Title of Service: Virtual Private Network Service (VPN)

Status of Document: This document describes services offered in June 2011.

1. Introduction

1.1 Virtual Private Networking (VPN) is a way of extending the University’s internal network to PCs connected anywhere on the Internet. Once connected via a VPN, a remote system appears to be connected locally to the University network, thereby getting access to all the facilities available to local users, avoiding University firewall blocks and IP-address based restrictions. All data passed via a VPN can be encrypted and access controlled by authentication.

Access to VPN requires an account code and password.

2. Summary of OUCS’s responsibilities

Hours of Service

2.1 The service operates at all times.

2.2 Operator cover is provided from 08:30 to 20:30 on weekdays. Periodic monitoring takes place outside these hours, and informal arrangements exist for staff to be called, but no funding is provided to make this contractual.

2.3 If a fault is notified between 09:00 and 17:00 on a working day, OUCS will commence investigation and correction within one hour (provided that no similar fault is also being handled by the same team).

2.4 If a fault is notified outside these hours, OUCS will use its best endeavours to attend the fault, but no funding is allocated to this purpose.

Serviceability Targets

2.5 It is intended, as far as is possible, to maintain service of all components at all times.

Resilience

2.6 There are two VPN servers configured as a cluster. Full service can be provided by either server.

2.7 The authentication service is duplicated on two servers, one connected to the 163.1 network, and one to 129.67

Alternative Facilities

2.8 Departments and colleges can also supply their own VPN services – this is normally done to provide authenticated access to facilities restricted to a particular group of users or sub-network.

Hardware and Software Maintenance

2.9 The machines used are maintained under warranty by the supplier.

2.10 Software updates are applied by OUCS staff – this is done with the minimum of interruption to service.

System Development

2.11 There is no scheduled development time.

Administration and Support

2.12 Information for users is given at

2.13 Members of the University can register for VPN accounts through the OUCS self-registration pages.

2.14 Notification of faults, outages, etc is circulated on the mailing list itss-announce@maillist.ox.ac.uk

2.15 Faults should be reported to help@oucs.ox.ac.uk.

2.16 OUCS Helpcentre will advise and support users with VPN configuration and access problems.

2.17 Testing, packaging and release of VPN client software is carried out by a separate team, and the operational standards for this service are published separately.

Education and Training

2.18 User documentation is available at http://www.oucs.ox.ac.uk/network/vpn/.

3. Summary of client’s responsibilities

3.1 Users must be aware that use of the VPN service provides access to the Oxford networks, and services restricted to internal users of those networks, from PCs outside the University. They must take every precaution to ensure that these services are not used by unauthorised persons, and that the service is disconnected if the PC is left unattended.

4. Premium services

4.1 Not applicable.

5. Logging

Logs are kept of login attempts and network connections permitted/denied. Logs are retained for 90 days.