Up to now, the application of ssl vpn in the education industry can come up with three comprehensive needs, thus forming three development trends.
With the development of education informatization, ssl vpn technology has been widely recognized by many colleges and universities. SSL is a set of encryption technologies that provide authentication, confidentiality, and data integrity. It uses symmetric encryption technology and is often used to establish secure communication channels between Web browsers and Web servers. For example, online banking is built on SSL-based applications. For the application of ssl vpn in the education industry, the following three comprehensive demand trends can be summarized: that is, VPN access requirements for large-scale applications, mobile access to digital libraries, and smart multi-line traffic distribution of Intranet and Internet on campus.
VPN access for large-scale applications
To introduce VPN access, you must consider the support of large-scale applications, ensure the need to access the campus network over the Internet, and ensure the security of clients and the stability of servers for large-scale access applications, it comes from the efficiency of Line Transmission and server data processing, as well as the simplicity of user applications. Four are indispensable.
The following are the most prominent problems in comprehensive classification: large-scale applications, overload of servers, single point of failure (spof), increased business risks, and high-end equipment, increasing procurement costs.
Through the analysis of the above problems, for multi-user access, take the tunneling iceflow ssl vpn security device as an example, as the campus network center gateway, allowing the user group to establish a dedicated Security Tunnel Through SSL, then, use a Web browser for remote login. This can solve the security access that users urgently need and ease the high cost of leased line occupation.
In the VPN access solution for large-scale applications, the integration technology can fully play its role. Through system hardware integration, firewall, Server Load balancer and other large-scale application functions, and other technologies involved in the application are integrated into the VPN device, so that the idea of a single machine can be fully realized, it not only maximizes the performance of devices, but also saves diversified investment for users.
By analyzing and comparing the use of ssl vpn devices, the cost of Server Load balancer equipment is reduced first. The integrated Server Load balancer module can distribute the data to the backup server based on the scheduling algorithm and Dynamic Weight Distribution Calculation in the case of large-volume data, so as to reduce the overload of the master server, it also improves resource utilization and eliminates redundancy.
Secondly, the application detection and load detection functions added to the VPN device that integrates the Load Balancing work policy can also ensure that when a single point of failure occurs, other devices can respond to and access the working data streams of faulty devices in a timely manner.
Mobile Access to Digital Libraries
Because the user base of the campus digital library is first the teachers and students of the school, and then the authorized mobile users outside the school, it is not advisable to consume too much cost in preparation. According to the current construction scheme of the campus digital library, Fudan University provides us with good reference cases ,.
|
Architecture of Fudan University Digital Library |
First, the construction method is to digitize the campus's own collections, and then cooperate with foreign universities to exchange library data, and pay the copyright fee to foreign commercial libraries to obtain the permission to browse more electronic documents. It only involves cooperation with libraries outside China, and the application will also have corresponding binding rules. For example, to ensure the intellectual property rights of data information, the viewer must be the Intranet address of the school that has paid the copyright fee.
In this case, the application of digital libraries must expand the scope of access. Cooperation with libraries outside China restricts Internet access and only ensures the application of internal IP addresses. This is an obvious contradiction. Therefore, to solve the network application and expand the access scope of digital libraries, the application limitations of libraries must be broken down to achieve on-demand access in a true sense.
As you can see, VPN security devices play a key role. Any authorized Internet users remotely log on to the VPN device through the ssl vpn access technology, access the campus network, and establish a VPN tunnel. Then, the source IP address is converted through the VPN device, the IP address replacement technology is introduced to automatically authorize internet mobile users and guide the recipient to access the digital library directory. Here, internet mobile users can select a foreign cooperative collection as needed for free access, without the need to manually enter verification again.
Multi-line smart traffic distribution
From the perspective of Internet access requirements, ensuring line parallelism, optimal line selection, and real-time route selection are the primary requirements of current applications. In terms of Intranet access requirements, optimizing transmission and data delivery are also indispensable.
When an intranet user accesses Internet resources, the VPN device directs the other party to access the corresponding resource line based on the user's target address. This is the embodiment of multi-line smart traffic distribution technology. When an Internet user accesses the Intranet, the VPN device directs the other party to access the corresponding line port and target resources based on the user's source access address, this shows adaptive intelligent routing.
The diversity of network lines leads to the complexity of data transmission. If multi-line smart shunting technology is not used, it is very likely that when accessing public network resources, it is through the education network line. The difference in the length and bandwidth of the line will lead to various problems mentioned previously. In essence, after the smart traffic distribution application is adopted, the Internet resources accessed by the campus network can be routed out through the corresponding access port line to reach the access address, thus optimizing transmission and realizing data traffic distribution.
The current situation of networks under multi-line applications is the most prominent manifestation of the interconnection between different line operators. Under normal circumstances, the communication between operators of different lines needs to be transferred through a specific gateway, with a latency of more than 420 milliseconds. However, VPN devices integrated with multi-line smart technology are switched, the latency can be reduced to less than 60 milliseconds, which is basically the transmission duration of normal lines, which is the core to ensure coexistence of multiple lines.
In the future, the corresponding development space reserved in application products will determine the sustainability of the development of colleges and universities. After the technology is modularized and then integrated into the equipment, it is no longer the patent of the software supplier, VPN vendors such as Huawei 3Com and Ice Peak networks support modularization, and, on the other hand, they also reduce the investment costs of high-end and diversified equipment.
Related Articles]
- Comparison of several Broadband Wireless Access Technologies
- Networking Analysis of Optical Networks in 3G Access transmission networks
- Shenzhen awarded the Technology Innovation Fund to support remote access technology enterprises