1. Flexible Network Access Overview

2. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible Access Remote Access for Staff and students Dial-InISP Modem VPN Broad Band VPN On Campus For Staff, Students and Visitors UoG-ISP Communal Locations and other areas Managed LAN ports VPN Managed WiFi Access VPN

3. On Campus Flexible Access Aims Allow staff, students and visitors to access UoG campus network resources via their own systems To provide UoG campus network security measures via authentication, encryption and personal firewall To provide UoG ISP security measures via mistrust I.e., assume other systems on UoG ISP are suspect To support as wide a range of systems a possible To provide a scaleable and manageable solution that could be adapted for specific (faculty/departmental) requirements To support the most appropriate LAN technologies To provide as near a self service as possible backed by Web based documentation and FAQs

4. On Campus Flexible Access Progress and Futures Pilot study initiated in January 2004 – Report available on CS Web site http://www.gla.ac.uk/services/computing/network/flexible/index.shtml http://www.gla.ac.uk/services/computing/network/flexible/index.shtml Pilot located in University Library providing a choice of 10/100Mbs Ethernet ports and 802.11b Wireless access points UoG ISP implemented via private IP address space UoG Campus access and security implemented via a modified VPN service providing authenticated access, strong encryption and an integrated personal firewall Choice of existing VPN solution easy to make Pilot has been extended to other areas in library and other buildings Plan to continue rollout to other communal areas and work with departments on local requirements Plan to address Visitor requirements out with UoG VPN solution Plan to provide ‘lightweight’ alternatives to VPN e.g SSL-vpn, WPA2 and 802.1x

5. Flexible access Pilot General Issues Scalability complex requiring VLAN structures to maintain the UoG ISP and Private address leakage with ACLs to accommodate departmental requirements VPN requirement can be daunting for some users Same old P2P misuse plus un-patched systems – right to mistrust! Identifying suitable locations and getting agreement to deploy User support – Self service OK! For most but a significant number of users have problems with VPN configuration and or foreign language support

6. Flexible access Pilot Technology Issues Both wired and WiFi access ports have proved popular Wired ports easier to manage and secure WiFi access certainly provides the required flexibility but requires significantly more work to deploy

7. Flexible access Pilot Wireless LAN Issues Pilot deployments conform to draft Wireless LAN Policy: http://www.gla.ac.uk/services/computing/regulations/ http://www.gla.ac.uk/services/computing/regulations/ Main concerns are to do with Doing proper site surveys to ensure maximum coverage and a safe and secure operating environment for support staff Managing non overlapping frequency ranges to avoid interference Ensuring acceptable levels of security on a shared communications medium Restricting access to authorised users Ensuring acceptable contention ratios per Access Point Real cost of WiFi deployments is the back end infrastructure required to provide security, scalability, AP management, roaming and rogue AP detection

8. Flexible Access Visitor Issues Because of site licence restrictions and US export restrictions it is not possible to supply visitors with a copy of the VPN client Other ad hoc solutions have been implemented based on off campus access Work in progress to provide acceptable visitor solutions based on some or all of the following Temporary account creation and 802.1x and WPA as appropriate LIN pilot for proxying authentication to users home site OS provided or Public domain VPN support