Wireless & VPN Infrastructure Upgrade Project

Jean-Ray and Khalil October 2017

Wireless and VPN Upgrade

Agenda

VPN upgrade Project Current and new infra

Wireless Upgrade Project Current and new infra

Getting Ready

VPN Project

Project Scope

The scope of the project is to upgrade the VPN client and change the authentication to Active Directory

Project Delivery: New VPN client Anyconnect Decommission the old VPN client Change the authentication to AD

VPN Project

Old VPN client New VPN client

Phase1 client upgrade

VPN Current & New Infrastructure

Remote CampusWireless

Staff

Consultant

Consultant

Remote

Staff

Consultant

Consultant

ActiveDirectoryDomainController ITTStaff

ActiveDirectory

uOttawa

uOttawa

VPNCurrentinfratsructure

NewVPNinfrastructureOtherneed

Wireless Project

Project Scope:

The scope of the project is to have one single SSID eduroam serving all the users on Campus

Project delivery: Decommission the following SSIDs:

uOttawa uOttawa-WPA

Change authentication to AD Setup Captive Portal

Current Wireless InfrauOttawaSSID

eduroamSSID

uOttawa-WPASSID

ActiveDirectoryDomainController

uOttawa

guOttawaSSID

Staff

Student

Guest

ActiveDirectory

OpenAccess

New Wireless Infra

eduroamSSID

ActiveDirectoryDomainController

uOttawa

ConferenceSSID

Staff

Student

Guest

ActiveDirectory

EmployeeAccess

StudentAccess

CaptivePortal

Conference

uOttawa

IT

OpenAccess

Getting Ready for the Change

Ensure all users / devices are using SSID Eduroam

Sponsored Accounts: Some accounts may be sponsored and use

credentials starting with X+number These accounts need to use their AD credentials Some of these accounts may not have AD. Can

request via Service Desk to have one created.Firewalls:

No server-side firewall rules for WPA/Eduroam should be created to secure access.

Use VPN layer on top of Eduroam, build f/w rules based on VPN subnets.