|
|
Line 1: |
Line 1: |
− | ==Background== | + | ==Connecting to the UBC VPN== |
− | UBC IT offers a VPN service so that members of the UBC community can
| + | Go to the https://myvpn.ubc.ca website to login with your CWL and download the Cisco AnyConnect Secure Mobility Client. If the Java installer doesn't install the software automatically, do a manual install. Instructions are at that website. |
− | access UBC services that would otherwise be inaccessible from outside the UBC
| |
− | network. For example, you can access the various student records, financial
| |
− | records and human-resource records systems. Additionally, you can access the
| |
− | library's systems, including e-journals, without using the library's proxy
| |
− | server.
| |
| | | |
− | UBC IT offers the ability to create 'pools' of users within their VPN
| + | ==Connecting to Services Inside the ECE firewall== |
− | service so that users who log into the VPN service can be granted additional
| + | Email to it@ece.ubc.ca to create a ticket in our help system for ECE IT Support. Just send your full name and CWL and we will add the role to your CWL that will allow you to connect through the firewall. Once we have added the role to your CWL and closed the ticket you can login to the AnyConnect VPN Client or UBCPrivate wireless service with YourCWL.ece ( i.e. johndoe.ece ) to connect inside of the ECE Firewall. |
− | access rights.
| |
− | | |
− | The IT team at ECE has established several pools:
| |
− | * ''ece'' for ECE Faculty, Staff and Students [active deployment]
| |
− | * ''ece.prof'' for ECE Faculty and Staff [active deployment, but to be deprecated in favour of the ''ece'' pool]
| |
− | * ''ece.grad'' for ECE Graduate Students [pending deployment]
| |
− | * ''ece.ugrd'' for ECE Undergraduate Students [pending deployment]
| |
− | * ''ece.othr'' for ECE Guests and Visitors [pending deployment]
| |
− | | |
− | Membership in any VPN pool is enabled by the IT team at ECE and is not automatic. '''Please note that, at this time, only the ''.ece'' and ''.ece.prof'' pools are actively deployed.'''
| |
− | | |
− | [Aside: Why ''ece.prof'' rather than something more descriptive such as
| |
− | ''ece.faculty_and_staff''? The pool's name consists of two parts: an
| |
− | organizational unit name, ''ece'', and a group name, ''prof''. The group name
| |
− | is limited to four characters by the VPN system's software.]
| |
− | | |
− | ==Steps to Using Pool-Based VPN==
| |
− | ===First, Ensure Normal VPN Connectivity===
| |
− | To use [http://it.ubc.ca/services/email-voice-internet/myvpn UBC IT's VPN service], you will need a [http://cwl.ubc.ca CWL ID] and you
| |
− | will need to [http://it.ubc.ca/services/email-voice-internet/myvpn/setup-documents configure your computer]. | |
− | | |
− | ===Next, Attempt Pool-Based VPN Connectivity===
| |
− | To use a pool, connect to the VPN service as before but use a slightly
| |
− | different, qualified username: ''<cwl_id>.<pool>''. For example, if you
| |
− | successfully logged into the VPN service with a username of ''lucaf'' and you
| |
− | are a member of the ''ece'' pool, then you would use the qualified
| |
− | username of ''lucaf.ece'' to log into the pool.
| |
− | | |
− | Using this qualified username will log you into the pool and your VPN tunnel
| |
− | endpoint will be given an IP address from a specific, exclusive range. The ECE
| |
− | firewall is configured to allow this IP address range to access services
| |
− | normally only accessible from within the ECE network. For example, by using
| |
− | the pool, you will no longer need to run an ssh tunnel to access license
| |
− | servers and you will be able to access ECE file servers (e.g.,
| |
− | ''\\foo.ece.ubc.ca\lucaf'') directly.
| |
− | | |
− | ===Restrictions===
| |
− | Please note that the only pools currently active are the ''ece'' and ''ece.prof'' pools. The other pools are pending decisions regarding firewall access rules and the larger task of automating the process of adding / deleting students from the
| |
− | ece.ugrd and ece.grad pools (many systems at UBC are in need of
| |
− | interconnection and automation).
| |
− | | |
− | Since we have to manually inform UBC IT Identify & Access Management about which CWL IDs should be moved into the pools, if you are able to use VPN service with an unqualified CWL ID but not with a qualified CWL ID (e.g., ''lucaf'' works but ''lucaf.ece'' doesn't), please [mailto:help@ece.ubc.ca email help@ece.ubc.ca] requesting that we add your CWL ID to the appropriate pool. Please ensure that you provide us with your CWL ID as we are not able to look them up ourselves.
| |
− | | |
− | Again, the only pools that are active are the '''ece'' and ''ece.prof''
| |
− | pools.
| |
− | | |
− | ==Some Additional Considerations==
| |
− | If you use UBC IT Services' Wireless service, you will know that you are
| |
− | required to authenticate with an authentication gateway before you are able to
| |
− | send traffic to the UBC network and the Internet. You have two choices for
| |
− | authenticating with the gateway: one is to use the web login form (the actual
| |
− | gateway) and the other is to use the VPN service (which bypasses the gateway).
| |
− | If you use the VPN service with the qualified username, then you can send
| |
− | traffic to the ECE network, also.
| |
− | | |
− | Whether you are at home or on the road using an ISP's network with VPN, at UBC
| |
− | using UBC's wireless network with VPN, or in your office/lab using ECE's
| |
− | network without VPN, you can have (almost) the same access.
| |
| | | |
| ==See Also== | | ==See Also== |
| * [[How To Tunnel Connections Through SSH]] | | * [[How To Tunnel Connections Through SSH]] |