Pilot testing of Palo Alto’s GlobalProtect virtual private network (VPN) continued in September. GlobalProtect will become the central VPN service for all University of Utah and University of Utah Health staff, faculty, students, and affiliates, and the Cisco AnyConnect VPN will be turned off on a date to be determined.
A VPN is essentially a “tunnel” that makes your device’s internet traffic unrecognizable to internet service providers, network owners, and malicious actors. It does this by adding a layer of encryption, or coded language, that only your VPN client and a VPN server understand.
The U’s VPNs provide off-campus users with a secure connection to the university network when they need to access resources such as local/departmental file shares, private IP-addressed systems, some Marriott Library databases, Epic (clinical) applications, and Webtools. A VPN isn’t necessary to access UMail, Canvas, Ultimate Kronos Group, Campus Information Services, and various other online services that can be accessed with a home internet connection or a U-supported wireless network like UConnect.
Here are some recent developments on the VPN consolidation project:
“There are huge benefits to the organization and university as a whole across the board,” said Clayton Norlen, product manager in UIT Product Management.
Ken Kizer, senior network engineer in UIT Network Services, explained that Cisco’s adaptive security appliance (ASA), which is integrated into AnyConnect’s network infrastructure, has significant limitations. An ASA is a network security device that combines firewall, antivirus, intrusion prevention, and VPN capabilities such as allowing multiple VPN tunnels to use a single network.
“The ASA couldn’t handle the number of people on it, and it cost quite a lot to update,” Kizer said. “The GlobalProtect VPN provides considerably more throughput,” specifically, from 700 megabit (Mb) with Cisco to 9.7 gigabit per second (Gbps) with Palo Alto — almost a 14-fold increase.
Jake Johansen, associate director for the ISO’s Enterprise Security team, touted the new VPN solution’s identity-based provisioning as a major step forward.
“Identity is a better solution for a number of reasons,” Johansen said. “We wanted to architect a VPN client independent of IP addresses. The new VPN is configured around an active directory (AD)-based firewall policy, which means that no matter where you are, you will be able to access the resources you need on the VPN based on your identity and active directory membership at the university, not the IP address of the device you’re using …” Johansen said. “When you log in, your identity is shared with the other firewalls. In this way, firewalls controlled by [the Network Operations Center] can create rules around identity and group membership.”
An added bonus of the new GlobalProtect VPN client, Johansen said, is its “full tunnel” configuration, with a five-day maximum session time and 18-hour inactivity timeouts.
Full tunnel is a VPN model in which VPN users have a secure, encrypted internet connection for all online activities. A “split tunnel” provides two connections at the same time: the secure VPN connection and an open connection to the internet. This split tunnel model protects data without slowing down other internet activities.
“We now have the ability to do a full tunnel with exceptions in a way that Cisco didn’t allow,” Johansen said. “We’re able to say Netflix, YouTube, whatever is high-bandwidth but low-risk, we can exempt from the tunnel. … [and] we have the tools to adapt as we move forward if we start running out of capacity.”
The key benefit of a full tunneling is security. If the VPN redirects internet traffic through a central point, that means it passes through university security controls like intrusion prevention devices that scan for malicious content. This essentially places a remote VPN user’s home computer behind the U’s perimeter, which is likely safer.
Although a formal cutoff date hasn’t been set, the project team is tentatively looking at January 1, 2022, barring exceptions (the U’s VPN contract with Cisco expires at the end of the calendar year). Exceptions may be submitted for review by assigning an online service request (login required) to UIT – ISO – Enterprise Security. Requests must include a justification for the exemption and will be reviewed on a case-by-case basis.
If you have questions about the project, please email Norlen at clayton.norlen@hsc.utah.edu.
“Our project team is really set up for customer service right now,” Norlen said. “We want to hear about what’s going on, and we’re going to continue that mantra going forward. We’re staffed and ready to help people make this shift as it aligns with their project queues and expectations.”
Campus will host the starting line for the 2023 marathon Saturday, April 22, 2023.
Students can drop into two U Rock the Finals locations for mental health support during finals week.
The latest news from the Department of Public Safety.
Stress Buster Week is a semi-annual event for students to help them de-stress before finals week. This time around, the Marriott Library is partnering with many University of Utah campus organizations to help make it an amazing week.
Our biggest Apple sale of the year is back! Save the date, this highly anticipated event will be held in-store and online for THREE DAYS ONLY from April 19-21 at UTech in the University Campus Store and the University Campus Store Health, which gives you a chance to save big on select Apple products.
This year’s awardees demonstrate exceptional commitment to the mentorship of graduate students, postdoctoral scholars and others across campus and beyond. All the awardees go above and beyond to foster an inclusive and welcoming community and to instill a culture of outstanding mentorship in their units.
On April 17, join student innovators, health care professionals, entrepreneurs, investors and University of Utah leadership at the Utah State Capitol Building for the 13th annual Bench to Bedside Competition Night!
Ready to score summer’s most sought-after tickets? On Tuesday, April 11, Red Butte Garden will announce the lineup for its award-winning Outdoor Concert Series. Here’s what you need to know.
The Office of General Counsel announced this week that Brian Nicholls will begin serving as the University of Utah’s inaugural director of campus compliance services.
201 PRESIDENTS CIRCLE
SALT LAKE CITY, UT 84112
801-581-7200
© 2023 THE UNIVERSITY OF UTAH