Embed Size (px)
Citation preview
Simplifying the Configuration of Student Laptops — StirlingVPNSetup
Simon BoothUniversity of Stirling
Laptop Forum27th June 2006
Configuring for Network Use
• Background– Students want access from study bedrooms,
labs and wireless zones using their equipment
• Problem– Enable students authenticated access to
University network from virus free PC. Problem compounded as students have diverse range of equipment and IT skills
• Solution– Virtual Private Network plus antivirus software
Topology
• Two VPNs– Internal (private 192.168…): Halls,
wireless, theatre lectures, sockets on campus (mainly in labs)
– External
Solution – 1st Pass
• Student installs approved antivirus software
• Student sets up VPN under Windows 98, Millennium, Windows 2000 & XP (Home/Pro)
• We produced written documents detailing steps
Experience
• Students fail to or can’t follow instructions and come to Information Centre for individual help– This is very time consuming and obviously not
scalable (Students ~ 9,500; most have laptop/desktop; ~2000 new machines per annum)
• No guarantee that antivirus software is installed
Solution – 2st Pass
• Automatically set up antivirus software and set up appropriate VPNs (on campus/off campus)
• How to do this?
StirlingVPNsetup
• Ensure Symantec antivirus is running on host PC and offers to install when not (no install, no VPN)
• Requests Stirling username• Sets up appropriate VPNs (on/off campus)• Optionally set up desktop link to student’s
home folder and set up printer for central print system (2000/XP)
StirlingVPNsetup
• Checks (and sets) automatic updates• Renames PC to ensure unique names• Check DHCP on and optionally switches on
(not used on later network version)• Checks VPN server is listening• Runs under 98, Me, 2000, XP
(Home/Pro/Tablet)
Experience
• Many more students using campus network
• Hugely reduced problems at Information Centre and – In general, only “odd” PCs cause the
software problems (static IPs, firewalls, network bridges)
How it worked
• Students borrow CD from Library• CD contains VPN set up program, antivirus
software and lots of other goodies (MS Service Packs, Acrobat Reader, Flash Player, IE 6.0sp1, Quicktime, Zip)
• Latest antivirus updates (CD produced monthly). Default for antivirus software is to automatically update but some (modem users) have manual configuration
• CD has installer user friendly front-end
Solution – 3rd Pass
• Students not forced to install our antivirus solution (Symantec) unless running Windows 98/Me
• VPNGuard used to ensure that suitable antivirus solution is up-to-date and running on student PC. StirlingVPNsetup uses this to determine that an acceptable antivirus solution is running under XP/W2K. Under W98/Me, Symantec remains mandatory
Solution – 3rd Pass• We provide additional software
(ConnectStirlingVPN.exe) that talks to VPNGuard and if all OK then connects to appropriate VPN. An icon to this is installed on the desktop and an entry is placed in the programs menu.
• Installer made available on internal VPN server in “Starbucks” style (i.e. all browser traffic directed to installer page unless VPN running). This is copy of CD. CD still available as only method for 98/Me and off-campus users
Solution – 3rd Pass• Can still do manual install and avoid
having any antivirus solution in place (difficult as info not published but easy to get data from existing machine)
• Uninstaller included. Uninstalls Symantec, if present and Stirling licensed copy (i.e. will not uninstall your copy)
Solution – 3rd Pass
• Cut-down version of CD made available on Portal for external users (only works for XP/W2K). Self-extracting exe just 2.71Mb. Modified front-end included as self-extracting exe is just VPNGuard, StirlingVPNSetup and Uninstaller.
Experience
• Student much happier as they can stick with their own antivirus solution or use ours
• Easier to install as process is simpler — fewer problems
• Some students have confused installation and getting connected!
Solution – 4th Pass
• Stirling secure VPN (ssVPN)• ConnectStirlingVPN.exe becomes the only
way to connect to VPN• Manual install not possible (you can do this
but will not get access to net or University network)
• Due July 2006 — when I’ve written. Also need Mac version (for 2% of students that own Macs) and Linux an even smaller %!
Software – Installer
Software – StirlingVPNsetup
Software – ConnectStirlingVPN
• Works out which VPN to connect to (Internal: Halls, Wireless, Lecture Theatres; External: off-campus)
• Check antivirus status via VPNGuard and initiates updates; start-up. Updates handled differently for on & off campus
• Warns of password expiry (some users only access via VPN)
• Only way in (next release)
Some Statistics
• 1545 networked rooms; Sept 2006: 1939. Total rooms: 2790
• 1156 using network in room• 2451 unique student internal users• 265 unique student external users• 284 unique staff internal users• 452 unique staff external users
Comments
• Support needs are minimal• Most students successfully install• We do not insist that machine is up-to-
date but we do ensure the windows update is running (user can still refuse to install updates). We have recently decided to enforce SP2 on XP
• We do run into the odd machine with no antivirus!
• Dropping support for 98/Me next week
