Building Campus Networks to Share Resources through SSL VPN

 

Problems of Accessing E-Libraries
A library leads other departments in centralizing education resources within a school. Almost all higher education institutions have established electronic libraries. These libraries provide extremely rich and professional materials for teachers and students to conveniently teach or conduct research. Limited by publishers, however, most electronic resources can only be accessed by the authorized IPs in a campus network. In this case, teachers or professors cannot access these resources at home; students have no access during summer or winter vacations at home; and partners, such as educational and scientific research institutes, and companies, cannot access these resources externally. There is an increasing demand for off-campus access. Therefore, the information departments of libraries urgently need a remote access method that enables teachers, students and third parties to access school library intranets through off-campus networks.

 

In the current market, the following three methods are usually used for remote access: 1. Port mapping; 2. Traditional IPSec VPN; 3. Reverse proxy software. However, all these traditional methods fail to meet the resource-sharing requirements of libraries.

1. Port mapping: Due to an excess of port mapping, the intranet has safety loopholes that endanger the electronic resources in the library. In addition, port mapping configuration is extremely complex and difficult to operate.

2. Traditional IPSec VPN: The intranet is secure after the remote access network is constructed, but client software must be installed. Complex client configuration and poor compatibility is unpopular with users over the long-term.

3. Reverse proxy software: The software is fairly successful due to its low cost, but it is not widely applied due to the following reasons: access largely depends on the performance of the server on which the software is installed; High concurrent access can lead to very slow access or failure.

 

Advantages and Values of SANGFOR Solutions
SANGFOR provides an SSL VPN-based remote access network solution. This solution covers the shortcomings of traditional solutions to deliver a rapid, secure and easy-to-use remote access solution for libraries in higher education institutions.

1. The SANGFOR SSL VPN is especially suitable for networks accessed by a large number of users. It is easy to use because it depends just on the browser, and needs no plug-in installation. It does not rely on Internet conditions, as access is available simply through an online connection. The solution incurs little maintenance, as no client is installed. After this product is deployed, off-campus users do not have to install client software, and can directly log in through the browser. After strict identity authentication, users can enter the library intranet and access assigned resources. For the whole network, the network management department just has to manage and maintain the SANGFOR devices deployed on the intranet.

2. To solve the problem that only campus network IPs can access the network, SANGFOR deploys a virtual IP pool in the IP tunnel. IP sections of the campus network are assigned to the virtual IP pool. Thus, each user can access the network through a virtual IP. In addition, the virtual IPs assigned to Radius and LDAP can be read. Thus, each user that accesses the network can acquire a corresponding intranet IP to smoothly access electronic resources.

3. To solve the problem that traffic of a single IP is excessive, SANGFOR deploys a polling-based virtual IP pool. Therefore, an IP address is not blocked by an electronic resource service provider due to excessive download traffic.

4. To solve the problem that electronic resources purchased by the library are on the educational network line but off-campus users are on public networks, such as China Telecom and Netcom, the SANGFOR provides unique multi-line technology that can automatically route users. Thus, access speeds are guaranteed for different operators. Users can have an almost identical access speed regardless of network such as Telecom or Netcom. Therefore, the SANGFOR solution greatly improves the remote access experience of users.

5. To solve the problem that many higher education institutions have already established an identity authentication system (such as the all-purpose card) in their internal campus networks, the SANGFOR provides a SSL VPN that can be perfectly integrated with authentication systems such as Radius and LDAP. Thus, a combined system is used to centrally manage in-campus identity authentication, which greatly facilitates the work of the network management department.

 

Typical Deployment for the Education Sector

 

High-end SANGFOR SSL VPN devices are deployed in a one-armed mode and combined with authentication server systems in the campus network to centrally manage users. Off-campus teachers, students and third-party partners can remotely access the campus network anywhere and anytime. They can share and maximally utilize resources, such as teaching resources, office application systems, and electronic resources in the campus network.