The electronic journal (e-journal) library at the University of Ottawa (U of O) was supposed to be a robust and widely used resource for students, researchers and faculty.
But when network limitations began to impede access to these digital readings the school decided it was time for a change.
Last summer, the university rolled out a secure sockets layer virtual private network (SSL VPN) from Seattle-based Aventail, which enables the U of O’s almost 38,000 users, including students, professors and employees, to securely access the university’s e-journal content anywhere inside or outside the school premises, according to Arthur So, manager of systems resources management group at the U of O.
Previously, the university made the e-journal accessible to any of its authorized users using Cisco’s IPSec VPN technology. Accessing the electronic library from inside the campus became easier and more secure, but the challenge for the university’s IT administrators lied with providing access to remote users.
For instance, the university’s Faculty of Medicine students may be located at several affiliate teaching hospitals, which typically have their own networks, said So. Users in these hospitals using the hospital network have found it difficult to connect to the U of O’s network because of certain restrictions imposed by the hospital.
The IPSec VPN client also needs to be installed on the user’s workstation, and if that workstation is within the hospital network, that installation may be restricted or prohibited as well, So added.
“These difficulties presented problems in getting to the e-journal so we looked at VPN technology over the SSL,” said So.
SSL VPN is a type of VPN that can be used with a standard Web browser and does not require the installation of specialized client software on the endpoint device.
Aside from addressing the challenges involved with remote access to the university’s information resources, Aventail’s SSL VPN technology also provides security authentication of devices connecting to the U of O network, said Randy Boroughs, vice-president, product management at Aventail.
When a user authenticates to the university network through the SSL VPN, Aventail’s VPN tool scours the device for specific security components such as antivirus, validating the integrity of the endpoint connecting to the U of O network, explained Boroughs.
“With a product like IPSec VPN, it has no ability to interrogate the endpoint and do verification and checking. Right upon connection, [our SSL VPN] checks the endpoint for particular types of antivirus running, or whatever else [the administrator] might want to validate on that endpoint,” said the Aventail executive.
This is especially beneficial for a university environment where IT security is a challenge because users typically own the endpoint devices, not the university. Therefore, security on these machines often remains uncontrolled by university IT, Boroughs said.
The U of O is currently only using the SSL VPN for remote access to its e-journal, but a project is underway to enable remote access to the university’s business applications running on mainframe-based TN3270 emulation programs, said U of O’s So.
The project is expected to be completed in the spring of 2007.
The U of O also plans to use the Aventail SSL VPN for wireless Internet access. The university rolled out a Wi-Fi network two years ago and the SSL VPN will add security for browsing the Internet, said So.
“Everyone wants to browse everywhere in the Internet for research. The challenge for security people is to give [users] the freedom, but be able to monitor them so that if something happens, you can make them accountable,” he said.