Process for requesting a VPN account for vendor access to campus systems
Vendors frequently require access to campus servers for performing various services. We require such vendors to use the SURA VPN Client, for a variety of reasons:
- To ensure traffic to campus resources are encrypted
- To restrict vendor access to only services they require
- To better understand external support relationships
Vendors are assigned a specific, IP address, which allows their access to be regulated by internal firewalls. Vendors are allowed one account by default and that account is for use by one person. In special circumstances, a second VPN account and IP address may be allowed, but IP space is limited. Note that vendor accounts are created within Active Directory but do not have any associated AD resources. Sometimes when a vendor connects to the SU VPN, they may receive LDAP or some other communication error. Most of those errors are normal and can be disregarded. Please make sure to test the correct connection before reporting errors or problems.
In order to track and review all of the changes and access for Vendor VPN accounts, requests will now be handled in Orange Tracker OT.
Open Orange Tracker and log in. Once you are logged in you can either search for the key VVAR or for the project Vendor VPN Account Request.
Click on Create to open a new ticket and enter all of the below fields:
NOTE: Please create a ticket for each request.
All account requests should be completed within 3 business days. If you don't hear back by this time frame, please send a reminder.
Project: Vendor VPN Account Request (VVAR)
Issue Type: Service Request
Summary: Account can only be used by one (1) individual
If more than one (1) individual is going to need access please request an additional account
Priority: Normal priority for all requests
Due Date: Not required
Component/s: This field is for ITS Security
Assignee:
Reporter:
Vendor name: Company name
Vendor Contact: Vendor contact name, phone number, email; should be person using account
Lifetime of Account: If less than six months, otherwise all accounts will be reviewed and audited every six months
Destination IP: Destination IP or subnet (For multiple, separate by comma. If 'any,' 'unknown,' or 'N/A' please give context in the description field below)
Port/Service: Port/Service (For multiple, separate by comma. If 'any,' 'unknown,' or 'N/A' please give context in the description field below)
Contact Information: Campus contact name, phone number, email; this is normally the person making the request
Justification: Why they need to have access
Description: Additional information or context for this request
Vendor VPN Username: ITS Information Security will complete this
Vendor VPN IP: ITS Information Security will complete this
- Once the account is created and the VPN firewall configured, we will return the following information:
- The account name and password
- The SU IP address, which is not usually needed by the Vendor
- The more information the better to expedite requests.
Please plan enough time for your projects to allow requests to be processed.