Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
/

Bentley College graduates to a virtual private net

Today's breaking news
Send to a friendFeedback

By Tim Greene
Network World, 12/07/98

Waltham, Mass.

How do you build a remote access network for a constantly changing group of 10,000 users who work from a variety of computer platforms and travel all over the world?

Bentley College's Tom Boerman found the answer in an Internet virtual private network (VPN) that's being used to access Bentley servers. "Not only is the network accessible from any place that has an Internet connection, but the VPN was relatively easy to install and inexpensive to administer,"Boerman says.

This is not to say that putting the VPN in place was without difficulties. Among Boerman's challenges was establishing a help desk for end users and figuring out why certain ISPs' networks blocked access to the VPN.

Overall, the VPN has lived up to expectations, says Boerman, the school's network services manager. Eight months into the project, he is also well under the $70,000 budget that was set aside to fund the first year.

Boerman's task was to have a remote access network up and running by Sept. 3, when school opened. When Boerman got the assignment, Bentley only had 40 direct-dial ports into the school network, and the ports were available only to select faculty and staff.

That fact didn't fit with the image the business college was trying to fit with its slogan "Business, People and Technology," nor with its location here in the middle of the high-tech belt ringing Boston.

Boerman's assignment was to make the university's networks accessible to all Bentley students, faculty and staff. He'd have to take into consideration that these users would be calling in from off-campus housing, hotels while traveling and even from other countries while on semester breaks.

Boerman kept the remote client specifications as basic as possible so most users can dial in with PCs they already owned. The only requirements are that end users have machines running Windows and outfitted with Internet access.

Bentley provides end users with two floppy disks. They use these to load Shiva VPN Client software that lets remote PCs talk to an on-campus Shiva LanRover VPN Gateway. So far, Shiva has no client for Macintoshes.

Bentley also uses a Remote Authentication Dial-In User Service (RADIUS) server, included in Shiva's management software, to authenticate and authorize VPN users. The client and the gateway use 56-bit encryption to secure information as it crosses the Internet.

Users connect to the Internet at whatever speed their home hardware allows, whether it is a 28.8K bit/sec modem or a multimegabit cable connection. Once the VPN client establishes a link with the gateway, the end user is asked his name and password before gaining access to databases, e-mail, paid services such as Lexis-Nexis and other Bentley resources.

Challenges crop up

Boerman was surprised to learn that users had trouble accessing the VPN through certain ISPs. For example, users of the Prodigy Classic ISP service could not get through because Prodigy Classic does not use TCP/IP to connect with its customers. The VPN requires TCP/IP, so Prodigy users had to switch to another ISP.

America Online - its browser in particular - posed another problem. Bentley customers using AOL to connect with the college VPN could not access Lexis-Nexis and other Web services for which Bentley pays.

It turns out that the AOL Web browser delegates the actual browsing to a proxy server in the AOL network. When the proxy server contacts a Bentley Web service, the service denies access because the proxy server IP address is unauthorized. Boerman says the solution has been to use Netscape Navigator or Microsoft Internet Explorer rather than the AOL browser.

Beyond technical problems, Boerman also had to set up a help desk for remote users. The college help desk - about eight people - is trained only to handle problems with Bentley's internal network. A new set of problems ranging from modems and ISP troubles to VPN software installation questions would have crushed the help desk, Boerman says.

But help came from a surprising source: Atrion, the reseller that sold Bentley the Shiva VPN gateway. Normally, Atrion's help desk services only IS staffers such as Boerman, not end users. But for $999 per month, Atrion agreed to set up an 800 number dedicated to Bentley remote users and to staff it from noon to midnight. The fee buys five hours per month of help desk time, and so far Bentley has stayed under that limit, Boerman says.

Pacing the rollout

Bentley told students, faculty and staff about the VPN in September, and has allowed them to sign up for it at will. But to keep usage low enough to work out any bugs, the school has not made an attempt to sign up everyone during the first semester.

So far, with just a single announcement, 600 users have signed up and 750 more are expected to get on board at the start of the spring semester, Boerman says.

Before choosing Shiva gear to anchor the VPN, Boerman considered hardware from AltaVista and VPNet. But AltaVista's lack of RADIUS support would have made password entry a nightmare, he says. AltaVista and VPNet client software also had trouble linking with the AOL network. That is because AOL client software installs AOL's own dial-up adapter software in the remote PC, and that adapter could not synchronize with AltaVista's or VPNet's VPN boxes. AOL support is key, he says, because as many as 40% of the school's users are on AOL.

Boerman says the college would like to see Shiva, which is in the process of being acquired by Intel, add several features to its VPN gateway. Features on Boerman's list are reports that detail peak hours of use, number of simultaneous users and how many times users try but fail to connect to the VPN. He also wants to straighten out discrepancies in records kept by the RADIUS server and VPN gateway regarding the identities of end users logging on to the VPN.

The bottom line, however, is that the VPN has lived up to its expectations. Now that some of the kinks have been worked out, the network requires little management.

"It's an easy thing to baby-sit," he says.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.