Databus Issue: 2008 2 07/17/2008
Working Outside the Box
David L. Goldsmith, CCTO Director of Information ServicesSSL Remote Access Services
PDF
Pervasive. That’s the term that comes to mind when I ponder the current role of technology within a K12 organization, compared to what it was 10, even 5 years ago. For most districts and COE’s, technology has become a core service, practically no different and certainly no less necessary than the electricity needed to power the lights. Every department, from the business office right into the classroom relies on data, and is dependent on the systems that process and provide that data. For this reason, uptime, or the perpetual availability of critical systems, has become a driving force in the development and maintenance of the K12 network environment.
But what happens when the bell sounds, the work day ends, and staff migrates from the (well-connected) network environment to the (disconnected) home environment? In the digital world, the days in which we’d bring home stacks of papers to work on during the evenings and weekends are virtually gone; but with budgets constrained and staffing levels freezing all across the state, we have more than ever to do, and less time than ever to get it done. This inevitably leads to late nights and weekends at the office and in the classroom, where we have all of the necessary data and other digital resources at our ready disposal. Now if only there were some way to ”tunnel” all of these critical network resources outside the school network so we could be more productive in the environment of our own choosing…
In reality, Virtual Private Networks, or VPNs, have been a common solution to this scenario for many years. The ability to initiate a secure network tunnel through the public internet to access internal network resources from abroad has long been a boon to the productivity of telecommuters and knowledge workers in the private sector. But traditionally, secure VPNs have been complex in nature, and therefore difficult to administer. The configuration and management of client connections would be of particular burden to smaller IT shops. This hindrance had made it difficult for most all but the larger and more technologically robust educational institutions to justify VPN implementation.
But in recent years, VPNs have been rapidly gaining adoption into the education sector as well. A big key to the acceptance of VPN technology in K12 organizations has been the advent of VPN solutions from vendors such as Array Networks, Juniper, and SonicWall, which integrate the Secure Sockets Layer (SSL) protocol into the tunneling and encryption framework. The prime benefit of an SSL VPN is simplicity of use for not only the IT staff, but for the end user. The remote connection is seamlessly initiated through a standard web browser, without any need for client configuration or user intervention beyond entering login credentials. For the Hanford Elementary School District, this simplicity was an absolute necessity prior to considering any widespread implementation plans.
HESD settled on an appliance-based solution from Array, primarily because we preferred the ease of installation and administration that the appliance format provides. Now, from anywhere they have internet access, our staff is able to browse to an SSL-secured portal, enter their network login information, and have simple and secure access to nearly anything they would be able to access from their computer at work. Depending on the access profile that’s been customized for the different user groups, a staffer might be presented with a portal page containing links to intranet sites and various other internal web-based applications; browser-based access to network file shares to which the user has permissions; even access to a specific desktop application hosted through a terminal services connection. In addition, power users and technical staff are able to make use of a feature that allows them to connect directly to the remote console of a specified server or workstation. And just as with a traditional VPN, designated users can initiate a full Layer 3 tunnel by launching a small, self-configuring client right from within the browser. This feature is helpful for applications that don’t necessarily work through the SSL proxy, as well as for infrastructure support purposes.
What this means for HESD in a practical sense, is that now our teachers can go home, log into the VPN portal, enter student grades into the SIS, browse the library catalog for their school, download administrative forms from the intranet document library, create a lesson plan in Word 2007 (even if they don’t have Word 2007), and upload the file to their “home directory” for use in class the next morning. Our administrators can go home, log in, and run reports from the SIS, make changes to benchmarks posted on the intranet, and submit a request for a conference room reservation. And our technical vendors can remotely log into a custom portal that provides them with quick and direct access to the specific products that they support.
All of these features are relatively common among most of the SSL VPN solutions available today. Also common with most products are the all-important security features. Remote access is a dangerous proposition if you haven’t taken the time to address the multitude of security risks inherent to allowing outside access to your internal network. Fortunately, and quite conveniently, the majority of VPN products natively employ multiple security methods to help ease your mind about the purity of the computers that will connect to your network. From features like “host integrity checking”, where a process will scan the client computer for the presence of items such as current anti-virus definition files, anti-spyware, and service packs before allowing the client to connect; to cache cleaning, which clears browser caches immediately after the remote session; the current generation of SSL VPN solutions do a pretty good job of keeping the undesirable and unethical safely on the outside.
For HESD, the verdict is in: the SSL VPN implementation has been a wildly popular success. Teachers love the flexibility it provides, and administration greatly appreciates the bottom line – being able to do more with less.
