[Web4lib] VPN issues: excerpts from your responses

John Kupersmith jkup at jkup.net
Tue Jan 3 00:22:44 EST 2006 

Web4Lib and Usability4Lib subscribers
(with apologies for cross-posting and for this long message!) --

Recently I asked for comments on usability and user support aspects of 
using VPN for user authentication.  In the 8
responses (mostly from academic libraries), there were some recurring 
themes as indicated in the following excerpts:

CLIENT SOFTWARE ISSUES

"...the inconvenience of installing client software is still a major 
obstacle.  We would still prefer a proxy server solution."

"One aspect of proxy people really miss is the portability.  Our VPN is 
client-based, and users don't like that they have to download a client on a 
specific workstation, esp. those people who travel and don't use a personal
laptop."

"My, what a great way to set a break on the number of people likely to use 
your service."


USER SUPPORT ISSUES

"Our main issues have been user education."

"I don't think there have been significant usability issues.  What gets 
people confused is that you have to
login to your ISP and then login again to VPN."

"Because the primary reason our clients use VPN is to access Library 
resources, the Library has become the de facto support center."

"VPN is run by the campus IT department, which has caused some problems 
with providing quality customer service.  When a patron calls into their 
help desk with a problem accessing library resources, they usually transfer 
the person to the library.  Often, however, the problem is not with access 
to the resource but with the installation of VPN. We try and help them as 
much as possible, but we often have to send them back to ITS to get help 
with the installation.  This, as you can imagine, results in unhappy patrons."

"... overall we tend to get more questions [than before VPN replaced 
proxy], but we don't spend as long answering them.  When we had proxy, we'd 
sometimes spend a hour trying to figure out the problem and have people 
bring in laptops to do troubleshooting.  We don't tend to do that any 
longer, but we have to deal with users who have been bounced around a bit."

"[VPN] works perfectly when a researcher has a laptop that she/he uses at 
work as well as at home. This means that the operating system and all the 
programs are installed here at computing center. XP-firewall is turned off 
and anti-virus client is proper type.  Problems we have had are when a 
researcher installs VPN at home to her/his own computer. These machines can 
have home edition of the operating system installed (with professional 
editions VPN works better) or anti-virus program or firewall can try to 
prevent VPN-connection. These problem situations are very hard to solve 
when you must advise on the telephone."

"A great usability test ... would be to see if the average user could 
actually set the thing up."


PERFORMANCE ISSUES

"[VPN] slows up response times on individuals' computers."

"The major VPN problem we've had reported is slowness ... we do get chronic 
reports of slowdowns."

"Also, your database access may slow down because instead of authenticating 
1 or 2 IPs, their server has to do a lookup on possibly thousands of IPs 
before granting access."

"For some reason a person won't be able to get in even though I can get in 
using VPN and campus access is fine.  Usually the problem ends up resolving 
itself.  We've also had problems with firewalls and VPN, but to be honest 
I'm not sure the problems are much worse than the ones we had with proxy 
and firewalls."


MANAGEMENT/SECURITY/LICENSING ISSUES

"When you use a VPN, every machine gets it's own unique IP. I am assuming 
that your database providers know the current proxy IP and grant access to 
their databases because they verify that IP and allow access. If you change 
to VPN only, your database providers will then have to maintain a list or 
pool of allowable IPs. YOU will also have to maintain that IP list to give 
to your all of your database providers. When that IP pool changes, you will 
have to contact each database provider to update their list. Then they pass 
it to their IT people...."

"What's hard is that there are people who have a legitimate need to use VPN 
(e.g., need access to a lab's server) who we don't really want to give 
access to the online journals.  They end up getting access because the 
other need is legitimate ..."


FAVORABLE COMMENTS

"[Campus] Info Technology office provides the service.  We hear no 
complaints. I've only heard of a couple of requests re some technical 
glitch at the user end, each of which was quickly solved."

"We have had VPN for about 1 year.  It was set up and is run by our campus 
Information Technology Dept.  From the library aspect I believe it has been 
very helpful in providing off-campus access to library resources. ... It 
has also been useful in accessing our centralized file server space 
although that can sometimes be slower than on-campus access."

"Overall, I would say it's not the most usable solution, but it does have a 
reputation for being more secure than proxy."

"As I understand it all our VPN transactions are encrypted, so [users'] 
vendor communications have more
privacy than normal transactions from on-campus."

"We've tested VPN with videostreams, and at least our campus VPN servers 
have no problems with them."


SUCCESSFUL STRATEGIES

"We had proxy and VPN running simultaneously for a long time, and the final 
switch [to VPN] was pretty trouble free
(or I should say we didn't get a lot of complaints).  We did a lot of PR 
and directly emailed the people who were using proxy."

"After [the library documented] the actual number of client problems with 
the service, the IS department has improved the documentation and methods 
of getting VPN."

"One thing that's helped is that when someone sends in a comment using our 
website, we sniff for their IP addresses.  We know what IP range the VPN 
runs on, so if someone says "I've installed VPN and I can't access 
resources" and we see that they're not on the [campus] network, then we 
know they've either installed it incorrectly or forgotten to login.  That 
one small change in our forms has really helped us answer questions more 
accurately."


ALTERNATIVES

"Our library primarily uses Ezproxy for its flexibility.  A few resources 
allow us to post only a small range of IP numbers, and the VPN server is 
not necessarily covered, since it's in another part of the campus.  Ezproxy 
also does not require anything to be installed on the user's computer."

"Back in the (evil) old days when we had a proxy server, all our users had 
to do was slip the proxy url into the proper box in the Browser 
settings.  Needless to say, this was a support nightmare.  Then EZproxy 
came along and suddenly the desperate calls to the reference desk 
completely dropped off -- at least for this."

~~~~~~

Thanks to all who took part, and to any who have read this far.

--jk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   John Kupersmith        jkup at jkup.net        http://www.jkup.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   Reference Librarian                 http://www.lib.berkeley.edu
   Doe/Moffitt Libraries
   University of California, Berkeley
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the Web4lib mailing list