Click here to receive your FREE subscription to Campus Technology
Network Security
Delivering Slices of Network Securely at USC
6/27/2008
School of Social Work adopted it.But first, ISI needed to sort out how to make the application available without opening up its entire network. "We didn't want to expose MyPortal to a public Internet interface," said Nelson. "We didn't want to allow somebody who isn't authorized and shouldn't be using MyPortal the opportunity to casually get into the system and get at data that might be sensitive for competitive or financial reasons."
Why not simply package up MyPortal as a stand-alone application and let each USC school implement it on its own server? Because first impressions are important, said Nelson. "It's a Java-based application. If I were to give them a JAR file, their developer may be able to get that Java file running, or he or she may not. They might have local customizations that apply."
To ensure a high quality of "customer experience," Nelson said, "we wanted to make sure we offered it directly to them without giving them the file." And, since ISI had made an investment in development of MyPortal, delivering it as a service would result in others at USC participating in "maintaining that investment."
Nelson and his staff evaluated a number of options for delivering a slice of its network to other groups on campus, including the use of client plug-ins to provide access control. They discarded that approach to maintain ease of use for users. "We wanted to make it as transparent as possible, which led us in the direction of an SSL VPN," said Nelson.
The secure socket layer virtual private network approach is a form of VPN that doesn't require the installation of client software on the user's computer and that can be used with a standard browser.
On the SSL VPN front, the group evaluated open source and commercial offerings. Several open source solutions were discarded because they hadn't been updated in a number of years. On the commercial side, the available options were evaluated based on requirements for both the server side and the client side. The goal, explained Nelson, was to deliver a single URL to the user and say, "Here's where you go. Don't worry about a thing. Just type in a user ID and password, and you're in."
Another level of testing involved ease of integration, particularly with the LDAP directories already in use on campus. Nelson didn't want to have to run a separate ID and password database.
A final filter for the evaluation examined how well the SSL VPN application interacted with the MyPortal suite.
"Even though they said they were a 'zero client footprint,' that all you needed was an SSL-enabled browser, it turned out that wasn't the case," said Nelson. "It would give you some kind of connectivity but wouldn't let you run this portal-based application." The problem was that the products would allow the user to point to a single IP address, as point-to-point solutions, but that was insufficient for MyPortal. "The portal server is just a front end for all the back-end things that happen. We have something that does report generation. We have databases. We have all these other things. So a web browser session might be passed among these different servers, and they have different IP addresses. All of sudden, the generic SSL VPN solution doesn't work."
Recommended Reading
- Tufts Grants Rights for Mileage-Increasing Transportation Technology to Electric Truck
Tufts University has optioned rights to a technology that can recharge the batteries of any hybrid electric and electric-powered vehicle while it is driven. The Tufts-developed technology could increase by 20 percent to 70 percent the miles per gallon or total driving range performance of vehicles like the Honda Civic, Ford Escape, and Toyota Prius hybrids and the Tesla Motors and Phoenix Motorcars electric vehicles.
- U Florida and Cyntellect Collaborate to Unlock Mysteries of Cancer Stem Cells
The University of Florida has entered into a research agreement with life sciences company Cyntellect. The university's Interdisciplinary Center for Biotechnology Research will work with the company to focus on a variety of research areas including the purification and analysis of cancer stem cells (CSCs), rare cells believed to be directly involved in propagating cancers.
- George Mason U Receives Grant To Deploy Intergraph Apps for Intelligence Curriculum
George Mason University (GMU) in Fairfax, VA has been awarded a grant from Intergraph to enable students enrolled in GMU's Geospatial Intelligence Graduate Certificate program to use the company's geospatial production and exploitation software as part of their core curriculum.
- Institute for Cyber Security at U Texas, San Antonio Opens Incubator
The University of Texas at San Antonio (UTSA) Institute for Cyber Security (ICS) has launched a new Internet security incubator. The incubator was developed to commercialize promising technologies that address major cyber security and privacy issues. The first companies to enter the incubator are Denim Labs and SafeMashups.
- ISO/IEC Publishes Office Open XML Standard
ISO/IEC has published the Office Open XML (OOXML) file format standard, formally known as ISO/IEC 29500:2008. It describes file formats originally designed by Microsoft for its Office 2007 productivity suite, which are used in presentation, spreadsheet and word processing applications.
- Dynamics NAV 2009 ERP Coming Next Month
Microsoft exec Kirill Tatarinov Wednesday described some new features to expect in the forthcoming Microsoft Dynamics NAV 2009 enterprise resource planning solution. He gave the keynote address at Microsoft's Convergence 2008 event in Copenhagen, Denmark.
