Re: VPN policies.

["Scholz, Greg" <gscholz () KEENE EDU>]

Question/comment considering this started as a policy thread...
Do you allow printing to users home printers/computers from the remote
access session?


My scenario:
User's personal home computers and the printers that are connected to
those computers.

We do use print servers so I am sure that it would not be too difficult
to get them to be able to print to their office computers via the term
server.

The problem lies in getting the appropriate printer driver onto the term
server so that the term server can actually do the printing to the
printer that is local to the user's home computer.

FYI: I am not saying I really want to fix this "problem" as I am not
really sure I consider it problem. But we don't do it now both because I
do not think it is necessarily a good idea and also because I think it
is difficult.


_________________________
Thank you,
Gregory R. Scholz
Director of Telecommunications
Information Technology Group
Keene State College
(603)358-2070
 
--Lead, follow, or get out of the way. 
(author unknown)
 

-----Original Message-----
From: Joey Rego [mailto:jrego () LYNN EDU] 
Sent: Friday, April 20, 2007 3:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] VPN policies.

Hey Gregory,

How is your printer infrastructure set up?  Do you have a print
server(s)?  Were the machines that your users are connecting with once
on the domain?  And how does the user log in to the machine when they
are remote?  With their cached domain credentials?  If so..once the user
logs in to the machine and connects via vpn client or ssl client the
user just needs to be able they can connect to the print server via UNC.
If they can they can print just fine.  if you are talking about mapping
it for them you will just need to script that connection.

If the machines have never been on the domain then they users will just
have to authenticate to gain access to the resources.


Hope this helps.



-----Original Message-----
From: Scholz, Greg [mailto:gscholz () KEENE EDU] 
Sent: Friday, April 20, 2007 2:43 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] VPN policies.

We have a fairly new solution along these same lines (we still make them
use VPN but run term services over it) and biggest question we have
received is "what about printing?" So I ask the list, "what about
printing?"

I know printing via terminal services is possible but is a bear to
manage and thus far I have taken the stance that it is not supported but
it is not disables so if the user has a printer with native print
drivers that works then good for them.



_________________________
Thank you,
Gregory R. Scholz
Director of Telecommunications
Information Technology Group
Keene State College
(603)358-2070
 
--Lead, follow, or get out of the way. 
(author unknown)
 
-----Original Message-----
From: Charlie Prothero [mailto:Charlie.Prothero () KEYSTONE EDU] 
Sent: Friday, April 20, 2007 2:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] VPN policies.

Keystone College primarily facilitates remote access through terminal
servers.  We give out the IP address with instructions on how to launch
the remote desktop client from XP.  Much easier than supporting VPN, and
less risk of messed up home computers compromising network shares.
Also, no questions as to why the 600 MB PowerPoint won't open over VPN!

We do not provide any equipment for home use, nor do we subsidize ISP
accounts.  Nearly everyone has at least one XP machine at home these
days, so the only people who we're not serving well are those who can't
get broadband service due to a rural address.  

- Charlie
 

-----Original Message-----
From: Timothy J. fairlie [mailto:fairlie () RIDER EDU] 
Sent: Friday, April 20, 2007 2:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] VPN policies.

At the moment, we provide a VPN client to those that need access from 
home. It isn't fun...
Nobody wants to touch an employees home machine anyway, and in some 
cases they may want/need client software in addition to the VPN client 
to access a resource they need.
We  "encourage" these employees to get laptops, as the VPN is the only 
software we'll provide for a home machine.

So even though we've had few problems, when they do come up it's a major

hassle.

This summer we will be moving to an SSL (web-based) VPN, hopefully that 
will eliminate the need to provide client software at all.

T..

Timothy J. Fairlie
Director, Network and Communication Services
Rider University            fairlie () rider edu

Matthew Gracie wrote:

> Like most institutions, I'm sure, we're getting more and more requests
> from people who want access to on-campus resources from off-campus. Our
> VPN concentrator is more than up to the task, but right now, we're
> discussing the best set of policies to allow people access to work from
> home without compromising data.
>
> How are people handling this? Are users accessing VPNs with their
> personally owned machines at your institution? Are you mandating
laptops
> for users who work from home? An entirely different computer that stays
> at the employee's house? Who pays for the Internet connection? What
> about other hardware (routers, APs, etc.) that they need? Is IT
> supplying computers for off-campus use, or is it the job of the
department?
> Any and all input is appreciated.
>
> --Matt
>
>