery Service IT Visors IT Visors.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Www.regouniversity.com Clarity Educational Community Get the Results You Need When You Need Them Transitioning to CA PPM On Demand Presented by: Joshua.

Clarity Educational Community Get the Results You Need When You Need Them Transitioning to CA PPM On Demand Presented by: Joshua.
Presentation Software as a Service Applications Software-as-a-Service Partner Enablement Program Enabling ‘Software as a Service’

Presentation Software as a Service Applications Software-as-a-Service Partner Enablement Program Enabling ‘Software as a Service’
Datacenters of the Past StorageNetworkCompute Today’s datacenter.

Datacenters of the Past StorageNetworkCompute Today’s datacenter.
Www.levelplatforms.com Making Managed Services Easier Presenter: Greg Henderson Director, International.

Making Managed Services Easier Presenter: Greg Henderson Director, International.
July, 2012 Citrix CloudGateway™ Technical Overview.

July, 2012 Citrix CloudGateway™ Technical Overview.
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
All Partner Meeting A cloud-based Identity and Password Management solution used by MSPs to better manage their clients' passwords, increase security,

All Partner Meeting A cloud-based Identity and Password Management solution used by MSPs to better manage their clients' passwords, increase security,
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Windows Desktop Deployment Service at LANL Mark Wingard Central.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Windows Desktop Deployment Service at LANL Mark Wingard Central.
Info-Tech Research Group1 Make the Decision to Upgrade to Microsoft Exchange 2010 It’s Time for a Change: Let’s Talk about Exchange Info-Tech's products.

Info-Tech Research Group1 Make the Decision to Upgrade to Microsoft Exchange 2010 It’s Time for a Change: Let’s Talk about Exchange Info-Tech's products.
Setting up Remote Access Brent Reeser Technical Product Manager Windows Server Marketing.

Setting up Remote Access Brent Reeser Technical Product Manager Windows Server Marketing.
Sagecrm.com Financial Sales Tools for Partners David Riordan Commercial Cross-Sell Manager Sage CRM.

Sagecrm.com Financial Sales Tools for Partners David Riordan Commercial Cross-Sell Manager Sage CRM.
The BEST Citrix/Microsoft RDS alternative

The BEST Citrix/Microsoft RDS alternative
ITEC 275 Computer Networks – Switching, Routing, and WANs

ITEC 275 Computer Networks – Switching, Routing, and WANs
Mobile equipment for vacuum control

Mobile equipment for vacuum control
Chapter 1 Computer Technology: Your Need to Know

Chapter 1 Computer Technology: Your Need to Know

Similar presentations

Ads by Google