Remote Access SSL/VPN
A service of IET
SSL VPN provides remote access to departmental servers, data sources and applications for faculty, staff and students.
- Secure remote access to departmental computing resources (128-bit encrypted connection)
- No need to configure a VPN client program on the end user's computer (unlike IpSec VPN)
- Departmental systems administrators control account configuration.
- SSL VPN authentication can use departmental or campus' Central Authentication Service (CAS).
- No maintenance of separate usernames or passwords is required.
- SSL VPN is scalable and its configuration is customized to meet your department's organizational and operational demands.
Each department on campus has an Authorized Telecommunications Representative (ATR) that is responsible for communications services. ATRs can access service request forms to order/change/disconnect telecommunications services, and download electronic telecommunications statements.
Customer service is available Mon-Fri, 8am-noon & 1-5pm (closed noon-1pm). After setup, service is available 24/7.
This service is covered by the Common Good Assessment (CGA). See the FAQ under Attachments & Downloads below for more information about the CGA and Communications Resources services.
For more information about the CGA in general, visit this page on the Budget & Institutional Analysis (BIA) website.
Secure Socket Layer Virtual Private Network (SSL VPN) allows departmental network administrators to configure an SSL VPN service for departmental servers and applications. SSL VPN allows authorized users to securely access departmental applications and data sources that are closed to public Internet users.
The SSL VPN platform enables direct, real-time management of account creation/deletion through integration with a department's existing authentication systems or campus Central Authentication Service (CAS). Department network administrators will have capability to define specific access to their virtual systems and manage user access role assignment. SSL VPN is offered via a Service Level Agreement (SLA) between CR and the client department. The SLA details the features, responsibilities and charges associated with SSL VPN service.
What is SSL VPN?
SSL (Secure Socket Layer) VPN (Virtual Private Network) provides a "private" web-based connection between two networks (e.g., between a campus department network and an external network) and encrypts the communications that pass between the two networks.
How would my department benefit from using SSL VPN?
- SSL VPN provides faculty, staff and students working anywhere with an Internet connection with secure access to departmental network resources
- Departmental systems administrators control account configuration and access to departmental computing resources
- SSL VPN Authentication can use UC Davis Central Authentication Service (CAS) - no maintenance of separate usernames or passwords
- SSL VPN is scalable and its configuration is customized to meet your department's organizational and operational demands
- SSL VPN does not require a hardware capital investment by your department
- SSL VPN is a robust solution and support services include fault tolerance, load sharing and fail-over protection
Can anyone in my department use SSL VPN?
Yes. Anyone with an Internet connection and authorization to access a department's network resources can use a department SSL VPN. Departments running SSL VPN determine who is authorized to use the service.
Who do I contact if I have problems with my departmental SSL VPN service?
- Contact the IT Express Computing Services Help Desk at 530-754-4357.
Can additional licenses be ordered at any time?
- Yes. You can order additional licenses at any time by filling out a service request form on CR Web site. An SSL VPN reconfiguration fee will be charged for adding licenses to your department's SSL VPN configuration.
Are we required to order a minimum number of licenses? Is there a maximum?
Yes. You are required to order a minimum of 15 licenses. There is no maximum when you order licenses.
How will SSL VPN services be billed?
Charges for SSL VPN will appear on your department's Telecommunications Monthly Billing Statement, which is available for download by ATRs online through CR's website.
UC Davis Telecommunications Policy
- Private IP Address Space Guidelines - October 5, 2004.
- Departmental IP Address Range Allocation Guidelines - November 10, 2003.
SSL VPN is offered to client departments through a Service Level Agreement (SLA), which details the features, responsibilities and charges associated with SSL VPN service.
- 2 hours of consulting time provided with service order for SSL VPN configuration guidance
- Proactive performance monitoring by campus Network Operations Center (NOC) personnel
- Complete backup of departmental configurations and security policies
- High availability - no service interruption if there is a hardware device failure
- Department systems administrator configures and administers security and network policies for end users
- SSL VPN does not require capital investment by your department
Does VPN require a high speed Internet connection?
- High speed Internet access, such as a cable modem or DSL, is recommended.
Do users have to install a client on their systems to use SSL VPN?
- No. SSL VPN only requires a supported Web browser.
What Web browsers are supported?
- Browsers supported by UC Davis can be found HERE.
What do users see if the number of people attempting to use the VPN exceeds the number of licenses we hold?
- There is a 5% threshold built into the SSL VPN. This means that if your department subscribes to 50 licenses, the 51st and 52nd concurrent users will get in with a warning message telling them that the number of licenses has been exceeded; the 53rd user receives a message that their access is denied due to insufficient licenses. These messages can be modified by the department SSL VPN administrator.
Does CR configure the SSL VPN for the department?
- CR will set up the initial login name and password for the department system administrator. The department system administrator is responsible for their department's detailed configuration.
I have a firewall. Will VPN still work?
- Yes, but the firewall must be reconfigured to allow the SSL VPN traffic through.
Is SSL VPN compliant with all UC Davis Cyber-Safety requirements?
What authentication protocol(s) can I use with the VPN service?
- SSL VPN service can support a variety of departmental authentication systems such NT Primary Domain Controller (PDC), Active Directory using NTLM or Kerberos authentication. SSL VPN service can also use the UC Davis Centralized Authentication Service (CAS).
Can I define user roles to manage access to department resources?
- Yes. You can create user roles and role mapping rules to limit or allow access to department resources.
How will I be notified of service outages or status changes? Upgrades/service changes?
- In the event that there is a campus network problem affecting the client department's connection or an upgrade/service change is necessary, the departmental NAR will be notified via email to the email@example.com listserv. The departmental NAR will not be contacted directly.
Who do I contact if I have problems with my departmental SSL VPN service?
- Contact the IT Express Service Desk at 530-754-4357.