Deeply convinced to build university SSL platform

Resource sharing and telecommuting are one of the most important contributions of network to modern society. In colleges and universities with scientific research education as their duty, the important significance of various academic documents, teaching materials and frontier technology sharing is particularly prominent. The network environment of colleges and universities is a more special environment, because of the large capacity of intranet, it often compose the campus network with more complicated structure.　　The shared resources are often concentrated in the library of the University electronic database, as well as the use of Off-campus electronic database, the formation of the campus resource sharing pattern. As the pioneer of the domestic Water Conservancy research, the University of the campus network is also at the forefront of the information construction. As early as the emergence of network technology, university started to build a campus network based on each campus as the basic unit and data interchange, and to carry out the construction of school information.　　Set up the library of electronic stacks, office automation platform, such as a series of school applications, and the acquisition of a variety of periodical database resources to support the teachers and students of scientific research, teaching and management work. In order to guarantee the safe and stable operation of the application, the application platform and periodical database resources can only be used in the campus network at the beginning of construction, so as to avoid the threat of unsafe factors on the Internet. But in the course of use, University found that this approach, while providing security, has also set up a barrier: teachers who live outside school or teachers on business trips use telecommunications or unicom Internet lines to access the library's electronic stacks, periodical databases and the schools ' office automation platform.　　When teachers work in school these databases and office platform to give the help is very large, once inaccessible, caused by the inconvenience imaginable. Where is the safe extension road in recent years, the application of VPN as the security extension of the mobile point Network is more and more common, university the solution to the security virtual private network construction technology when receiving the feedback of the teacher's remote access demand. Today's VPN technology is diverse, in terms of network level, there are SSL VPN, IPSEC VPN, PPTP, L2TP and many other VPN technology.　　But from the use of convenience, stability, functional diversity considerations, SSL VPN is undoubtedly a best choice. The convenience of use should be considered as a teacher. IPSec VPN, PPTP, L2TP three kinds of VPN in the user's use, all need to pass the way of client dialing, also need to make more cumbersome configuration.　　Not only will increase the IT staff management and maintenance workload, more important is to increase the difficulty of the teachers to start, not easy to promote. SSL VPN, the technology based on application layer implementation, relies on the SSL VPN protocol embedded in the browser, without installing client software and configuration. When the teacher login SSL VPN, just as the daily login network, like silver, mailbox, open the browser to access the SSL VPN login page, complete password authentication and other identity verification, you can successfully login, after the use of the same as in the campus visit. Such a VPNThe establishment method is very suitable for the teachers ' daily usage of the Internet, which is very convenient both in use and promotion. SSL VPN to help campus network security extension through the integration of SSL VPN construction scheme, and refer to the other brothers and universities remote access platform, the final university chose to believe in gigabit high-end SSL VPN. The SSL VPN is deployed in a single arm mode on the core switch, and the Office automation Platform, library resources and periodical database resources are released to the Internet security.　　Teachers at home or on business can access the SSL VPN directly using the Internet line, accessing the resources released through the SSL VPN. University the original personnel database server, RADIUS server, in order to ensure the unified management of user accounts, to avoid the need to memorize multiple sets of account password trouble, in the building of SSL VPN platform with the RADIUS linkage, personnel database server linkage of the way to set user authentication. At the same time, using the soft keyboard, graphics check code, password need to include digital letters and other security policies to enhance the security of authentication.　　In the guarantee of the security intensity of the access host, the user's operating system version and patch are stipulated through the Client Security check policy, which avoids the vulnerability of the host to the security protection of the door resources. University through this SSL VPN platform construction, the convenient realization Campus network security extension. After more than a year of practical use, teachers generally respond to the use of a good situation, greatly facilitate the work outside the school.